Posts Tagged ‘smart-grid’

« Older Entries

Imagining Cyber-Warfare

Sunday, July 11th, 2010

A new class of warfare is on the horizon. Governments worldwide are scrambling to prepare for the possibility of conflict in the “fifth domain” – cyberspace. Will World War III take place on the internet? The possibility is being explored, as documented in  a new article from The Economist.

But how to prepare for a war waged in the digital realm? And what are the stakes? As more and more of the world’s infrastructures are given access points on the web, the possibility of collateral damage inflicted by electronic attacks becomes increasingly real. Of particular concern is the security of the smart grid systems that will one day encompass our electrical networks. Opinions vary on the vulnerability of SCADA systems (networks that regulate industrial systems like power plants), however the consensus is that serious risks are present.

The future of cyber-warfare is uncertain, yet it will undoubtedly present myriad new challenges for peacekeepers such as NATO and governments themselves.

Tags: , , , , ,
Posted in Uncategorized | No Comments »

New Smart Grid Security Draft Released

Thursday, July 1st, 2010

The Advanced Metering Infrastructure Security (AMI-SEC) Task Force has released the second draft of the Security Profile for Advanced Metering Infrastructure for public download. Available in PDF format, the document provides guidance for implementing security within a number of smart grid functionalities–including home area network interfaces and meter data management systems–to organizations that are currently developing AMI solutions.

The full PDF is available here.

Tags: , , , ,
Posted in Uncategorized | No Comments »

Billions Slated for Smart Grid Security

Tuesday, June 29th, 2010

With the U.S.–and other nations around the globe–transitioning their electrical systems to networked, smart grid technology, a new report estimates that smart grid security is poised to become a multi-billion dollar industry. According to CNET News, the report–recently released by Pike Research–predicts that between now and 2015, North America will spend $1.5 billion–followed closely by Asia Pacific at $1.2 billion and Europe at $784 million–on smart grid security. Total global spending is expected to reach $21 billion over the next five years.

It is estimated that 15 percent of total investments in the grid will be for cybersecurity, as governments develop security protocols to ward off the possibilities of sabotage. We’ve previously posted about the existing vulnerabilities in the millions of smart meters already in use across the United States and the concern among experts that, in a rush to take advantage of federal stimulus money, the 60 million smart meters being deployed in the U.S. this year alone could be critically under-secured.

The report also identifies five major areas in which smart grid security issues may arise: “transmission upgrades, substation automation, distribution automation, electric vehicle management systems, and advanced metering infrastructure.”

Tags: , ,
Posted in Uncategorized | 1 Comment »

Nice Work if You Can Get It: Security Retrofit for 800 Million Smart Meters?

Sunday, June 20th, 2010

CNET News has published a comprehensive report on the state of smart grid security. In it, they detail the growing concerns among security experts that smart meter technology is being rapidly expanded around the world without the built-in security considerations necessary to protect the utility infrastructure — and the people connected to it — from serious cyber-crime.

According to the CNET report, the vulnerabilities in today’s smart meters could allow for a number of malicious attacks, including the theft of private consumer data, the disruption of power to specific buildings, and even the targeted outage of entire utility grids. Many experts quoted in the article believe that US smart meter manufacturers and utility companies are treating security as an afterthought in order to quickly take advantage of Federal stimulus money.

There are about 250 active smart-metering projects worldwide, with about 49 million meters already installed and 800 million planned for installation…. Projects in the U.S. are being accelerated because of the $3.4 billion in stimulus funds set aside for smart-grid technologies. About 60 million smart meters will be deployed in the U.S. this year, covering about half of households…. Security appears to be a casualty of this haste….

“Since there is no federal mandate as to how much security to have in the meters, there aren’t the right motivation factors for security to be a major factor…It’s an afterthought.”

According to one expert, “Prominently missing are signed and encrypted firmware, secure (smart card) chips for key storage, unique cryptographic keys, and physical tamper protection.”

We’ve previously discussed the growing concern surrounding the security weaknesses in today’s smart grid technology. In addition, we recently reported on the 60 Minutes investigation into the malicious hacks that have already hit the nation’s critical infrastructures.

Tags: , , , , , , , ,
Posted in Uncategorized | 1 Comment »

60 MINUTES: Devices Controlling National Infrastructure Have Already Been Hacked

Sunday, June 13th, 2010

In a comprehensive investigation into the vulnerabilities of US critical systems, (including financial, utility and military infrastructures), 60 Minutes recently reported that some of the country’s top security experts believe the US to be unprepared for the serious threats posed by targeted cyber attacks.

60 Minutes correspondent Steve Kroft spoke with retired Admiral Mike McConnell who, as former chief of national intelligence,  oversaw the National Security Agency, the Defense Intelligence Agency, and the Central Intelligence Agency.

“If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker,” McConnell explained.

“Do you believe our adversaries have the capability of bringing down a power grid?” Kroft asked.

“I do,” McConnell replied.

Asked if the U.S. is prepared for such an attack, McConnell told Kroft, “No. The United States is not prepared for such an attack.”

In addition to the potential for an attack on the utilities infrastructure, the report also discusses in-depth the current vulnerabilities of the banking and financial system, as well as military and defense computer networks, all of which are reported to be unprepared for or under-secured against the threats of hackers and international cyber attacks.

Tags: , , , , , , , ,
Posted in Uncategorized | 2 Comments »

Depsite IT, Industrial and Utility Security Still Weak

Monday, May 17th, 2010

In a comprehensive interview with CNET News, security expert Joe Weiss — an authority on cybersecurity in the industrial and utilities industries — discusses the ongoing disconnect between IT security and the world of critical infrastructure. (A subject we’ve discussed before).

With formerly analog, “offline” industrial and utility systems becoming increasingly networked — such as the “Smart Grid” — IT solutions are often being applied for security. And, according to Weiss, this is part of the problem.

As reported on CNET,

The IT community views control systems as just another computer. A control system is two pieces–the human machine interface, the screens people see in the control room, which are now moving toward Windows, Unix and Linux. These systems also use TCP/IP. So people look at this and say “Aha! That’s IT. I know this.” What they don’t see are all of the devices in the field that sense, measure, control,and monitor physical processes. These devices don’t look like a computer and don’t use Windows. They use either proprietary real-time operating systems systems or fully embedded systems. There is no security at this level even though this where you go “boom in the night.” What IT sees is the engineer sitting in front of a Windows workstation and they say “I know that.”

He also warns that the existing vulnerabilities within the utility and industrial control infrastructures are already being exploited:

There are people who are starting to believe control system cyber is real, but it is still a small fraction. All I have are facts and physics. I’ve got an incident database with over 170 control system cyber incidents worldwide. Unfortunately, most incidents are not public. CERT (Computer Emergency Response Teams) and other IT security monitoring organizations are not designed to collect information for control systems. There is an unfortunate tendency to simply want to declare victory. The Department of Energy and the Department of Homeland Security both have work ongoing in this field. But neither has connected the dots on incidents that have actually happened to identify relevant R&D.

Tags: , , , , , ,
Posted in Uncategorized | No Comments »

House Votes to Secure Energy Grid

Monday, May 3rd, 2010

In a unanimous vote before the House Energy and Commerce Committee, legislators have passed the Grid Reliability and Infrastructure Defense (GRID) Act as a preemptive measure against cyber-terrorist attacks. Beginning with an analysis of potential weaknesses, the Federal Energy Regulatory Commission is charged with the task of securing the United States’ energy systems.

Representative Ed Markey (D-Mass.), the bill’s co-sponsor, emphasized the vulnerability of the electrical grid as a major threat to our most essential infrastructures. “Every one of our nation’s critical systems – water, healthcare, telecommunications, transportation, law enforcement, financial services – depends on the grid.”

Tags: , , , ,
Posted in Uncategorized | No Comments »

Major Security Flaws Found in Smart Meters

Tuesday, March 30th, 2010

pic1-41We’ve previously discussed (here, here and here) the growing concern among security experts about the current state of Smart Grid cybersecurity. Given the ongoing, rapid rollout of network-connected utility technology around the country, more and more of these critical security issues are showing up all the time.

According to a recent AP article, a researcher hired by multiple utility companies has found the security features of current Smart Grid electricity meters–8 million of which have already been deployed in the US–to be seriously lagging behind current standards for wireless technology.

One of the most alarming findings involved a weakness in a communications standard used by the new meters to talk to utilities’ computers.

[Security Analyst Drew] Wright found that hackers could exploit the weakness to break into meters remotely, which would be a key step for shutting down someone’s power. Or someone could impersonate meters to the power company, to inflate victims’ bills or lower his own. A criminal could even sneak into the utilities’ computer networks to steal data or stage bigger attacks on the grid.

Wright said similar vulnerabilities used to be common in wireless Internet networking equipment, but have vanished with an emphasis on better security.

For instance, the meters encrypt their data — scrambling the information to hide it from outsiders. But the digital “keys” needed to unlock the encryption were stored on data-routing equipment known as access points that many meters relay data to. Stealing the keys lets an attacker eavesdrop on all communication between meters and that access point, so the keys instead should be kept on computers deep inside the utilities’ networks, where they would be safer.

“That lesson seems to be lost on these meter vendors,”…. That speaks to the “relative immaturity” of the meter technology….

Tags: , ,
Posted in Uncategorized | 1 Comment »

Experts Warn of Smart Grid Security Weakness

Monday, March 8th, 2010

pic4-38A recent article on Wired.com reports that, with Smart Grid utility technologies being implemented at a rapid rate, experts are concerned that the cybersecurity of these systems is seriously lagging.

…[S]ecurity research on the systems is lagging behind the deployment of smart meters, which has already occurred in some places in the United States. PG&E [Pacific Gas & Electric] is in the lead with 5 million gas and electric smart meters deployed since 2006, which represents about half of its customer base. PG&E expects to deploy an additional 5 million smart meters by 2012.

According to one researcher,

…[T]he most common vulnerability…is susceptibility to “cross-site request forgery” on the control systems…. Cross-site request forgery allows an attacker to hijack an authentication cookie stored in a user’s browser — to authenticate him, for example, to his bank or, in this case, a utility control system — and obtain access to the system as that user.

Security experts also warn that the electronic remote-shutoff function–present in most smart meters, allowing utility companies to remotely shut-down electric service–should be completely disabled until smart grid cybersecurity solutions are more thoroughly understood and implemented.

However, according to the Wired.com article, of PG&E’s 2.5 million currently deployed electricity smart meters, only approximately 300,000 have had their remote-shutoff switches disabled. This leaves nearly 2.2 million deployed smart meters capable of remote shutoff.

Tags: , ,
Posted in Uncategorized | 3 Comments »

Smart Grid Security Spending to Jump to $3.7B

Monday, February 15th, 2010

pic6-35While the transition to the Smart Grid utility infrastructure promises advances in efficiency and connectivity, it also brings with it increased vulnerability to cyberattacks. According to a recent article on Smartplanet.com, for utility companies, this means more spending on cybersecurity solutions.

According to Pike Research, no government, utility or infrastructure vendor wants to be viewed as the weak link in the smart grid chain. As a result of those fears, vendors specializing in smart grid cybersecurity will see revenue jump from $1.2 billion in 2009 to $3.7 billion by 2015.

Between 2010 to 2015, Pike Research estimates that $21 billion will be spent on global smart grid cybersecurity deployments. [...]

Mocana’s smart grid offering stands to benefit from the increased spending.  Other key players identified by Pike include: Accenture, BAE Systems, Boeing, Certicom, Cisco, Electric Power Research Institute, IBM, Idaho/Sandia National Labs, Industrial Defender, InGuardians, IOActive, Lockheed Martin, N-Dimension, Northrop Grumman, Raytheon, SAIC, Subnet Solutions, Waterfall Security and Wurldtech.

Tags: ,
Posted in Uncategorized | No Comments »

« Older Entries