Smart grid cybersecurity: Worse than you think, says IT expert

Tools

Quick Take: Writing in Information Week, IT expert Bob Hinden warns that cyber threats to the smart grid "are far worse than generally believed." And this comes from one of the country's top IT minds. Hinden chairs the Internet Society Board of Trustees and also heads up the IPv6 working group at the Internet Engineering Task Force (IETF). Bullet summary below, or jump to the full article. - By Jesse Berst

 

·         There is a perception that cybersecurity threats against the grid will not happen right away. However, there were a number of sophisticated attacks last year.

 

·         41% of all incidents reported last year to the Department of Homeland Security were related to the energy industry (which includes the grid along with pipeline networks, drilling platforms, etc.).

 

·         A successful attack against the grid would affect far more people than an attack against a company.

 

·         Smart grids are thought of as isolated networks protected by firewalls and requiring a VPN for remote access, but that kind of perimeter security is not sufficient any more.

 

·         The USB stick (thumb drive) is a common attack vector.

 

·         Default passwords are also a problem for smart grid equipment, including equipment from RuggedCom, GarrettCom and Siemens.

 

·         The power industry should take lessons from enterprise IT, which implements multiple layers of security.

 

·         It should also replace older, more vulnerable computers (such as those still running Windows 95).

 

·         The power industry should lean on existing standards such as NERC-CIP; IEC 61850; and IEEE 1613.

 

You might also be interested in ...

DNP3 Secure Authentication - What's all the buzz about?

Calls rise to force utilities to improve security

Filed Under