Security needs to change to protect utilities and the grid.
I have spent the last few days moderating and recording The Smart Grid Security Virtual Summit which will be webcast on August 9th. I highly recommend this summit. Speakers include a who’s who list of top industry experts who offer their opinions on how to correct the real issues related to securing the power grid. From what we have done to what we need to do, summit sessions are real eye openers disclosing problems and providing answers to critically needed smart grid and critical infrastructure security questions.
I moderated the panel discussion “Smart Grid Security, Past, Present and Future” which include industry professionals I have previously interviewed for Digital Communities. Bob Lockhart -- a senior research analyst contributing to Pike Research’s smart-grid practice with a focus on cyber security markets -- co-authored a white paper with Research Director Bob Gohn on the Seven Trends to Watch in Utility Cyber Security. From market projections for this new multi-billion dollar cyber security business to the current state of near chaos in securing the power grid, the discussion was packed with reality checks of where we are and where we need to be in securing the grid.
The panel discussion continued with outspoken industry leader Patrick Miller who views the need for cyber security from both the public- and private-sector sides. Miller is president and CEO, EnergySec and principal investigator of National Electric Sector Cybersecurity Organization (NESCO), a public-private partnership between the U.S. Department of Energy and EnergySec to enhance cybersecurity in the electric sector. Miller suggested less talk and more action in addressing security breach concerns and discussed a high-level view of power grid security.
Ending the panel discussion was Ted Wood , director at Sterne, Kessler, Goldstein & Fox. Wood's job is the discovery and protection of intellectual property in things like smart-grid security. From international cyber security espionage to plain old American ingenuity, Wood offered a unique view to the realities of cybersecurity. Wood leads the firm's Grid Industry Group, where he focuses on helping innovators involved with ensuring power grid resiliency in an evolving smart-grid infrastructure. His discussion focused on how small business ingenuity can protect intellectual property while fast tracking creative solutions through the bureaucracies of big business and big government.
I spoke in the second panel discussion, Is Current Legacy IPS And IDS Security Enough For The Smart Grid And Critical Infrastructure? My presentation focused on how current security solutions may be too costly, too complex and too inefficient for critical infrastructure requirements. From securing Intrusion Prevention Systems (IPS) that now must securely encrypt the new end point of nano sensors chip sets to Intrusion Detection Systems (IDS) that must now be able to view real time event anomalies and business processes, this discussion showed the need for security technology change. The subject of why we need to look at smart-grid security differently was first discussed in my recent article, Smart-Grid Security Will Force New Ways of Thinking. This presentation expanded on this article and discussed proof points of why new security solutions are required for smart grid and critical infrastructure security.
The second session speaker was Phil Smith, founder and president of TLC Secure who has had a long and illustrious career with senior technical and managerial roles at HP, Cisco, NASA, Lawrence Livermore National Lab and others. He is the innovator, architect and developer of several implementations of mobile devices as well as the cryptographic libraries and identity management components. Smith has worked with critical infrastructure encryption security used in wireless sensors in atomic power plants and Department of Defense applications. His time tested applications of Intrusion Prevention System (IPS) security showed how true end-to-end security can be achieved for the smart grid.
The last prerecorded panelist, Rajeev Bhargava, is CEO of Decison-Zone and an expert in the information management field that has architected, developed and built next-generation cyber security, risk, fraud and privacy solutions. In 2010, Rajeev Bhargava received a U.S. Patent for the world’s only technology capable of 100 percent fraud and system security protection. Bhargava discussed a completely new way of addressing Intrusion Detection System (IDS) security through the prediction, detection and correction of event anomalies in realtime business processes. This discussion revealed why current IDS solutions are not enough for smart grid system security.
Additional session discussions included:
1. Identifying and Mitigating Cyber and Physical Threats to Smart Grid SCADA Systems , William Lawrence, chief technologist; Energy & Cyber Security Lockheed Martin;
2. A Utility Perspective on Smart Grid Security Status and Challenges, Ward Pyles, senior security analyst, Southern Company;
3. Regulators' Role in Smart Grid Security: What They Want to Know, Alan Rivaldo, cyber security analyst, Public Utility Commission of Texas;
4. Recent TVA Experiences and Insight on Smart Grid Cyber Security,John Stewart, specialist engineer, Power Control Systems, Tennessee Valley Authority and
5. Security Issues Surrounding Cloud Computing and Big Data in the Smart Grid, William Souza, manager - Security Integration, Reliability Services Division, PJM Interconnection.
Click here for more information on the conference which will be web broadcast Thursday 9 a.m. to 5 p.m. EST.
Larry Karisny is the director of Project Safety.org, a smart-grid security consultant, writer and industry speaker focusing on security solutions for the smart grid and critical infrastructure.