Save up to 30% on Elsevier print and eBooks with free shipping. No promo code needed.
Save up to 30% on print and eBooks.
Securing the Smart Grid
Next Generation Power Grid Security
1st Edition - September 23, 2010
Authors: Tony Flick, Justin Morehouse
Language: English
Paperback ISBN:9781597495707
9 7 8 - 1 - 5 9 7 4 9 - 5 7 0 - 7
eBook ISBN:9781597495714
9 7 8 - 1 - 5 9 7 4 9 - 5 7 1 - 4
Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure…Read more
Purchase options
LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers.
The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.
Details how old and new hacking techniques can be used against the grid and how to defend against them
Discusses current security initiatives and how they fall short of what is needed
Find out how hackers can use the new infrastructure against itself
Government and private security professionals involved in designing and assessing smart grid technology
Acknowledgments (Tony Flick)
Acknowledgments (Justin Morehouse)
About the Authors
About the Technical Editor
Introduction
Chapter 1 Smart Grid: What Is It?
A Brief History of Electrical Grids
What Is an Electric Grid?
Grid Topologies
Modernizing the Electric Grids
What Is Automatic Meter Reading (AMR)?
AMR Technologies
AMR Network Topologies
Future Infrastructure
Justifications for Smart Grids
What Is a Smart Grid?
Components
What Is AMI?
International Initiatives
Australia
Canada
China
Europe
Why Do We Need to Secure the Smart Grid?
Smart Grid versus Security
Mapping Smart Grid Goals to Security
Summary
Endnotes
Chapter 2 Threats and Impacts: Consumers
Consumer Threats
Naturally Occurring Threats
Weather and Other Natural Disasters
Individual and Organizational Threats
Smart Thieves and Stalkers
Hackers
Terrorism
Government
Utility Companies
Impacts on Consumers
Privacy
Impacts on Availability
Personal Availability
Mobility
Emergency Services
Financial Impacts
Likelihood of Attack
Summary
Endnotes
Chapter 3 Threats and Impacts: Utility Companies and Beyond
Confidentiality
Consumer Privacy
Proprietary Information
Integrity
Service Fraud
Sensor Data Manipulation
Availability
Consumer Targets
Organizational Targets
Vertical Targets
Market Manipulation
National Security Target
Summary
Endnotes
Chapter 4 Federal Effort to Secure Smart Grids
U.S. Federal Government
Energy and Independence Security Act of 2007
American Recovery and Reinvestment Act of 2009
DOE
Legacy Electric Grid Technologies
Current Smart Grid Technologies
Lack of Deployment Equals Lack of Risk
FERC
Mandatory Reliability Standards
Smart Grid Policy
NIST
NIST SP 1108
Smart Grid Cyber Security Strategy and Requirements
DHS NIPP
Sector-Specific Plans
Other Applicable Laws
The Identity Theft Enforcement and Restitution Act of 2008
Electronic Communications Privacy Act of 1986
Breach Notification Laws
Personal Information Protection and Electronic Documents Act
Sponsoring Security
Bureaucracy and Politics in Smart Grid Security
Summary
Endnotes
Chapter 5 State and Local Security Initiatives
State Government
State Laws
State Regulatory Bodies
National Association of Regulatory Utility Commissioners
Colorado PUC
PUC of Texas
Planning for the Future
State Courts
Colorado Court of Appeals
Implications
Promoting Security Education
Politics and the Smart Grid
Summary
Endnotes
Chapter 6 Public and Private Companies
Industry Plans for Self-Policing
NERC Critical Infrastructure Protection Standards
Compliance Versus Security
How Technology Vendors Can Fill the Gaps
How Utility Companies Can Fill the Gaps
Summary
Endnotes
Chapter 7 Attacking the Utility Companies
Motivation
Vulnerability Assessment versus Penetration Test
Other Aspects of a Security Assessment
Network Attacks
Methodologies
System Attacks
SCADA
Legacy Systems
Application Attacks
Life-Imitating Art
Attacking Utility Company Web Applications
Attacking Compiled Code Applications
Wireless Attacks
Wireless Clients
Wi-Fi
Bluetooth
Cellular
Social Engineering Attacks
Selecting Targets
Physical Attacks
Attacking with a Friend
Putting It All Together
Summary
Endnotes
Chapter 8 Securing the Utility Companies
Smart Grid Security Program
ISO/IEC 27000
Top 12 Technical Practices to Secure the Smart Grid
Threat Modeling
Segmentation
Default Deny Firewall Rules
Code and Command Signing
Honeypots
Encryption
Vulnerability Management
Penetration Testing
Source Code Review
Configuration Hardening
Strong Authentication
Logging and Monitoring
Summary
Endnotes
Chapter 9 Third-Party Services
Service Providers
Billing
Consumer Interfaces
Device Support
Attacking Consumers
Functionality Undermines Security
Microsoft Hohm and Google PowerMeter
Smart Devices Gone Wild
Attacking Service Providers
Securing Third-Party Access to the Smart Grid
Trust
Data Access
Network Access
Secure Transport
Assessing the Third Party
Securing the Third Party
Summary
Endnotes
Chapter 10 Mobile Applications and Devices
Why Mobile Applications?
Platforms
Trust
Trusting Strangers
Attacks
Why Attack the Handset?
SMS
E-mail
Malicious Web Sites
Physical
Securing Mobile Devices
Traditional Security Controls
Secure Syncing
Disk Encryption
Screen Lock
Wiping the Device
Recovery
Forensics
Education
Secure Mobile Applications
Mobile Application Security Controls
Encryption
Summary
Endnotes
Chapter 11 Social Networking and the Smart Grid
The Smart Grid Gets Social
Twitter
Facebook
Social Networking Threats
Information Disclosure
Smart Grid Social Networking Security Checklist
Before You Begin
Basic Controls
Summary
Endnotes
Chapter 12 Attacking Smart Meters
Open Source Security Testing Methodology Manual (OSSTMM)
Information Security
Process Security Testing
Internet Technology Security Testing
Communication Security Testing
Wireless Security Testing
Physical Security Testing
NIST Special Publication 800-42: Guideline on Network Security Testing
Security Testing Techniques
Summary
Endnotes
Chapter 13 Attacking Smart Devices
Selecting a Target Smart Device
Attacking a Smart Device
Network Surveying
Port Scanning
Services Identification and System Identification
Vulnerability Research and Verification
Internet Application Testing
Password Cracking
Denial-of-Service Testing
Exploit Testing
Summary
Endnotes
Chapter 14 What’s Next?
Timeline
What Should Consumers Expect?
Smart Devices
Smart Meters
Home Area Network
Electric Vehicles
Personal Power Plant
Privacy
What Should Smart Grid Technology Vendors Expect?
What Should Utility Companies Expect?
Reducing Energy Demand to Reduce Costs and Security
Diagnosing Problems Faster
Beyond Electricity
Curiosity Attacks
What Should Security Professionals Expect and What Do They Predict?
Security versus Functionality
Security Devices
Visions of Gloom and Doom
Smart Grid Community
Conferences 2
Agencies and Groups
Blogs, News Web Sites, and RSS Feeds
Summary
Endnotes
Index
No. of pages: 320
Language: English
Edition: 1
Published: September 23, 2010
Imprint: Syngress
Paperback ISBN: 9781597495707
eBook ISBN: 9781597495714
TF
Tony Flick
Tony Flick has been working in the Information Security field for more than six years and is currently a Principal with FYRM Associates. Mr. Flick has assisted numerous organizations in achieving compliance with federal regulations and industry standards. His expertise includes risk management and compliance, assessments and audits, and research in emerging technologies. Mr. Flick has presented at Black Hat USA, DEFCON, and the OWASP Tampa local chapter on smart grid and application security concepts. Mr. Flick holds the CISSP certification. Additionally, Mr. Flick earned a Bachelors of Science in Computer Science and a Bachelors of Science in Mathematics.
Affiliations and expertise
Prinicple, FYRM Associates, Inc., Tampa, FL, USA
JM
Justin Morehouse
Justin Morehouse is an Information Security professional with over 10 years of experience assisting Fortune 100 companies and Federal Government Agencies mature their Information Security programs. Over the past six years Mr. Morehouse has focused on the areas of attack and penetration, performing nearly 200 Security Assessments utilizing both NIST SP800-42’s “Blue Teaming” and “Red Teaming” approaches. Mr. Morehouse is the OWASP Tampa chapter leader and presented at IEEE’s EntNet. Mr. Morehouse holds the following degrees and certifications: CISSP, CISM, MCSE, MSIA, and QSA (Former). He is currently an adjunct professor at DeVry University.
Affiliations and expertise
Senior Information Protection Specialist at one of the nations largest retailers