You know you’re at a hacker convention when the word Pwned is used in numerous speeches and conference literature. I spent a couple hours on Thursday at the annual Black Hat security convention in Las Vegas — not to learn about the newest ways to break into web companies’ private systems, but to listen to numerous speakers on the subject of potential vulnerabilities in the smart grid, and (more productively) what companies and policy-makers building the smart grid should do about those security issues.
According to one speaker, Tony Flick, a principal at IT security consulting firm FYRM Associates, utility and energy management web sites may be serious security concerns for the smart grid. Flick says he looked at eight different utility energy web sites, where consumers could conduct a number of types of energy management services, including turning down appliances that consume energy, and found that the majority of the sites had “very simple” and “basic” security vulnerabilities.
The security lapses he found are common problems with many web sites, for example using something called “clear-text protocols,” which are communication methods that don’t encrypt data and “cross-site scripting,” which allows hacker to inject code into a site when it is viewed by other visitors. But given the sensitive and private nature of energy consumption and control data, the vulnerabilities could cause problems for utility companies, Flick pointed out.
via Utility Energy Web Sites Could Be A Pain Point for Smart Grid Security.
