Friday, September 10, 2010

"Smart Grids Don’t Present Any New Security Threats" (According To At Least One Man's Opinion)

I read an interesting interview on TMCnet this morning. It was an interview with Chris King, who is the Chief Strategy and Regulatory Officer at eMeter. One of the questions he was asked...well, let me just quote it directly:

Q: Don’t smart grids potentially present a major security threat?
A: Smart grids don’t present any new security threats. Utilities have controlled millions of customer-owned air conditioners, water heaters, and other devices for decades with no security breaches. In fact, the technologies being deployed today are more secure than ever.

Hmmm....

I would suggest that Chris King might consider taking a look at NISTIR 7628, Volume 3, Chapter 7.

Let me quote from that specific section:

7.1 Scope

...First, we have identified a number of evident and specific security problems in the Smart Grid that are amenable to and should have open and interoperable solutions but which are not obviously solved by existing standards, de facto standards, or best practices. This list includes only cyber security problems that have some specific relevance to or uniqueness in the Smart Grid. Thus we do not list general cyber security problems such as poor software engineering practices, key management, etc., unless these problems have some unique twist when considered in the context of the Smart Grid. We have continued to add to this list of problems as we came across problems not yet documented...

This chapter then continues on for a bit over 30 more pages (including references) to articulate the specific security issues identified in the Smart Grid (so far). You know, the ones that Chris King essentially says are not there.

Perhaps Chris King has not read NISTIR 7628, or he simply does not agree with more than 400 people who contributed to NISTIR 7628, let alone the plethora of "unofficial" discoveries made by security consultants worldwide. I would strongly suggest that he takes a good hard look at NISTIR 7628 (at least at Volume 3, Chapter 7) and then revisits his last statement.

I am sure he is a very smart person, and perhaps he was misquoted (that can happen). I would love it if he would comment on this.

No comments: