Securing the Smart Grid book cover

Securing the Smart Grid

Next Generation Power Grid Security

Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers. The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.

Audience
Government and private security professionals involved in designing and assessing smart grid technology

Paperback, 320 Pages

Published: September 2010

Imprint: Syngress

ISBN: 978-1-59749-570-7

Reviews

  • "The first step in securing the Smart Grid is to fully understand the threat landscape. This book provides both a timely and relevant overview of the subject - a must-read for anyone responsible for securing the grid as well as consumers looking to implement the technology!."-- Dr. Patrick Engebretson, Assistant Professor of Computer Security, Dakota State University.

    "Easy to read and full of valuable information, this book provides a wide-eyed view of our future and the security challenges we will be facing in our day-to-day lives. Exploring everything from home systems to large-scale power plants, this is a must-read for everyone in our technological society."-- Thomas Wilhelm, ISSMP, CISSP, SCSECA, SCNA, SCSA, IEM, IAM

    "Overall, Securing the Smart Grid: Next Generation Power Grid Security provides an excellent overview of the state of smart grid technology and its related security, privacy and regulatory issues. The book provides an excellent introduction for anyone looking to understand what smart grid is all about and its security and privacy issues."--Ben Rothke, Slashdot


Contents


  • Acknowledgments (Tony Flick)

    Acknowledgments (Justin Morehouse)

    About the Authors

    About the Technical Editor

    Introduction

    Chapter 1 Smart Grid: What Is It?

        A Brief History of Electrical Grids

             What Is an Electric Grid?

             Grid Topologies

             Modernizing the Electric Grids

        What Is Automatic Meter Reading (AMR)?

             AMR Technologies

             AMR Network Topologies

        Future Infrastructure

             Justifications for Smart Grids

        What Is a Smart Grid?

             Components

        What Is AMI?

        International Initiatives

             Australia

             Canada

             China

             Europe

        Why Do We Need to Secure the Smart Grid?

             Smart Grid versus Security

             Mapping Smart Grid Goals to Security

        Summary

        Endnotes

    Chapter 2 Threats and Impacts: Consumers

        Consumer Threats

        Naturally Occurring Threats

             Weather and Other Natural Disasters

        Individual and Organizational Threats

             Smart Thieves and Stalkers

             Hackers

             Terrorism

             Government

             Utility Companies

        Impacts on Consumers

             Privacy

        Impacts on Availability

             Personal Availability

             Mobility

             Emergency Services

        Financial Impacts

        Likelihood of Attack

        Summary

        Endnotes

    Chapter 3 Threats and Impacts: Utility Companies and Beyond

        Confidentiality

             Consumer Privacy

             Proprietary Information

        Integrity

             Service Fraud

             Sensor Data Manipulation

        Availability

             Consumer Targets

             Organizational Targets

             Vertical Targets

             Market Manipulation

             National Security Target

        Summary

        Endnotes

    Chapter 4 Federal Effort to Secure Smart Grids

       U.S. Federal Government

             Energy and Independence Security Act of 2007

             American Recovery and Reinvestment Act of 2009

        DOE

             Legacy Electric Grid Technologies

             Current Smart Grid Technologies

             Lack of Deployment Equals Lack of Risk

        FERC

             Mandatory Reliability Standards

             Smart Grid Policy

        NIST

             NIST SP 1108

             Smart Grid Cyber Security Strategy and Requirements

        DHS NIPP

             Sector-Specific Plans

        Other Applicable Laws

             The Identity Theft Enforcement and Restitution Act of 2008

             Electronic Communications Privacy Act of 1986

             Breach Notification Laws

             Personal Information Protection and Electronic Documents Act

        Sponsoring Security

        Bureaucracy and Politics in Smart Grid Security

        Summary

        Endnotes

    Chapter 5 State and Local Security Initiatives

        State Government

             State Laws

        State Regulatory Bodies

             National Association of Regulatory Utility Commissioners

             Colorado PUC

             PUC of Texas

             Planning for the Future

        State Courts

             Colorado Court of Appeals

             Implications

        Promoting Security Education

        Politics and the Smart Grid

        Summary

        Endnotes

    Chapter 6 Public and Private Companies

        Industry Plans for Self-Policing

             NERC Critical Infrastructure Protection Standards

        Compliance Versus Security

        How Technology Vendors Can Fill the Gaps

        How Utility Companies Can Fill the Gaps

        Summary

        Endnotes

    Chapter 7 Attacking the Utility Companies

        Motivation

             Vulnerability Assessment versus Penetration Test

             Other Aspects of a Security Assessment

        Network Attacks

             Methodologies

        System Attacks

             SCADA

             Legacy Systems

        Application Attacks

             Life-Imitating Art

             Attacking Utility Company Web Applications

             Attacking Compiled Code Applications

        Wireless Attacks

             Wireless Clients

             Wi-Fi

             Bluetooth

             Cellular

        Social Engineering Attacks

             Selecting Targets

        Physical Attacks

             Attacking with a Friend

        Putting It All Together

        Summary

        Endnotes

    Chapter 8 Securing the Utility Companies

        Smart Grid Security Program

             ISO/IEC 27000

        Top 12 Technical Practices to Secure the Smart Grid

             Threat Modeling

             Segmentation

             Default Deny Firewall Rules

             Code and Command Signing

             Honeypots

             Encryption

             Vulnerability Management

             Penetration Testing

             Source Code Review

             Configuration Hardening

             Strong Authentication

             Logging and Monitoring

        Summary

        Endnotes

    Chapter 9 Third-Party Services

        Service Providers

             Billing

             Consumer Interfaces

             Device Support

        Attacking Consumers

             Functionality Undermines Security

             Microsoft Hohm and Google PowerMeter

             Smart Devices Gone Wild

        Attacking Service Providers

        Securing Third-Party Access to the Smart Grid

             Trust

             Data Access

             Network Access

             Secure Transport

             Assessing the Third Party

             Securing the Third Party

        Summary

        Endnotes

    Chapter 10 Mobile Applications and Devices

        Why Mobile Applications?

        Platforms

        Trust

             Trusting Strangers

        Attacks

             Why Attack the Handset?

             SMS

             E-mail

             Malicious Web Sites

             Physical

        Securing Mobile Devices

             Traditional Security Controls

             Secure Syncing

             Disk Encryption

             Screen Lock

             Wiping the Device

             Recovery

             Forensics

             Education

        Secure Mobile Applications

             Mobile Application Security Controls

             Encryption

        Summary

        Endnotes

    Chapter 11 Social Networking and the Smart Grid

        The Smart Grid Gets Social

             Twitter

             Facebook

        Social Networking Threats

             Information Disclosure

        Smart Grid Social Networking Security Checklist

             Before You Begin

             Basic Controls

        Summary

        Endnotes

    Chapter 12 Attacking Smart Meters

        Open Source Security Testing Methodology Manual (OSSTMM)

             Information Security

             Process Security Testing

             Internet Technology Security Testing

             Communication Security Testing

             Wireless Security Testing

             Physical Security Testing

        NIST Special Publication 800-42: Guideline on Network Security Testing

             Security Testing Techniques

        Summary

        Endnotes

    Chapter 13 Attacking Smart Devices

        Selecting a Target Smart Device

        Attacking a Smart Device

             Network Surveying

             Port Scanning

             Services Identification and System Identification

             Vulnerability Research and Verification

             Internet Application Testing

             Password Cracking

             Denial-of-Service Testing

             Exploit Testing

        Summary

        Endnotes

    Chapter 14 What’s Next?

        Timeline

        What Should Consumers Expect?

             Smart Devices

             Smart Meters

             Home Area Network

             Electric Vehicles

             Personal Power Plant

             Privacy

        What Should Smart Grid Technology Vendors Expect?

        What Should Utility Companies Expect?

             Reducing Energy Demand to Reduce Costs and Security

             Diagnosing Problems Faster

             Beyond Electricity

             Curiosity Attacks

        What Should Security Professionals Expect and What Do They Predict?

             Security versus Functionality

             Security Devices

             Visions of Gloom and Doom

        Smart Grid Community

             Conferences 2

             Agencies and Groups

             Blogs, News Web Sites, and RSS Feeds

        Summary

        Endnotes

    Index








Advertisement

advert image