Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers.
The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.
Government and private security professionals involved in designing and assessing smart grid technology
Acknowledgments (Tony Flick)
Acknowledgments (Justin Morehouse)
About the Authors
About the Technical Editor
Chapter 1 Smart Grid: What Is It?
A Brief History of Electrical Grids
What Is an Electric Grid?
Modernizing the Electric Grids
What Is Automatic Meter Reading (AMR)?
AMR Network Topologies
Justifications for Smart Grids
What Is a Smart Grid?
What Is AMI?
Why Do We Need to Secure the Smart Grid?
Smart Grid versus Security
Mapping Smart Grid Goals to Security
Chapter 2 Threats and Impacts: Consumers
Naturally Occurring Threats
Weather and Other Natural Disasters
Individual and Organizational Threats
Smart Thieves and Stalkers
Impacts on Consumers
Impacts on Availability
Likelihood of Attack
Chapter 3 Threats and Impacts: Utility Companies and Beyond
Sensor Data Manipulation
National Security Target
Chapter 4 Federal Effort to Secure Smart Grids
U.S. Federal Government
Energy and Independence Security Act of 2007
American Recovery and Reinvestment Act of 2009
Legacy Electric Grid Technologies
Current Smart Grid Technologies
Lack of Deployment Equals Lack of Risk
Mandatory Reliability Standards
Smart Grid Policy
NIST SP 1108
Smart Grid Cyber Security Strategy and Requirements
Other Applicable Laws
The Identity Theft Enforcement and Restitution Act of 2008
Electronic Communications Privacy Act of 1986
Breach Notification Laws
Personal Information Protection and Electronic Documents Act
Bureaucracy and Politics in Smart Grid Security
Chapter 5 State and Local Security Initiatives
State Regulatory Bodies
National Association of Regulatory Utility Commissioners
PUC of Texas
Planning for the Future
Colorado Court of Appeals
Promoting Security Education
Politics and the Smart Grid
Chapter 6 Public and Private Companies
Industry Plans for Self-Policing
NERC Critical Infrastructure Protection Standards
Compliance Versus Security
How Technology Vendors Can Fill the Gaps
How Utility Companies Can Fill the Gaps
Chapter 7 Attacking the Utility Companies
Vulnerability Assessment versus Penetration Test
Other Aspects of a Security Assessment
Attacking Utility Company Web Applications
Attacking Compiled Code Applications
Social Engineering Attacks
Attacking with a Friend
Putting It All Together
Chapter 8 Securing the Utility Companies
Smart Grid Security Program
Top 12 Technical Practices to Secure the Smart Grid
Default Deny Firewall Rules
Code and Command Signing
Source Code Review
Logging and Monitoring
Chapter 9 Third-Party Services
Functionality Undermines Security
Microsoft Hohm and Google PowerMeter
Smart Devices Gone Wild
Attacking Service Providers
Securing Third-Party Access to the Smart Grid
Assessing the Third Party
Securing the Third Party
Chapter 10 Mobile Applications and Devices
Why Mobile Applications?
Why Attack the Handset?
Malicious Web Sites
Securing Mobile Devices
Traditional Security Controls
Wiping the Device
Secure Mobile Applications
Mobile Application Security Controls
Chapter 11 Social Networking and the Smart Grid
The Smart Grid Gets Social
Social Networking Threats
Smart Grid Social Networking Security Checklist
Before You Begin
Chapter 12 Attacking Smart Meters
Open Source Security Testing Methodology Manual (OSSTMM)
Process Security Testing
Internet Technology Security Testing
Communication Security Testing
Wireless Security Testing
Physical Security Testing
NIST Special Publication 800-42: Guideline on Network Security Testing
Security Testing Techniques
Chapter 13 Attacking Smart Devices
Selecting a Target Smart Device
Attacking a Smart Device
Services Identification and System Identification
Vulnerability Research and Verification
Internet Application Testing
Chapter 14 What’s Next?
What Should Consumers Expect?
Home Area Network
Personal Power Plant
What Should Smart Grid Technology Vendors Expect?
What Should Utility Companies Expect?
Reducing Energy Demand to Reduce Costs and Security
Diagnosing Problems Faster
What Should Security Professionals Expect and What Do They Predict?
Security versus Functionality
Visions of Gloom and Doom
Smart Grid Community
Agencies and Groups
Blogs, News Web Sites, and RSS Feeds
- No. of pages:
- © Syngress 2011
- 23rd September 2010
- eBook ISBN:
- eBook ISBN:
- Paperback ISBN:
Tony Flick has been working in the Information Security field for more than six years and is currently a Principal with FYRM Associates. Mr. Flick has assisted numerous organizations in achieving compliance with federal regulations and industry standards. His expertise includes risk management and compliance, assessments and audits, and research in emerging technologies. Mr. Flick has presented at Black Hat USA, DEFCON, and the OWASP Tampa local chapter on smart grid and application security concepts. Mr. Flick holds the CISSP certification. Additionally, Mr. Flick earned a Bachelors of Science in Computer Science and a Bachelors of Science in Mathematics.
Prinicple, FYRM Associates, Inc., Tampa, FL, USA
Justin Morehouse is an Information Security professional with over 10 years of experience assisting Fortune 100 companies and Federal Government Agencies mature their Information Security programs. Over the past six years Mr. Morehouse has focused on the areas of attack and penetration, performing nearly 200 Security Assessments utilizing both NIST SP800-42’s “Blue Teaming” and “Red Teaming” approaches. Mr. Morehouse is the OWASP Tampa chapter leader and presented at IEEE’s EntNet. Mr. Morehouse holds the following degrees and certifications: CISSP, CISM, MCSE, MSIA, and QSA (Former). He is currently an adjunct professor at DeVry University.
Senior Information Protection Specialist at one of the nations largest retailers
"The first step in securing the Smart Grid is to fully understand the threat landscape. This book provides both a timely and relevant overview of the subject — a must-read for anyone responsible for securing the grid as well as consumers looking to implement the technology!."-- Dr. Patrick Engebretson, Assistant Professor of Computer Security, Dakota State University.
"Easy to read and full of valuable information, this book provides a wide-eyed view of our future and the security challenges we will be facing in our day-to-day lives. Exploring everything from home systems to large-scale power plants, this is a must-read for everyone in our technological society."-- Thomas Wilhelm, ISSMP, CISSP, SCSECA, SCNA, SCSA, IEM, IAM
"Overall, Securing the Smart Grid: Next Generation Power Grid Security provides an excellent overview of the state of smart grid technology and its related security, privacy and regulatory issues. The book provides an excellent introduction for anyone looking to understand what smart grid is all about and its security and privacy issues."--Ben Rothke, Slashdot