Howe Brand, smart security grid risks
Upcoming SlideShare
Loading in...5
×
 

Howe Brand, smart security grid risks

on

  • 851 views

The following is a smart grid security presentation I developed for my fellow task force members on NERC's 2010 Smart Grid Task Force. The charts included are very helpful in understanding at a ...

The following is a smart grid security presentation I developed for my fellow task force members on NERC's 2010 Smart Grid Task Force. The charts included are very helpful in understanding at a glance, where the risks and threats to smart grid reliability and security lie. In the end though it is the 'human factor' that is most important to keep in mind in risk mitigation.

Statistics

Views

Total Views
851
Views on SlideShare
851
Embed Views
0

Actions

Likes
0
Downloads
66
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Howe Brand, smart security grid risks Howe Brand, smart security grid risks Presentation Transcript

  • x CYBER SECURITY FOR THE SMART GRID All rights reserved: © 2010 Gavan Howe ebranders.com Gavan Howe, PhD (in progress) President of ebranders
  • All rights reserved: © 2010 Gavan Howe ebranders.com FACT Source: Spoonamore & Krutz, 2009 What is the probability of hacking into the smart grid today?
  • x All rights reserved: © 2010 Gavan Howe ebranders.com 100% View slide
  • All rights reserved: © 2010 Gavan Howe ebranders.com CHANGE • Recognize that “ we don’t know what we don’t know ” about many unknowns of Smart Grid Security • Recognize that the greatest potential lies with your people • Recognize it is the Environment you work in that is causing change View slide
  • All rights reserved: © 2010 Gavan Howe ebranders.com “ The human factor is real”
  • FACT All rights reserved: © 2010 Gavan Howe ebranders.com Why is this so? “ Risk taking in the smart grid domain is one of dynamic complexity”
  • • ‘ In 2009 Energy and Oil industries experienced an encounter rate 356% higher than normal for data theft Trojans’. All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY • On Dec 2009 Google, and Intel discovered a breach in their network that led to the loss of sensitive intellectual property for Google. Source: 2009 Annual Global Threat Report
  • • In 2007 there were 37,000 cyber attacks in the USA. That is 8 x the 2005 level! All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY • Energy and Oil industries are at most risk, 4 x the average risk of all industries combined! Source: Christian Science Monitor, Jan 2010
  • • ‘ It looks like a very secure network that not only the company but the consumer can count on’. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS BASED ON PHONE SURVEY OF “C” LEVEL EXECUTIVES • ‘ One of those areas is the cyber security problem. We readily admit that, “yes, there is a problem” but we don’t really have a handle on it –no one does’.
  • • ‘ I think it has been far too traditionally organized’. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ They really are not looking at this thing holistically’. • Probably the problem is that too many things are being discussed. It is too much. It is everything to everybody’.
  • x What does Security look like in the Smart Grid? All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ Well, I think it’s not as stringent as cyber security, but it’s got to be accurate… But, well, really it’s typical of computer security’. • “ it’s typical of computer security” or “It is nothing more than supplying security best practices that exist in other domains.”
  • • ‘ I can’t… That is not my area of expertise. I know that it is something that… All of the vendors in the Smart Grid arena are going to require that the systems that we, ultimately, procure must meet all of the standards as they are developed. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ It is nothing more than supplying security best practices that exist in other domains’.
  • All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ It is an issue. Anytime you start to add more and more layers of access and visibility and communications and connectedness, you have to deal with security issues. • ‘ You need to have tools and systems that can track if somebody has changed the firmware, was it initiated by the company or was it externally initiated. So, basically, security is all about event logs.
  • All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ If you look from a security standpoint, you have to have some way to protect not only the operation of the utility but you also have to have some way to protect the privacy of the customers. • ‘ We need time to investigate and make the right decisions on technologies because however you start a system is going to drive how that system looks in the end’.
  • All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ If you get started with the wrong concept, the wrong technology, your hands are going to be tied and you are not going to be able to really capitalize on the true benefits of the smart grid’. • ‘ Well, if you had asked me six months ago, I would have told you that I had a pretty good idea; now that I have been working with our information services people for the past six months, I don’t know if I know.’
  • x Points of risk lying within the grid topology, its new devices, and systems. All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY
  • x All rights reserved: © 2010 Gavan Howe ebranders.com
  • x All rights reserved: © 2010 Gavan Howe ebranders.com
  • x All rights reserved: © 2010 Gavan Howe ebranders.com
  • x All rights reserved: © 2010 Gavan Howe ebranders.com
  • x All rights reserved: © 2010 Gavan Howe ebranders.com
  • x All rights reserved: © 2010 Gavan Howe ebranders.com The Human Factor is also called dynamic conservatism . This manifests itself when staff ‘ignore the facts that influence or change the way the environment behaves, and will knowingly pursue activities to help maintain existing systems’. THE HUMAN FACTOR
  • x All rights reserved: © 2010 Gavan Howe ebranders.com
  • x D x E x U x V x F > R = C (change) All rights reserved: © 2010 Gavan Howe ebranders.com Translated into a formula for change to embrace smart gird security the last diagram looks like this: THE HUMAN FACTOR
  • x All rights reserved: © 2010 Gavan Howe ebranders.com THE HUMAN FACTOR Getting people to change is tough work, and it does work if you give them the tools, and the path to follow, while leading the change.
  • x All rights reserved: © 2010 Gavan Howe ebranders.com RISK AND UNCERTAINTY As Frank Knight wrote in his dissertation of 1921, Risk, Uncertainty and Profit: “ Uncertainty must be taken in a sense radically distinct from the notion of Risk from which it has never been properly separated.… It will appear that a measurable uncertainty, or ‘risk’ proper, is so far different from an immeasurable one, that it is not in effect an uncertainty at all.”
  • x Cyber Security for the Smart Grid will eventually happen. All rights reserved: © 2010 Gavan Howe ebranders.com Let’s make it happen now.
  • x END All rights reserved: © 2010 Gavan Howe ebranders.com Gavan Howe, March 2010 President of ebranders