Friday, January 28, 2011

NISTIR 7628 Conference Coming to the University of Maryland

When NIST held its most recent 7628 community outreach session in Boston at few weeks ago, it was snowing (big surprise!) and that made it hard for speakers and participants alike to get there. Nevertheless, for the hardy few who made it, NIST CSWG Vice Chair Alan Greenberg and company made it a thoroughly educational (and even somewhat entertaining) experience.

For those of a more mid-Atlantic persuasion, the show is coming to Baltimore on February 15.  The session is open to anyone, though registration is required.

All the info you need can be found HERE.
Posted by at 10:51 AM
Labels: , ,

Tuesday, January 25, 2011

NERC CIPS: Latest Updates on Versions 4 and 5 ... and some Sympathy for the Folks Building Them

A few weeks ago I attempted to impart some wisdom on the status of the CIPs. (It remains to be seen whether that was smart.) Now the "Insecurity Culture" blog has an excellent new post, linking you (once you register) to two "open letters" describing in some detail how and why the CIPs are being made.

And while analysts and others grumble about the sporadic output of the Standards Development Team (SDT), the (probably) too many committees, and the cumbersome and confusing approval process, these letters paint a fuller picture of what's really going on. For example:
There are people who think the SDT is a bunch of regulators run amuck, dreaming up one new standard after another just to preserve their jobs. This might be a good criticism, were it not that a) the SDT members are all employees of NERC entities, b) that they aren’t paid for their SDT work, and c) that they all have full-time day jobs they have to do as well .... So why are they starting now to develop a new CIP version that will be a complete revision of the former versions (and thus far more work than even Version 4 was)? The reason is simple: They have to ....
I liked that account, and after reading this stuff all the way though, I'm pretty excited to track the SDT's progress with the ambitious Version 5. And amazed to think how much work utilities have ahead of them to meet the Version 4 requirements deadline. Follow this LINK to the post and look for the cowboy hat.
Posted by at 7:50 PM
Labels: , , ,

Smart Grid Security at the Biggest US Electric Utility and Cyber Security Conferences coming up in February

In the last post of 2010 (HERE), I listed 3 conferences in 2011 that would focus exclusively on Smart Grid security topics. One thing I omitted, though, was that Smart Grid security is becoming an increasingly big draw at much larger conferences and expo's. Two of the biggest - one for electric utilities and the other for cyber security professionals - are coming up in February, both are in California (thank goodness), and both feature panels comprised of experts you (should) already know.

Here are the details for each:

Distributech 2011 in San Diego (Electricity)

Date/Time/Venue/Session: 2/2/2011, 9:30AM, Room 1B, Session #3A
Speakers and topics:
  • IBM's Jeff Katz on "Dealing with Smart Grid Insecurities"
  • Enernex's Sandy Bacik on "Developing Application Security Test Plans"
  • Umesh Singh of GE Digital Energy on "Smart Grid Software Security"

RSA 2011 in San Francisco (Security)

Date/TimeVenue/Session: 2/16/2011, 10:00 AM, Orange room 309, Session PNG-202
Session Title: Securing the Smart Grid

Moderator: Sam Curry, CTO, RSA (EMC)
Panelists:
  • Gib Sorebo, SAIC
  • Mike Echols, Salt River Project
  • Heath Thompson, Landis & Gyr

If you'd like to do both, it's a (relatively) quick 500-mile drive on Route 5 North,  though 101 along the coast would have much better scenery.


Posted by at 12:38 PM
Labels: ,

Recent Q&A on Smart Grid Security and Life Continuing Nicely through 2011


In case you don't come across it via other means, HERE's a recent Q&A session I just did on the past, present and near-term future of the Smart Grid from a cyber security perspective.

Here's the part that led to the title of the piece:
2010 saw a very single-minded Stuxnet penetrate, but not disrupt, many enterprises with industrial equipment, including the military and utilities. More broadly aimed variants of Stuxnet may in the works, or in the wild already. But I don't necessary forecast extraordinary trouble, as the promulgation of fear, uncertainty and doubt (FUD) doesn't help anyone. Some security professionals like to put folks into fetal positions with scare stories. But I prefer to remember what my broker tells his clients during downturns, "generally speaking, the world doesn't end."
Special thanks to Larry Karisny at Project Safety.org

Alarming image credit: andrewsrj on Flickr.com



Posted by at 10:30 AM
Labels: , , ,

Tuesday, January 18, 2011

Smart Meter Health Fears Allayed ... thanks to Science !!!


In early December 2010 I wrote a piece on how groups were forming on both coasts to fight the deployment of Smart Meters in their regions titled Smart Meter Resistance Movements. As you  can probably tell, as a staunch anti-FUD spreader, I'm not a big fan of these hysteria spouting folks. Today, the verdict is in, and I offer you an antidote to one of their principle contentions.

The non profit California Council on Science and Technology, an organization "designed to offer expert advice to the state government and to recommend solutions to science and technology-related policy issues" has just released a report weighing in on the "Smart Meters give you brain cancer" debate.

And they did so rather decisively. As their just released study revealed:
Wireless smart meters, when installed and properly maintained, result in much smaller levels of radio frequency (RF) exposure than many existing common household electronic devices, particularly cell phones and microwave ovens.
I saw this first on SmartGridNews which covered it HERE.  Or you can go directly to the CCS&T report by clicking HERE.

You can still argue privacy. One can (and should) quite reasonably voice concerns over security. And maybe the economic advantages haven't proven themselves yet, at least from the individual home owner's perspective. But as regards the purported threat from RF emissions, I think we can all sleep well now. That claim's been put to bed.

Photo credit: Sam Howzit on Flickr.com
Posted by at 5:40 PM
Labels: ,

Friday, January 14, 2011

FERC Finalizes Agenda for Tech Conference on Smart Grid Interoperability Standards


As noted earlier this week on this blog, FERC has invited its commissioners to an immersive afternoon on Smart Grid interoperability and security standards development, past, present, and future. Now FERC has finalized its agenda and named the panelists who'll be attending.

Following an introduction by NIST's Smart Grid Interoperability Coordinator, George Arnold, will be 2 90-minute sessions:
  1. The Smart Grid Interoperability Standards Process for Reviewing and Selecting the First Five Families of Standards, and
  2. The Smart Grid Interoperability Standards Development and Identification Process Going Forward
Key logistical details are:
  • It's open to the public, so you can go if you want to, and if there's room, attend this event in person at FERC HQ in DC
  • If you can't make it or don't want to, a free live webcast will be available here
  • Lastly, they indicate that the conference will be archived for 3 months
Here's the latest dispatch from FERC with all the info.

Photo credit: hydroreform on Flickr.com
Posted by at 12:17 PM
Labels: , ,

Wednesday, January 12, 2011

Webcast Alert: Smart Grid Security Blanket


This one looks like a good one, hosted by Jesse Berst's SmartGridNews and featuring experts from Duke Energy and Accenture. I'll be tuned in, and recommend you attend too if you can.

Date: 27 Jan 2011
Time: 4 pm ET
Click HERE for more details and HERE to register.

Image credit: Charles M. Schulz
Posted by at 12:05 PM
Labels: ,
Subscribe to: Posts (Atom)