Securing the Smart Grid - 1st Edition - ISBN: 9781597495707, 9781597495714

Securing the Smart Grid

1st Edition

Next Generation Power Grid Security

Authors: Tony Flick Justin Morehouse
Paperback ISBN: 9781597495707
eBook ISBN: 9781597495714
Imprint: Syngress
Published Date: 23rd September 2010
Page Count: 320
Tax/VAT will be calculated at check-out
49.95
30.99
38.95
Unavailable
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Description

Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers.

The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.

Key Features

  • Details how old and new hacking techniques can be used against the grid and how to defend against them
  • Discusses current security initiatives and how they fall short of what is needed
  • Find out how hackers can use the new infrastructure against itself
  • Readership

    Government and private security professionals involved in designing and assessing smart grid technology

    Table of Contents


    Acknowledgments (Tony Flick)

    Acknowledgments (Justin Morehouse)

    About the Authors

    About the Technical Editor

    Introduction

    Chapter 1 Smart Grid: What Is It?

    A Brief History of Electrical Grids

    What Is an Electric Grid?

    Grid Topologies

    Modernizing the Electric Grids

    What Is Automatic Meter Reading (AMR)?

    AMR Technologies

    AMR Network Topologies

    Future Infrastructure

    Justifications for Smart Grids

    What Is a Smart Grid?

    Components

    What Is AMI?

    International Initiatives

    Australia

    Canada

    China

    Europe

    Why Do We Need to Secure the Smart Grid?

    Smart Grid versus Security

    Mapping Smart Grid Goals to Security

    Summary

    Endnotes

    Chapter 2 Threats and Impacts: Consumers

    Consumer Threats

    Naturally Occurring Threats

    Weather and Other Natural Disasters

    Individual and Organizational Threats

    Smart Thieves and Stalkers

    Hackers

    Terrorism

    Government

    Utility Companies

    Impacts on Consumers

    Privacy

    Impacts on Availability

    Personal Availability

    Mobility

    Emergency Services

    Financial Impacts

    Likelihood of Attack

    Summary

    Endnotes

    Chapter 3 Threats and Impacts: Utility Companies and Beyond

    Confidentiality

    Consumer Privacy

    Proprietary Information

    Integrity

    Service Fraud

    Sensor Data Manipulation

    Availability

    Consumer Targets

    Organizational Targets

    Vertical Targets

    Market Manipulation

    National Security Target

    Summary

    Endnotes

    Chapter 4 Federal Effort to Secure Smart Grids

    U.S. Federal Government

    Energy and Independence Security Act of 2007

    American Recovery and Reinvestment Act of 2009

    DOE

    Legacy Electric Grid Technologies

    Current Smart Grid Technologies

    Lack of Deployment Equals Lack of Risk

    FERC

    Mandatory Reliability Standards

    Smart Grid Policy

    NIST

    NIST SP 1108

    Smart Grid Cyber Security Strategy and Requirements

    DHS NIPP

    Sector-Specific Plans

    Other Applicable Laws

    The Identity Theft Enforcement and Restitution Act of 2008

    Electronic Communications Privacy Act of 1986

    Breach Notification Laws

    Personal Information Protection and Electronic Documents Act

    Sponsoring Security

    Bureaucracy and Politics in Smart Grid Security

    Summary

    Endnotes

    Chapter 5 State and Local Security Initiatives

    State Government

    State Laws

    State Regulatory Bodies

    National Association of Regulatory Utility Commissioners

    Colorado PUC

    PUC of Texas

    Planning for the Future

    State Courts

    Colorado Court of Appeals

    Implications

    Promoting Security Education

    Politics and the Smart Grid

    Summary

    Endnotes

    Chapter 6 Public and Private Companies

    Industry Plans for Self-Policing

    NERC Critical Infrastructure Protection Standards

    Compliance Versus Security

    How Technology Vendors Can Fill the Gaps

    How Utility Companies Can Fill the Gaps

    Summary

    Endnotes

    Chapter 7 Attacking the Utility Companies

    Motivation

    Vulnerability Assessment versus Penetration Test

    Other Aspects of a Security Assessment

    Network Attacks

    Methodologies

    System Attacks

    SCADA

    Legacy Systems

    Application Attacks

    Life-Imitating Art

    Attacking Utility Company Web Applications

    Attacking Compiled Code Applications

    Wireless Attacks

    Wireless Clients

    Wi-Fi

    Bluetooth

    Cellular

    Social Engineering Attacks

    Selecting Targets

    Physical Attacks

    Attacking with a Friend

    Putting It All Together

    Summary

    Endnotes

    Chapter 8 Securing the Utility Companies

    Smart Grid Security Program

    ISO/IEC 27000

    Top 12 Technical Practices to Secure the Smart Grid

    Threat Modeling

    Segmentation

    Default Deny Firewall Rules

    Code and Command Signing

    Honeypots

    Encryption

    Vulnerability Management

    Penetration Testing

    Source Code Review

    Configuration Hardening

    Strong Authentication

    Logging and Monitoring

    Summary

    Endnotes

    Chapter 9 Third-Party Services

    Service Providers

    Billing

    Consumer Interfaces

    Device Support

    Attacking Consumers

    Functionality Undermines Security

    Microsoft Hohm and Google PowerMeter

    Smart Devices Gone Wild

    Attacking Service Providers

    Securing Third-Party Access to the Smart Grid

    Trust

    Data Access

    Network Access

    Secure Transport

    Assessing the Third Party

    Securing the Third Party

    Summary

    Endnotes

    Chapter 10 Mobile Applications and Devices

    Why Mobile Applications?

    Platforms

    Trust

    Trusting Strangers

    Attacks

    Why Attack the Handset?

    SMS

    E-mail

    Malicious Web Sites

    Physical

    Securing Mobile Devices

    Traditional Security Controls

    Secure Syncing

    Disk Encryption

    Screen Lock

    Wiping the Device

    Recovery

    Forensics

    Education

    Secure Mobile Applications

    Mobile Application Security Controls

    Encryption

    Summary

    Endnotes

    Chapter 11 Social Networking and the Smart Grid

    The Smart Grid Gets Social

    Twitter

    Facebook

    Social Networking Threats

    Information Disclosure

    Smart Grid Social Networking Security Checklist

    Before You Begin

    Basic Controls

    Summary

    Endnotes

    Chapter 12 Attacking Smart Meters

    Open Source Security Testing Methodology Manual (OSSTMM)

    Information Security

    Process Security Testing

    Internet Technology Security Testing

    Communication Security Testing

    Wireless Security Testing

    Physical Security Testing

    NIST Special Publication 800-42: Guideline on Network Security Testing

    Security Testing Techniques

    Summary

    Endnotes

    Chapter 13 Attacking Smart Devices

    Selecting a Target Smart Device

    Attacking a Smart Device

    Network Surveying

    Port Scanning

    Services Identification and System Identification

    Vulnerability Research and Verification

    Internet Application Testing

    Password Cracking

    Denial-of-Service Testing

    Exploit Testing

    Summary

    Endnotes

    Chapter 14 What’s Next?

    Timeline

    What Should Consumers Expect?

    Smart Devices

    Smart Meters

    Home Area Network

    Electric Vehicles

    Personal Power Plant

    Privacy

    What Should Smart Grid Technology Vendors Expect?

    What Should Utility Companies Expect?

    Reducing Energy Demand to Reduce Costs and Security

    Diagnosing Problems Faster

    Beyond Electricity

    Curiosity Attacks

    What Should Security Professionals Expect and What Do They Predict?

    Security versus Functionality

    Security Devices

    Visions of Gloom and Doom

    Smart Grid Community

    Conferences 2

    Agencies and Groups

    Blogs, News Web Sites, and RSS Feeds

    Summary

    Endnotes

    Index








    Details

    No. of pages:
    320
    Language:
    English
    Copyright:
    © Syngress 2011
    Published:
    Imprint:
    Syngress
    eBook ISBN:
    9781597495714
    Paperback ISBN:
    9781597495707

    About the Author

    Tony Flick

    Tony Flick has been working in the Information Security field for more than six years and is currently a Principal with FYRM Associates. Mr. Flick has assisted numerous organizations in achieving compliance with federal regulations and industry standards. His expertise includes risk management and compliance, assessments and audits, and research in emerging technologies. Mr. Flick has presented at Black Hat USA, DEFCON, and the OWASP Tampa local chapter on smart grid and application security concepts. Mr. Flick holds the CISSP certification. Additionally, Mr. Flick earned a Bachelors of Science in Computer Science and a Bachelors of Science in Mathematics.

    Affiliations and Expertise

    Prinicple, FYRM Associates, Inc., Tampa, FL, USA

    Justin Morehouse

    Justin Morehouse is an Information Security professional with over 10 years of experience assisting Fortune 100 companies and Federal Government Agencies mature their Information Security programs. Over the past six years Mr. Morehouse has focused on the areas of attack and penetration, performing nearly 200 Security Assessments utilizing both NIST SP800-42’s “Blue Teaming” and “Red Teaming” approaches. Mr. Morehouse is the OWASP Tampa chapter leader and presented at IEEE’s EntNet. Mr. Morehouse holds the following degrees and certifications: CISSP, CISM, MCSE, MSIA, and QSA (Former). He is currently an adjunct professor at DeVry University.

    Affiliations and Expertise

    Senior Information Protection Specialist at one of the nations largest retailers

    Reviews

    "The first step in securing the Smart Grid is to fully understand the threat landscape. This book provides both a timely and relevant overview of the subject — a must-read for anyone responsible for securing the grid as well as consumers looking to implement the technology!."-- Dr. Patrick Engebretson, Assistant Professor of Computer Security, Dakota State University.

    "Easy to read and full of valuable information, this book provides a wide-eyed view of our future and the security challenges we will be facing in our day-to-day lives. Exploring everything from home systems to large-scale power plants, this is a must-read for everyone in our technological society."-- Thomas Wilhelm, ISSMP, CISSP, SCSECA, SCNA, SCSA, IEM, IAM

    "Overall, Securing the Smart Grid: Next Generation Power Grid Security provides an excellent overview of the state of smart grid technology and its related security, privacy and regulatory issues. The book provides an excellent introduction for anyone looking to understand what smart grid is all about and its security and privacy issues."--Ben Rothke, Slashdot