Securing the Smart Grid

All Is Not Quiet on the Digital Front

Richard Clarke on why the U.S. isdangerously ill prepared to defend us from a cyberwar.by Jessica Ramirez April 21, 2010

Richard Clarke, the former federal anti-terrorism czar was quoted as saying, "The U.S. government, [National Security Administration], and military have tried to access the power grid's control systems from the public Internet.They've been able to do it every time they have tried......Even the Chinesemilitary has talked publicly about how they would attack the U.S. power gridin a war and cause cascading failures.".

June 2, 2010 By Larry Karisny

Vint Serf "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."

Smart Grid Security, Ground Zero for Cyber Security

Security Pros Question Deployment of Smart Meters

By Kim Zetter Email Author March 4, 2010 |

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian.

December 8, 2010 By Larry Karisny

Bob Lockhart is an industry analyst with Pike Research, which just released a study of smart-grid security.

“We security experts call Stuxnet state-of-the-art because we arrogantly think we know everything that’s happening, but we don’t. The Stuxnet code and attack could be three years old -- that’s two iterations of Moore’s Law. If true, then things probably have already gotten much worse than we understand. We’re just blissfully ignorant of how bad.”

Who Owns Smart-Grid Security?

January 24, 2011 By Larry Karisny

An interview with Andy Bochman, energy security lead IBM Software Group/Rational, and editor of the Smart Grid Security Blog.

Smart Grid Security: Generally Speaking, the World Doesn't End

“The grid is so large and so complex that it doesn't take a Nostradamus to predict successful attacks on it in any coming year, especially as one of the primary enablers of new smart grid functionality involves massively interconnecting systems that were previously protected, at least in part, by their isolation.”

National Security Agency, and commander of the new US Cyber Command, General Keith Alexander. “If you think of our nation, our financial system, our power grids – all of that resides on the network. All of them are vulnerable to an attack like that. Shutting down that network would cripple our financial systems.”

Deputy Secretary of Defense William Lynn wrote in a recent issue of Foreign Affairs that some “100 foreign intelligence organizations are trying to hack into the digital networks that undergird US military operations” and that some “already have the capacity to disrupt US information systems.”

Homeland Security Secretary Janet Napolitano said “Cyberspace is fundamentally a civilian space, and government has a role to help protect it.”

Scientists Decry Cyberwar as Governments RespondFriday, January 21, 2011Contributed By:Dan Dieterle

Why the Demand Sideof the Smart Grid first?

Smart Grid Network Topology

The first of 13 pages of awarded smart meter grants

Will security issues stifle smart grid investment?

November 18, 2010 at 4:47 PM by Larry Karisny

With billions of dollars of public and private smart grid investment in place and billions more in forecasted network hardware and software shipments, will enthusiasm for the smart grid be dampened by security concerns? Current smart meter deployment trends and reported security breaches point towards that possibility. A recent Pike Research report entitled “Smart Grid: 10 Trends to Watch 2011 and Beyond” maintains that “security will become the top smart grid concern”.

Too Much to Gain to Stop the Smart Grid

Smart Grid Security a Start of a Big Opportunity

Transportation Utilities Critical Infrastructure

Power Grid City Services Public Safety

A Whole New Security Industry is Started

A lot of networks connecting to networks

Power Grid Networks and Data Collect is Different

What's a SCADA?

Securing Specialized Legacy

Lots of guidelines and oversight

Wi-Fi Alliance fires back at GE endorsement of ZigBeeDecember 21, 2010 | Iris Kuo

Earlier this month, GE officially endorsed ZigBee as the wireless standard of choice for smart appliances in a white paper, but the Wi-Fi guys aren’t having any of it.

The Wi-Fi Alliance released a statement yesterday denouncing the white paper as “flawed” and “inaccurate.” Though their response isn’t exactly a surprise, their counterargument merit a look.

Private Sector Disagreement on Smart Grid Security

Public Sector Disagreement on Smart Grid Security

CybersecurityGAO finds critical shortfalls in cyber security guidelines for smart grid

Published 19 January 2011

The GAO issued a report that found critical shortfalls in the proposed guidelines for modernizing the smart grid; the proposed guidelines, released by NIST and the FERC, contained several shortcomings that would leave the nation’s security grid vulnerable to cyber attack; "missing pieces" in the guideline include a lack of metrics to evaluate cyber security, no enforcement mechanisms, and no coordination of disjointed oversight bodies; NIST and FERC agreed with the findings and is moving to address them in their next set of guidelines

Three directions in network security

Carrier Layered Security Layer 2 Security Embedded Security

Grid Net Layered Security Platform

Following the Standards

Grid Net Layered Security Model

Multi-level, multi-layer security: key features

1. Meter energizes, self-authenticates * Device security via EAP/TLS, IPSec, IKE, unique digital signature, and hardware-enforced code signing * WiMAX PKMv2 (EAP/TLS over RADIUS) * X.509 Certificate, PKI system, and AAA Server 2. Meter authenticated, authorized by 4G broadband network * EAP-based authentication * AES-CCM-based authenticated encryption * CMAC and HMAC based control message protection schemes 3. Meter authenticated, authorized by PolicyNet * Identity and AAA Services (ITU, IETF) * Certificate Authority w PKI * AAA Server (RADIUS, EAP/TLS) 4. Secure Smart Grid system connection established 5. End-to-end data encryption and transmission * Cipher Block Chaining Message Authentication Code Protocol (CCMP) * IPSEC/GRE, TLS, GMPLS * Traffic Engineering: DiffServ, RSVP

Carrier Agnostic Security

Legacy

Military Grade Layer 2 Encryption

Securing wireless Local Area Network interconnections with Layer 2 encryptionBy

Juan AsenjoThales e-Security

Enabling military and civilian government operations to dynamically interconnect Local Area Networks (LANs), wireless technologies are a lifesaver in environments where wired connections are cost-prohibitive or just not practical. However, transmitting sensitive information over the airwaves presents security challenges including passive attacks and active attacks. Enter Layer 2 encryption, which can effectively thwart these security challenges. (U.S. Air Force photo by Senior Airman Julianne Showalter)

The Advantages of Layer 2 Encryption

Layer 2 encryption is the industry’s first Wireless Firewall. Like a firewall, it supports policy filters to control what services users can access on a network and provide an audit trail. It protects data in-transit for WiFi, WiMax, Mesh, 3G, 4G, Zigbee or LANs

Like a VPN, it provides encrypted network access for users via a client

Better than a firewall or a VPN because it is Layer-2, with performance and simplicity advantages over IPsec or SSL

FIPS 140-2 certified strong AES encryption

Offers best-of-breed wireless security: strong encryption, authentication and access Control comparable to WPA2-Enterprise, even on legacy WiFi with no security or weak security like WEP

Makes the network unsniffable.

Improves any network topology by adding blanket end-to-end encryption

Embedded Security

Embedded device security is designed to secure all aspects of any connected device, computer or service. They are built on a common architecture and share a common cryptographic code base.

* Minimal latency * Low power consumption * Low memory * Minimal code size * Suitable for both hardware and software * Authenticated Encryption * Single key for both encryption and authentication * Word based (16-bit)

Embedded Security, Securing Internet Things

Smart Grid Security is Just Starting with a Long Road Ahead

Secure as you go

Did we forget the Power Company?

Smart Grid Security Conclusions

● Find your security problems before they find you.

● Address most crucial security issues first.

● Do grid upgrades adding security as you go.

● Use what works now with a path to future proofing.

● Agency guidelines are just that guidelines.

● Certifications are good but bring in house and test.

● Look for high end but simple security solutions

● Bring in security professionals and shut the door

● Smart Grid Security will be soon know as the best in security

Question and Comments

Larry Karisnylkarisny@projectsafety.org