Securing the Smart Grid

Next Generation Power Grid Security


  • Tony Flick, Prinicple, FYRM Associates, Inc., Tampa, FL, USA
  • Justin Morehouse, Senior Information Protection Specialist at one of the nations largest retailers

Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers. The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.
View full description


Government and private security professionals involved in designing and assessing smart grid technology


Book information

  • Published: September 2010
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-570-7


"The first step in securing the Smart Grid is to fully understand the threat landscape. This book provides both a timely and relevant overview of the subject - a must-read for anyone responsible for securing the grid as well as consumers looking to implement the technology!."-- Dr. Patrick Engebretson, Assistant Professor of Computer Security, Dakota State University.

"Easy to read and full of valuable information, this book provides a wide-eyed view of our future and the security challenges we will be facing in our day-to-day lives. Exploring everything from home systems to large-scale power plants, this is a must-read for everyone in our technological society."-- Thomas Wilhelm, ISSMP, CISSP, SCSECA, SCNA, SCSA, IEM, IAM

"Overall, Securing the Smart Grid: Next Generation Power Grid Security provides an excellent overview of the state of smart grid technology and its related security, privacy and regulatory issues. The book provides an excellent introduction for anyone looking to understand what smart grid is all about and its security and privacy issues."--Ben Rothke, Slashdot

Table of Contents

Acknowledgments (Tony Flick)

Acknowledgments (Justin Morehouse)

About the Authors

About the Technical Editor


Chapter 1 Smart Grid: What Is It?

    A Brief History of Electrical Grids

         What Is an Electric Grid?

         Grid Topologies

         Modernizing the Electric Grids

    What Is Automatic Meter Reading (AMR)?

         AMR Technologies

         AMR Network Topologies

    Future Infrastructure

         Justifications for Smart Grids

    What Is a Smart Grid?


    What Is AMI?

    International Initiatives





    Why Do We Need to Secure the Smart Grid?

         Smart Grid versus Security

         Mapping Smart Grid Goals to Security



Chapter 2 Threats and Impacts: Consumers

    Consumer Threats

    Naturally Occurring Threats

         Weather and Other Natural Disasters

    Individual and Organizational Threats

         Smart Thieves and Stalkers




         Utility Companies

    Impacts on Consumers


    Impacts on Availability

         Personal Availability


         Emergency Services

    Financial Impacts

    Likelihood of Attack



Chapter 3 Threats and Impacts: Utility Companies and Beyond


         Consumer Privacy

         Proprietary Information


         Service Fraud

         Sensor Data Manipulation


         Consumer Targets

         Organizational Targets

         Vertical Targets

         Market Manipulation

         National Security Target



Chapter 4 Federal Effort to Secure Smart Grids

   U.S. Federal Government

         Energy and Independence Security Act of 2007

         American Recovery and Reinvestment Act of 2009


         Legacy Electric Grid Technologies

         Current Smart Grid Technologies

         Lack of Deployment Equals Lack of Risk


         Mandatory Reliability Standards

         Smart Grid Policy


         NIST SP 1108

         Smart Grid Cyber Security Strategy and Requirements


         Sector-Specific Plans

    Other Applicable Laws

         The Identity Theft Enforcement and Restitution Act of 2008

         Electronic Communications Privacy Act of 1986

         Breach Notification Laws

         Personal Information Protection and Electronic Documents Act

    Sponsoring Security

    Bureaucracy and Politics in Smart Grid Security



Chapter 5 State and Local Security Initiatives

    State Government

         State Laws

    State Regulatory Bodies

         National Association of Regulatory Utility Commissioners

         Colorado PUC

         PUC of Texas

         Planning for the Future

    State Courts

         Colorado Court of Appeals


    Promoting Security Education

    Politics and the Smart Grid



Chapter 6 Public and Private Companies

    Industry Plans for Self-Policing

         NERC Critical Infrastructure Protection Standards

    Compliance Versus Security

    How Technology Vendors Can Fill the Gaps

    How Utility Companies Can Fill the Gaps



Chapter 7 Attacking the Utility Companies


         Vulnerability Assessment versus Penetration Test

         Other Aspects of a Security Assessment

    Network Attacks


    System Attacks


         Legacy Systems

    Application Attacks

         Life-Imitating Art

         Attacking Utility Company Web Applications

         Attacking Compiled Code Applications

    Wireless Attacks

         Wireless Clients




    Social Engineering Attacks

         Selecting Targets

    Physical Attacks

         Attacking with a Friend

    Putting It All Together



Chapter 8 Securing the Utility Companies

    Smart Grid Security Program

         ISO/IEC 27000

    Top 12 Technical Practices to Secure the Smart Grid

         Threat Modeling


         Default Deny Firewall Rules

         Code and Command Signing



         Vulnerability Management

         Penetration Testing

         Source Code Review

         Configuration Hardening

         Strong Authentication

         Logging and Monitoring



Chapter 9 Third-Party Services

    Service Providers


         Consumer Interfaces

         Device Support

    Attacking Consumers

         Functionality Undermines Security

         Microsoft Hohm and Google PowerMeter

         Smart Devices Gone Wild

    Attacking Service Providers

    Securing Third-Party Access to the Smart Grid


         Data Access

         Network Access

         Secure Transport

         Assessing the Third Party

         Securing the Third Party



Chapter 10 Mobile Applications and Devices

    Why Mobile Applications?



         Trusting Strangers


         Why Attack the Handset?



         Malicious Web Sites


    Securing Mobile Devices

         Traditional Security Controls

         Secure Syncing

         Disk Encryption

         Screen Lock

         Wiping the Device




    Secure Mobile Applications

         Mobile Application Security Controls




Chapter 11 Social Networking and the Smart Grid

    The Smart Grid Gets Social



    Social Networking Threats

         Information Disclosure

    Smart Grid Social Networking Security Checklist

         Before You Begin

         Basic Controls



Chapter 12 Attacking Smart Meters

    Open Source Security Testing Methodology Manual (OSSTMM)

         Information Security

         Process Security Testing

         Internet Technology Security Testing

         Communication Security Testing

         Wireless Security Testing

         Physical Security Testing

    NIST Special Publication 800-42: Guideline on Network Security Testing

         Security Testing Techniques



Chapter 13 Attacking Smart Devices

    Selecting a Target Smart Device

    Attacking a Smart Device

         Network Surveying

         Port Scanning

         Services Identification and System Identification

         Vulnerability Research and Verification

         Internet Application Testing

         Password Cracking

         Denial-of-Service Testing

         Exploit Testing



Chapter 14 What’s Next?


    What Should Consumers Expect?

         Smart Devices

         Smart Meters

         Home Area Network

         Electric Vehicles

         Personal Power Plant


    What Should Smart Grid Technology Vendors Expect?

    What Should Utility Companies Expect?

         Reducing Energy Demand to Reduce Costs and Security

         Diagnosing Problems Faster

         Beyond Electricity

         Curiosity Attacks

    What Should Security Professionals Expect and What Do They Predict?

         Security versus Functionality

         Security Devices

         Visions of Gloom and Doom

    Smart Grid Community

         Conferences 2

         Agencies and Groups

         Blogs, News Web Sites, and RSS Feeds