Slide 1

Securing the Smart GridAll Is Not Quiet on the Digital Front

Richard Clarke on why the U.S. isdangerously ill prepared to defend us from a cyberwar.by Jessica Ramirez April 21, 2010

Richard Clarke, the former federal anti-terrorism czar was quoted as saying, "The U.S. government, [National Security Administration], and military have tried to access the power grid's control systems from the public Internet.They've been able to do it every time they have tried......Even the Chinesemilitary has talked publicly about how they would attack the U.S. power gridin a war and cause cascading failures.".

June 2, 2010 By Larry Karisny

Vint Serf "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."Smart Grid Security, Ground Zero for Cyber Security

Security Pros Question Deployment of Smart Meters By Kim Zetter Email Author March 4, 2010 |

The cost factor here is whats turned on its head. We lose control of our grid, thats far worse than a botnet taking over my home PC, said Matthew Carpenter, senior security analyst of InGuardian.

December 8, 2010 By Larry Karisny

Bob Lockhart is an industry analyst with Pike Research, which just released a study of smart-grid security.We security experts call Stuxnet state-of-the-art because we arrogantly think we know everything thats happening, but we dont. The Stuxnet code and attack could be three years old -- thats two iterations of Moores Law. If true, then things probably have already gotten much worse than we understand. Were just blissfully ignorant of how bad.

Who Owns Smart-Grid Security?

January 24, 2011 By Larry Karisny

An interview with Andy Bochman, energy security lead IBM Software Group/Rational, and editor of the Smart Grid Security Blog.Smart Grid Security: Generally Speaking, the World Doesn't End

The grid is so large and so complex that it doesn't take a Nostradamus to predict successful attacks on it in any coming year, especially as one of the primary enablers of new smart grid functionality involves massively interconnecting systems that were previously protected, at least in part, by their isolation.

National Security Agency, and commander of the new US Cyber Command, General Keith Alexander. If you think of our nation, our financial system, our power grids all of that resides on the network. All of them are vulnerable to an attack like that. Shutting down that network would cripple our financial systems.

Deputy Secretary of Defense William Lynn wrote in a recent issue of Foreign Affairs that some 100 foreign intelligence organizations are trying to hack into the digital networks that undergird US military operations and that some already have the capacity to disrupt US information systems.

Homeland Security Secretary Janet Napolitano said Cyberspace is fundamentally a civilian space, and government has a role to help protect it.

Scientists Decry Cyberwar as Governments RespondFriday, January 21, 2011Contributed By:Dan Dieterle

Why the Demand Sideof the Smart Grid first?

Smart Grid Network Topology

The first of 13 pages of awarded smart meter grantsWill security issues stifle smart grid investment?

November 18, 2010 at 4:47 PM by Larry Karisny

With billions of dollars of public and private smart grid investment in place and billions more in forecasted network hardware and software shipments, will enthusiasm for the smart grid be dampened by security concerns? Current smart meter deployment trends and reported security breaches point towards that possibility. A recent Pike Research report entitled Smart Grid: 10 Trends to Watch 2011 and Beyond maintains that security will become the top smart grid concern.

Too Much to Gain to Stop the Smart Grid

Smart Grid Security a Start of a Big Opportunity

TransportationUtilitiesCritical InfrastructurePower GridCity ServicesPublic SafetyA Whole New Security Industry is Started

A lot of networks connecting to networksPower Grid Networks and Data Collect is Different

What's a SCADA?

Securing Specialized Legacy

Lots of guidelines and oversight

Wi-Fi Alliance fires back at GE endorsement of ZigBeeDecember 21, 2010 | Iris Kuo

Earlier this month, GE officially endorsed ZigBee as the wireless standard of choice for smart appliances in a white paper, but the Wi-Fi guys arent having any of it.

The Wi-Fi Alliance released a statement yesterday denouncing the white paper as flawed and inaccurate. Though their response isnt exactly a surprise, their counterargument merit a look.Private Sector Disagreement on Smart Grid Security

Public Sector Disagreement on Smart Grid SecurityCybersecurityGAO finds critical shortfalls in cyber security guidelines for smart grid

Published 19 January 2011

The GAO issued a report that found critical shortfalls in the proposed guidelines for modernizing the smart grid; the proposed guidelines, released by NIST and the FERC, contained several shortcomings that would leave the nations security grid vulnerable to cyber attack; "missing pieces" in the guideline include a lack of metrics to evaluate cyber security, no enforcement mechanisms, and no coordination of disjointed oversight bodies; NIST and FERC agreed with the findings and is moving to address them in their next set of guidelines

Three directions in network security

Carrier Layered SecurityLayer 2 SecurityEmbedded SecurityGrid Net Layered Security Platform

Following the Standards

Grid Net Layered Security ModelMulti-level, multi-layer security: key features

1. Meter energizes, self-authenticates * Device security via EAP/TLS, IPSec, IKE, unique digital signature, and hardware-enforced code signing * WiMAX PKMv2 (EAP/TLS over RADIUS) * X.509 Certificate, PKI system, and AAA Server 2. Meter authenticated, authorized by 4G broadband network * EAP-based authentication * AES-CCM-based authenticated encryption * CMAC and HMAC based control message protection schemes 3. Meter authenticated, authorized by PolicyNet * Identity and AAA Services (ITU, IETF) * Certificate Authority w PKI * AAA Server (RADIUS, EAP/TLS) 4. Secure Smart Grid system connection established 5. End-to-end data encryption and transmission * Cipher Block Chaining Message Authentication Code Protocol (CCMP) * IPSEC/GRE, TLS, GMPLS * Traffic Engineering: DiffServ, RSVP

Carrier Agnostic Security

LegacyMilitary Grade Layer 2 EncryptionSecuring wireless Local Area Network interconnections with Layer 2 encryptionBy

Juan AsenjoThales e-Security

Enabling military and civilian government operations to dynamically interconnect Local Area Networks (LANs), wireless technologies are a lifesaver in environments where wired connections are cost-prohibitive or just not practical. However, transmitting sensitive information over the airwaves presents security challenges including passive attacks and active attacks. Enter Layer 2 encryption, which can effectively thwart these security challenges. (U.S. Air Force photo by Senior Airman Julianne Showalter)

The Advantages of Layer 2 Encryption Layer 2 encryption is the industrys first Wireless Firewall. Like a firewall, it supports policy filters to control what services users can access on a network and provide an audit trail. It protects data in-transit for WiFi, WiMax, Mesh, 3G, 4G, Zigbee or LANs

Like a VPN, it provides encrypted network access for users via a client

Better than a firewall or a VPN because it is Layer-2, with performance and simplicity advantages over IPsec or SSL

FIPS 140-2 certified strong AES encryption

Offers best-of-breed wireless security: strong encryption, authentication and access Control comparable to WPA2-Enterprise, even on legacy WiFi with no security or weak security like WEP

Makes the network unsniffable.

Improves any network topology by adding blanket end-to-end encryption

Embedded Security

Embedded device security is designed to secure all aspects of any connected device, computer or service. They are built on a common architecture and share a common cryptographic code base.

* Minimal latency * Low power consumption * Low memory * Minimal code size * Suitable for both hardware and software * Authenticated Encryption * Single key for both encryption and authentication * Word based (16-bit) Embedded Security, Securing Internet Things

Smart Grid Security is Just Starting with a Long Road Ahead

Secure as you goDid we forget the Power Company?

Smart Grid Security ConclusionsFind your security problems before they find you.Address most crucial security issues first.Do grid upgrades adding security as you go.Use what works now with a path to future proofing.Agency guidelines are just that guidelines.Certifications are good but bring in house and test.Look for high end but simple security solutionsBring in security professionals and shut the doorSmart Grid Security will be soon know as the best in securityQuestion and CommentsLarry Karisnylkarisny@projectsafety.org