News flash! A reasonably balanced article on grid security

1

By Andy Bochman

First of all, kudos to Discovery News writer Eric Niiler for penning a relatively fair and balanced piece this week on smart grid security, with a decent, non-alarmist headline to boot. He quotes me a fair amount –   but enough about me; it's two of the other quotes I'd like to address.

First, here's one I don't like, attributed to a large and otherwise highly reputable security firm:

One of the more startling results of our research is the discovery of the constant probing and assault faced by these crucial utility networks. Some electric companies report thousands of probes every month ...

As you know I'm not a big fan of using words like startling in this context, especially in describing phenomena that are not at all surprising, let along startling. Of course utilities' networks are being probed. And it's a good sign they've got the systems and processes in place to be aware of it.

Go ahead and plug a new PC in and turn on its WiFi radio. Within minutes, if not seconds, even with good security controls enabled, that machine is going to come under some serious scrutiny. It's a fact of life these days. Bothersome? Yes. Annoying? Definitely. Startling? Not in the least. Get real, above-mentioned report writer for large and otherwise highly reputable security firm.

This one I like better. It's a straightforward statement from a straightforward person:

What we are doing is laying a new digital infrastructure over the very reliable and sturdy bulk power system. This digital infrastructure provides a lot of new attack vectors into the electrical system that didn't previously exist.

That's NERC CSO Mark Weatherford speaking, and as you can see, he balances the comment about new attack vectors by reminding the journalist (and thereby, the readers of this piece), that underpinning all the new Smart Grid stuff is a very robust legacy system. A system that's delivered increasing volumes of reliable power to hundreds of millions of customers for a long, long time.

Overall, pretty good work, especially when so much of the popular press delivers, on a daily basis, heaping helpings of unmitigated FUD. You can read the whole piece HERE.

Andy Bochman is author of the Smart Grid Security Blog and an Energy Security Lead for IBM's Rational division, where the focus is on securing the software that runs the smart grid. Andy is a contributor to industry and national security working groups on energy security and cyber security. He lives in Boston, is an active member of the MIT Energy Club, and is the founder of the Smart Grid Security and DOD Energy Blogs.

You might also be interested in ...

Smart grid security: Attacking trends

The best talk ever given on NERC CIPs and grid security ... period