Smart grid technology opens a world of possibilities for energy conservation and efficient operations. Unfortunately, it is also creating great opportunities for smart grid hackers.
Tony Flick, principal at FYRM Associates, compares the evolution of nascent smart grid security standards to the Payment Card Industry Data Security Standard (PCI DSS), which is aimed at securing payment cards.
That’s not a good thing, in Flick’s opinion. He said PCI DSS rules, which were created by the National Institute of Standards and Technology (NIST), fall short because they are vague and allow the industry to police itself. This leads to deployment uncertainties, scenarios in which implementations are considered compliant without actually being secure and other problems.
“I wouldn’t characterize [PCI DSS] as an absolute failure — any security is better than none — but at the same time, there are valid criticisms of the standard,” Flick said.
Utility companies have begun rolling out digital electric metering devices that connect to the Internet and collect electricity use at a home or business. The devices are connected to electric substations and enable utility companies to route power more efficiently. The goal is to reduce costs and save energy by closely monitoring energy consumption.
Flick, who is scheduled to make a presentation entitled “Hacking the Smart Grid” on July 30 at Black Hat USA 2009 in Las Vegas, said that final decisions on rule creation have not been made. He urges NIST to eschew the hands-off approach that characterized the PCI DSS effort.
via Smart grid security risks exposed at Black Hat | Search Security Asia.
