Thursday, July 9, 2009

Danahy on Smart Grid Security in Government Computer News

As power controls take on characteristics more akin to cyber systems, the numbers and types of threats go through the roof. This article in GCN makes the case that FERC's current Critical Infrastructure Protection (CIP) standards and audit practices may be ill-suited to ensure protection of an increasingly Internet-like power grid.

Here's Jack's 2 cents in context:
But some security experts say the standards do not go far enough. The technology of the electric grid was designed with the expectation that it would be a private network rather than an interconnected IP-addressable system, and the security standards focus largely on reliability rather than network integrity.
“I don’t think in today’s world that is even close to being adequate security,” said Jack Danahy, chief technology officer of Ounce Labs. “There has to be a more expansive understanding of what security means.”
The cyber security of the power system is taking on more urgency with development of a new interactive smart grid and recent reports that hackers have compromised the current grid.

No comments: