Interoperability, Standards and  Cyber-Security: A Business         Perspective     Patrick C Miller, President and CEO   ...
Interoperability•     Goal: “electron flocking” (e-flocking)•     Current approach may be too prescriptive•     $10K per s...
Standards• FERC/PUC lines are not clear• NARUC wants backward compatibility• Many state commissions do not have expertise ...
Cybersecurity Landscape• Security approaches favor new installations,  legacy environments are still vulnerable• Very diff...
Cybersecurity Landscape• Mixing legacy and bleeding edge tech is difficult• Logical distance between kinetic endpoint and ...
TwitBookBlogosphereThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program       ...
Research and Disclosure46 zero-day SCADA vulnerabilities issued a two-weekspanThe National Electric Sector Cybersecurity O...
Smart Grid Development• Security Considerations        –     Get off of the innovation treadmill (see: Apple)        –    ...
Smart Grid Development• Privacy Considerations        –     Legal implications        –     Tin foil hat club        –    ...
Questions?                      Non-profit. Independent. Trusted.                                                         ...
Upcoming SlideShare
Loading in...5
×

Interoperability, Standards and Cybersecurity: A Business Perspective

188

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
188
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Interoperability, Standards and Cybersecurity: A Business Perspective

  1. 1. Interoperability, Standards and Cyber-Security: A Business Perspective Patrick C Miller, President and CEO April 21 2011 Innotech Smart Grid Oregon Pacific NW Smart Grid Trade Show and Conference
  2. 2. Interoperability• Goal: “electron flocking” (e-flocking)• Current approach may be too prescriptive• $10K per seat may be a barrier• No real consensus at this time• Potentially unbalanced voting process• EEI feels the industry is being “marginalized”• Not ready for adoption at this time; but when?The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 1
  3. 3. Standards• FERC/PUC lines are not clear• NARUC wants backward compatibility• Many state commissions do not have expertise or sufficient staff to deal with the smart grid wave• California PUC is not waiting for Federal standards• Utilities are moving forward, but inconsistently• Suffering from standard fatigueThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 2
  4. 4. Cybersecurity Landscape• Security approaches favor new installations, legacy environments are still vulnerable• Very difficult to replace/patch in-service devices• Isolation has diminishing security value• Security products vs. buying secure products• Engineering (N-1) and Security are different – Nature may be sophisticated, but it isn’t malicious• Hackers don’t use a compliance checklist – Following a compliance checklist won’t make you secureThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 3
  5. 5. Cybersecurity Landscape• Mixing legacy and bleeding edge tech is difficult• Logical distance between kinetic endpoint and HMI is exponentially increasing; “hyperembeddedness”• Many vendors are forced to put features ahead of security due to market conditions• Privacy and security will be dominant forces in the smart grid market• Sufficient motive, means and opportunity exist to take the threat seriouslyThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 4
  6. 6. TwitBookBlogosphereThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 5
  7. 7. Research and Disclosure46 zero-day SCADA vulnerabilities issued a two-weekspanThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 6
  8. 8. Smart Grid Development• Security Considerations – Get off of the innovation treadmill (see: Apple) – Code review: meters, aggregators, upstream – Crypto: transit, rest, key management – Message authentication: learn from EAI models – Patching – Supply chain: hardware, software, people – Physical access – Vulnerability managementThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 7
  9. 9. Smart Grid Development• Privacy Considerations – Legal implications – Tin foil hat club – Must have vs. nice to have – Opt in vs. opt out vs. no option – Information is a commodity; ethics matterThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 8
  10. 10. Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 9

×