A colleague of mine - Jack Walsh at ICSA Labs - shared some interesting thought leadership on smart grid security. He took a fresh look at Advanced Metering Infrastructure(AMI), which I thought my followers would be interested in reading – so I have shared it below. I look forward to your thoughts regarding smart gird security – and answering any related questions.
Are New Smart Grid Initiatives Secure?
Throughout the world, electric utilities are developing and implementing Smart Gridinitiatives. Here in the United States, the Advanced Metering Infrastructure(AMI), a subset of the Smart Grid, is already being rolled out in many areas. In northern California, for example, the utility PG&E has been rolling out smart meters to 9 million household customers.
Comprised of smart meters and other devices that are capable of two-way communication between utilities and our homes and offices, AMI devices allow consumers and utilities to regulate their electricity usage and even control load. My primary question is: shouldn’t the security of these components be carefully evaluated before being deployed? Will all this two-way communication compromise privacy or lead to a denial of service at the worst possible time either for one or many consumers?
Unless there are fully developed standards that specify what security functions should be evaluated in AMI components, AMI component security evaluations are going to vary widely in terms of breadth and depth of testing. Groups like the NIST Smart Grid Interoperability Paneland other organizations such as the OpenSG AMI-SEC Task Forceare poised to make strides in this area and ICSA Labs works with them whenever possible.
Having tested security products for more than 20 years, we at ICSA Labs believe we have a pretty good idea where to start when it comes to testing AMI components. With that in mind, my colleague, Darren Hartman, has written this short whitepaper, “Smart Grid: AMI Component Security,” describing the essential security mechanisms of AMI components that need to be evaluated to better verify that they have been implemented properly.
Do you Think Forward? We look forward to your thoughts and comments.
This blog was also posted on ICSA Labs.