Securing the Smart Grid

Securing the Smart Grid

Next Generation Power Grid Security

1st Edition - September 23, 2010

Write a review

  • Authors: Tony Flick, Justin Morehouse
  • eBook ISBN: 9781597495714
  • Paperback ISBN: 9781597495707

Purchase options

Purchase options
DRM-free (EPub, Mobi, PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers. The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.

Key Features

  • Details how old and new hacking techniques can be used against the grid and how to defend against them
  • Discusses current security initiatives and how they fall short of what is needed
  • Find out how hackers can use the new infrastructure against itself


Government and private security professionals involved in designing and assessing smart grid technology

Table of Contents

  • Acknowledgments (Tony Flick)

    Acknowledgments (Justin Morehouse)

    About the Authors

    About the Technical Editor


    Chapter 1 Smart Grid: What Is It?

        A Brief History of Electrical Grids

             What Is an Electric Grid?

             Grid Topologies

             Modernizing the Electric Grids

        What Is Automatic Meter Reading (AMR)?

             AMR Technologies

             AMR Network Topologies

        Future Infrastructure

             Justifications for Smart Grids

        What Is a Smart Grid?


        What Is AMI?

        International Initiatives





        Why Do We Need to Secure the Smart Grid?

             Smart Grid versus Security

             Mapping Smart Grid Goals to Security



    Chapter 2 Threats and Impacts: Consumers

        Consumer Threats

        Naturally Occurring Threats

             Weather and Other Natural Disasters

        Individual and Organizational Threats

             Smart Thieves and Stalkers




             Utility Companies

        Impacts on Consumers


        Impacts on Availability

             Personal Availability


             Emergency Services

        Financial Impacts

        Likelihood of Attack



    Chapter 3 Threats and Impacts: Utility Companies and Beyond


             Consumer Privacy

             Proprietary Information


             Service Fraud

             Sensor Data Manipulation


             Consumer Targets

             Organizational Targets

             Vertical Targets

             Market Manipulation

             National Security Target



    Chapter 4 Federal Effort to Secure Smart Grids

       U.S. Federal Government

             Energy and Independence Security Act of 2007

             American Recovery and Reinvestment Act of 2009


             Legacy Electric Grid Technologies

             Current Smart Grid Technologies

             Lack of Deployment Equals Lack of Risk


             Mandatory Reliability Standards

             Smart Grid Policy


             NIST SP 1108

             Smart Grid Cyber Security Strategy and Requirements

        DHS NIPP

             Sector-Specific Plans

        Other Applicable Laws

             The Identity Theft Enforcement and Restitution Act of 2008

             Electronic Communications Privacy Act of 1986

             Breach Notification Laws

             Personal Information Protection and Electronic Documents Act

        Sponsoring Security

        Bureaucracy and Politics in Smart Grid Security



    Chapter 5 State and Local Security Initiatives

        State Government

             State Laws

        State Regulatory Bodies

             National Association of Regulatory Utility Commissioners

             Colorado PUC

             PUC of Texas

             Planning for the Future

        State Courts

             Colorado Court of Appeals


        Promoting Security Education

        Politics and the Smart Grid



    Chapter 6 Public and Private Companies

        Industry Plans for Self-Policing

             NERC Critical Infrastructure Protection Standards

        Compliance Versus Security

        How Technology Vendors Can Fill the Gaps

        How Utility Companies Can Fill the Gaps



    Chapter 7 Attacking the Utility Companies


             Vulnerability Assessment versus Penetration Test

             Other Aspects of a Security Assessment

        Network Attacks


        System Attacks


             Legacy Systems

        Application Attacks

             Life-Imitating Art

             Attacking Utility Company Web Applications

             Attacking Compiled Code Applications

        Wireless Attacks

             Wireless Clients




        Social Engineering Attacks

             Selecting Targets

        Physical Attacks

             Attacking with a Friend

        Putting It All Together



    Chapter 8 Securing the Utility Companies

        Smart Grid Security Program

             ISO/IEC 27000

        Top 12 Technical Practices to Secure the Smart Grid

             Threat Modeling


             Default Deny Firewall Rules

             Code and Command Signing



             Vulnerability Management

             Penetration Testing

             Source Code Review

             Configuration Hardening

             Strong Authentication

             Logging and Monitoring



    Chapter 9 Third-Party Services

        Service Providers


             Consumer Interfaces

             Device Support

        Attacking Consumers

             Functionality Undermines Security

             Microsoft Hohm and Google PowerMeter

             Smart Devices Gone Wild

        Attacking Service Providers

        Securing Third-Party Access to the Smart Grid


             Data Access

             Network Access

             Secure Transport

             Assessing the Third Party

             Securing the Third Party



    Chapter 10 Mobile Applications and Devices

        Why Mobile Applications?



             Trusting Strangers


             Why Attack the Handset?



             Malicious Web Sites


        Securing Mobile Devices

             Traditional Security Controls

             Secure Syncing

             Disk Encryption

             Screen Lock

             Wiping the Device




        Secure Mobile Applications

             Mobile Application Security Controls




    Chapter 11 Social Networking and the Smart Grid

        The Smart Grid Gets Social



        Social Networking Threats

             Information Disclosure

        Smart Grid Social Networking Security Checklist

             Before You Begin

             Basic Controls



    Chapter 12 Attacking Smart Meters

        Open Source Security Testing Methodology Manual (OSSTMM)

             Information Security

             Process Security Testing

             Internet Technology Security Testing

             Communication Security Testing

             Wireless Security Testing

             Physical Security Testing

        NIST Special Publication 800-42: Guideline on Network Security Testing

             Security Testing Techniques



    Chapter 13 Attacking Smart Devices

        Selecting a Target Smart Device

        Attacking a Smart Device

             Network Surveying

             Port Scanning

             Services Identification and System Identification

             Vulnerability Research and Verification

             Internet Application Testing

             Password Cracking

             Denial-of-Service Testing

             Exploit Testing



    Chapter 14 What’s Next?


        What Should Consumers Expect?

             Smart Devices

             Smart Meters

             Home Area Network

             Electric Vehicles

             Personal Power Plant


        What Should Smart Grid Technology Vendors Expect?

        What Should Utility Companies Expect?

             Reducing Energy Demand to Reduce Costs and Security

             Diagnosing Problems Faster

             Beyond Electricity

             Curiosity Attacks

        What Should Security Professionals Expect and What Do They Predict?

             Security versus Functionality

             Security Devices

             Visions of Gloom and Doom

        Smart Grid Community

             Conferences 2

             Agencies and Groups

             Blogs, News Web Sites, and RSS Feeds




Product details

  • No. of pages: 320
  • Language: English
  • Copyright: © Syngress 2010
  • Published: September 23, 2010
  • Imprint: Syngress
  • eBook ISBN: 9781597495714
  • Paperback ISBN: 9781597495707

About the Authors

Tony Flick

Tony Flick has been working in the Information Security field for more than six years and is currently a Principal with FYRM Associates. Mr. Flick has assisted numerous organizations in achieving compliance with federal regulations and industry standards. His expertise includes risk management and compliance, assessments and audits, and research in emerging technologies. Mr. Flick has presented at Black Hat USA, DEFCON, and the OWASP Tampa local chapter on smart grid and application security concepts. Mr. Flick holds the CISSP certification. Additionally, Mr. Flick earned a Bachelors of Science in Computer Science and a Bachelors of Science in Mathematics.

Affiliations and Expertise

Prinicple, FYRM Associates, Inc., Tampa, FL, USA

Justin Morehouse

Justin Morehouse is an Information Security professional with over 10 years of experience assisting Fortune 100 companies and Federal Government Agencies mature their Information Security programs. Over the past six years Mr. Morehouse has focused on the areas of attack and penetration, performing nearly 200 Security Assessments utilizing both NIST SP800-42’s “Blue Teaming” and “Red Teaming” approaches. Mr. Morehouse is the OWASP Tampa chapter leader and presented at IEEE’s EntNet. Mr. Morehouse holds the following degrees and certifications: CISSP, CISM, MCSE, MSIA, and QSA (Former). He is currently an adjunct professor at DeVry University.

Affiliations and Expertise

Senior Information Protection Specialist at one of the nations largest retailers

Ratings and Reviews

Write a review

There are currently no reviews for "Securing the Smart Grid"