Securing the Smart Grid book cover

Securing the Smart Grid

Next Generation Power Grid Security

Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers. The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.

Government and private security professionals involved in designing and assessing smart grid technology

Paperback, 320 Pages

Published: September 2010

Imprint: Syngress

ISBN: 978-1-59749-570-7


  • "The first step in securing the Smart Grid is to fully understand the threat landscape. This book provides both a timely and relevant overview of the subject - a must-read for anyone responsible for securing the grid as well as consumers looking to implement the technology!."-- Dr. Patrick Engebretson, Assistant Professor of Computer Security, Dakota State University.

    "Easy to read and full of valuable information, this book provides a wide-eyed view of our future and the security challenges we will be facing in our day-to-day lives. Exploring everything from home systems to large-scale power plants, this is a must-read for everyone in our technological society."-- Thomas Wilhelm, ISSMP, CISSP, SCSECA, SCNA, SCSA, IEM, IAM

    "Overall, Securing the Smart Grid: Next Generation Power Grid Security provides an excellent overview of the state of smart grid technology and its related security, privacy and regulatory issues. The book provides an excellent introduction for anyone looking to understand what smart grid is all about and its security and privacy issues."--Ben Rothke, Slashdot


  • Acknowledgments (Tony Flick)

    Acknowledgments (Justin Morehouse)

    About the Authors

    About the Technical Editor


    Chapter 1 Smart Grid: What Is It?

        A Brief History of Electrical Grids

             What Is an Electric Grid?

             Grid Topologies

             Modernizing the Electric Grids

        What Is Automatic Meter Reading (AMR)?

             AMR Technologies

             AMR Network Topologies

        Future Infrastructure

             Justifications for Smart Grids

        What Is a Smart Grid?


        What Is AMI?

        International Initiatives





        Why Do We Need to Secure the Smart Grid?

             Smart Grid versus Security

             Mapping Smart Grid Goals to Security



    Chapter 2 Threats and Impacts: Consumers

        Consumer Threats

        Naturally Occurring Threats

             Weather and Other Natural Disasters

        Individual and Organizational Threats

             Smart Thieves and Stalkers




             Utility Companies

        Impacts on Consumers


        Impacts on Availability

             Personal Availability


             Emergency Services

        Financial Impacts

        Likelihood of Attack



    Chapter 3 Threats and Impacts: Utility Companies and Beyond


             Consumer Privacy

             Proprietary Information


             Service Fraud

             Sensor Data Manipulation


             Consumer Targets

             Organizational Targets

             Vertical Targets

             Market Manipulation

             National Security Target



    Chapter 4 Federal Effort to Secure Smart Grids

       U.S. Federal Government

             Energy and Independence Security Act of 2007

             American Recovery and Reinvestment Act of 2009


             Legacy Electric Grid Technologies

             Current Smart Grid Technologies

             Lack of Deployment Equals Lack of Risk


             Mandatory Reliability Standards

             Smart Grid Policy


             NIST SP 1108

             Smart Grid Cyber Security Strategy and Requirements

        DHS NIPP

             Sector-Specific Plans

        Other Applicable Laws

             The Identity Theft Enforcement and Restitution Act of 2008

             Electronic Communications Privacy Act of 1986

             Breach Notification Laws

             Personal Information Protection and Electronic Documents Act

        Sponsoring Security

        Bureaucracy and Politics in Smart Grid Security



    Chapter 5 State and Local Security Initiatives

        State Government

             State Laws

        State Regulatory Bodies

             National Association of Regulatory Utility Commissioners

             Colorado PUC

             PUC of Texas

             Planning for the Future

        State Courts

             Colorado Court of Appeals


        Promoting Security Education

        Politics and the Smart Grid



    Chapter 6 Public and Private Companies

        Industry Plans for Self-Policing

             NERC Critical Infrastructure Protection Standards

        Compliance Versus Security

        How Technology Vendors Can Fill the Gaps

        How Utility Companies Can Fill the Gaps



    Chapter 7 Attacking the Utility Companies


             Vulnerability Assessment versus Penetration Test

             Other Aspects of a Security Assessment

        Network Attacks


        System Attacks


             Legacy Systems

        Application Attacks

             Life-Imitating Art

             Attacking Utility Company Web Applications

             Attacking Compiled Code Applications

        Wireless Attacks

             Wireless Clients




        Social Engineering Attacks

             Selecting Targets

        Physical Attacks

             Attacking with a Friend

        Putting It All Together



    Chapter 8 Securing the Utility Companies

        Smart Grid Security Program

             ISO/IEC 27000

        Top 12 Technical Practices to Secure the Smart Grid

             Threat Modeling


             Default Deny Firewall Rules

             Code and Command Signing



             Vulnerability Management

             Penetration Testing

             Source Code Review

             Configuration Hardening

             Strong Authentication

             Logging and Monitoring



    Chapter 9 Third-Party Services

        Service Providers


             Consumer Interfaces

             Device Support

        Attacking Consumers

             Functionality Undermines Security

             Microsoft Hohm and Google PowerMeter

             Smart Devices Gone Wild

        Attacking Service Providers

        Securing Third-Party Access to the Smart Grid


             Data Access

             Network Access

             Secure Transport

             Assessing the Third Party

             Securing the Third Party



    Chapter 10 Mobile Applications and Devices

        Why Mobile Applications?



             Trusting Strangers


             Why Attack the Handset?



             Malicious Web Sites


        Securing Mobile Devices

             Traditional Security Controls

             Secure Syncing

             Disk Encryption

             Screen Lock

             Wiping the Device




        Secure Mobile Applications

             Mobile Application Security Controls




    Chapter 11 Social Networking and the Smart Grid

        The Smart Grid Gets Social



        Social Networking Threats

             Information Disclosure

        Smart Grid Social Networking Security Checklist

             Before You Begin

             Basic Controls



    Chapter 12 Attacking Smart Meters

        Open Source Security Testing Methodology Manual (OSSTMM)

             Information Security

             Process Security Testing

             Internet Technology Security Testing

             Communication Security Testing

             Wireless Security Testing

             Physical Security Testing

        NIST Special Publication 800-42: Guideline on Network Security Testing

             Security Testing Techniques



    Chapter 13 Attacking Smart Devices

        Selecting a Target Smart Device

        Attacking a Smart Device

             Network Surveying

             Port Scanning

             Services Identification and System Identification

             Vulnerability Research and Verification

             Internet Application Testing

             Password Cracking

             Denial-of-Service Testing

             Exploit Testing



    Chapter 14 What’s Next?


        What Should Consumers Expect?

             Smart Devices

             Smart Meters

             Home Area Network

             Electric Vehicles

             Personal Power Plant


        What Should Smart Grid Technology Vendors Expect?

        What Should Utility Companies Expect?

             Reducing Energy Demand to Reduce Costs and Security

             Diagnosing Problems Faster

             Beyond Electricity

             Curiosity Attacks

        What Should Security Professionals Expect and What Do They Predict?

             Security versus Functionality

             Security Devices

             Visions of Gloom and Doom

        Smart Grid Community

             Conferences 2

             Agencies and Groups

             Blogs, News Web Sites, and RSS Feeds





advert image