This document discusses United States smart meter deployments and how HP Enterprise Security partners with two of the top three utilities that have installed the most smart meters. It notes that a small Florida utility saw a 73,000% increase in data collection after implementing smart meters. The presentation emphasizes embracing constraints to drive innovation and using tools effectively to turn data into useful information for security operations centers that monitor smart meter networks. HP's security tools are highlighted for their ability to correlate smart meter events and integrate with utility systems to reduce costs through more efficient technician dispatch.
2. 2
United States Smart Meter Deployments
History
Source: Utility-Scale Smart Meter Deployments - Innovation
Electricity Efficiency Institute of the Edison Foundation - 2013
3. 3
Of the 46M Smart Meters currently deployed in
the US...
...three utilities are responsible for nearly a
third of installed meters.
HP Enterprise Security is a key partner to
2 of these top 3 utilities.
4. 4
Planned Projects Through 2015
US Smart Meter Implementation Map
Source: Utility-Scale Smart Meter Deployments - Innovation Electricity
Efficiency Institute of the Edison Foundation - 2013
6. 6
The Data Deluge
A small municipal electric utility in Lakeland,
Florida went from collecting 122,000 data
points per month prior to their Smart Meter
implementation to 90 Million data points per
month following implementation…
...a 73,000% increase!
7. 7
“We're entering a new world
in which data may be more
important than software.”
Tim O’Reilly
10. 10
“I think frugality drives
innovation, just like other
constraints do. One of the
only ways to get out of a tight
box is to invent your way
out.”
Jeff Bezos
16. 16
Case Study
HP technology is currently used to run a Security
Operations Center (SOC) for a very large smart meter
implementation.
Correlating and tracking events around:
• Power outage event correlation
• Meter failures and tampering
Allowing event-driven integration with internal systems
to reduce technician dispatch
17. 17
Using the tools effectively
All of this is accomplished with ArcSight:
• HP ArcSight Connector Appliance
• HP ArcSight Logger
• HP ArcSight Enterprise Security
Management (ESM)
Hello, I’m XX of Enterprise Security Services—
Like most people who work in security, my role has changed a lot over the last few years. Not too long ago, it was all about firewalls and passwords—keeping everyone out. But you and I both know it’s not that simple anymore. Security is now a complex and expanding challenge at your enterprise. In fact, it’s a challenge at every enterprise worldwide.
My message today is that you must evolve your approach to information security if you want to keep pace with a changing market and constantly growing technology. And, really, it’s not optional.
So what are the big concerns? If you’re like most of our clients, the challenges fall into three major areas, all of which are hitting the enterprise at once.
First, the criminals are better than us. They’re smart. And they’re a step ahead.
Security threats can be external or internal in nature or they can represent malicious or unintentional actions. But more and more, they are a result of cybercriminals that have created an adversary market place that has become more specialized, more efficient, and more lucrative.
Second, regulatory pressures are intense.
Conflicting regulatory drivers, sovereignty challenges and industry specific issues add up to increasingly complex regulatory issues. You have to deal with compliance regulations, privacy rules and data protection. And you must find ways to implement governance, risk and compliance frameworks across their extended enterprise of partners, suppliers and customers.
Third, The New Style of IT means new models to protect.
Innovations like cloud, bring-your-own-device, and mobility are part of an enterprise’s infrastructure transformation and can drive innovation and growth. But these new models make it harder for your security team to proactively manage an information security and risk strategy because you’re constantly changing the internal security AND reacting to new threats that an open and interactive enterprise can bring.
Let’s start with disrupting your adversaries.
In our business, you hear a lot of about internal processes and policies. And, in fact, the standardization of security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary—the cyber-criminals creating new threats every day No framework discussed in committee will be able to evolve as fast as the market, especially the black market. We need to build our response in a way that disrupts the adversary at every step of their process.
The adversary’s ecosystem is very sophisticated. It starts with building profiles on executives like you—your LinkedIn bio, Facebook posts, the places you’ve been, and things you like to do. It makes the victim an easy “phishing” target because the profiler know things about him or her that not many people should know. They sell the profiles to hackers.
These hackers then breach the company. They might have used a phishing attack and installed malware to break into the network and use your credentials. They may build their own toolkits. They can sell these access points to the highest bidder, who then spends days or weeks figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create a map and sell it to the next person.
Eventually the criminals are able to access critical databases and change the account profile, including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party. And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.
My point is that cyber security too often focuses on the specific state-sponsored group, “hacktivist” or cyber criminal. We need to focus on the full black market in which these actors participate. There are market processes for breach, enabling disparate parties to collaborate. As actors specialize in this marketplace, based on skill sets, innovation is extraordinary. This criminal ecosystem is much more efficient at creating, sharing and acting on the security intelligence than the ecosystem that exists to defend our clients.
Instead, we need to build capabilities and think about solutions that disrupt that chain at multiple points.
In the discovery and capture stages, you need the ability to process large data sets in real time and at scale. You have to monitor the data that you have in your organization and be able to know when something unusual is happening. For instance, if it looks like a verified employee starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off.
Now, what these criminals are looking for is your critical data like intellectual property and customer information. You should know when it is being moved, accessed inappropriately, or sent outside the organization in an email, posted on a Facebook account, or stored on cloud storage. Information can be correlated from all over the enterprise and from data outside the enterprise as well. Cybercriminals are monitoring the black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders.
Let’s start with disrupting your adversaries.
In our business, you hear a lot of about internal processes and policies. And, in fact, the standardization of security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary—the cyber-criminals creating new threats every day No framework discussed in committee will be able to evolve as fast as the market, especially the black market. We need to build our response in a way that disrupts the adversary at every step of their process.
The adversary’s ecosystem is very sophisticated. It starts with building profiles on executives like you—your LinkedIn bio, Facebook posts, the places you’ve been, and things you like to do. It makes the victim an easy “phishing” target because the profiler know things about him or her that not many people should know. They sell the profiles to hackers.
These hackers then breach the company. They might have used a phishing attack and installed malware to break into the network and use your credentials. They may build their own toolkits. They can sell these access points to the highest bidder, who then spends days or weeks figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create a map and sell it to the next person.
Eventually the criminals are able to access critical databases and change the account profile, including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party. And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.