SlideShare une entreprise Scribd logo
1  sur  28
Télécharger pour lire hors ligne
x CYBER SECURITY FOR THE SMART GRID All rights reserved: © 2010 Gavan Howe ebranders.com Gavan Howe,  PhD (in progress) President of ebranders
All rights reserved: © 2010 Gavan Howe ebranders.com FACT Source: Spoonamore & Krutz, 2009 What is the probability of hacking into the smart grid today?
x All rights reserved: © 2010 Gavan Howe ebranders.com 100%
All rights reserved: © 2010 Gavan Howe ebranders.com CHANGE •   Recognize that “ we don’t know   what we don’t know ” about many   unknowns of Smart Grid Security •   Recognize that the greatest   potential lies with your people •   Recognize it is the  Environment   you work in that is causing change
All rights reserved: © 2010 Gavan Howe ebranders.com “ The human factor is real”
FACT All rights reserved: © 2010 Gavan Howe ebranders.com Why is this so?   “ Risk taking in the smart grid domain is one of dynamic complexity”
•  ‘ In 2009 Energy and Oil industries experienced    an encounter rate 356% higher than   normal for data theft Trojans’. All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY •   On Dec 2009 Google, and Intel discovered a   breach in their network that led to the loss of   sensitive intellectual property for Google. Source: 2009 Annual Global Threat Report
•   In 2007 there were 37,000 cyber attacks in    the USA. That is 8 x the 2005 level! All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY •   Energy and Oil industries are at most risk,   4 x the average risk of all industries combined! Source: Christian Science Monitor, Jan 2010
•  ‘ It looks like a very secure network that not only the company but the consumer can count on’. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS BASED ON PHONE SURVEY OF “C” LEVEL EXECUTIVES •  ‘ One of those areas is the cyber security problem.   We readily admit that, “yes, there is a problem”   but we don’t really have a handle on it    –no one does’.
•  ‘ I think it has been far too traditionally organized’. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS •  ‘ They really are not looking at this thing holistically’.   •   Probably the problem is that too many things are   being discussed. It is too much. It is everything   to everybody’.
x What does Security look like in the Smart Grid? All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS •  ‘ Well, I think it’s not as stringent as cyber   security, but it’s got to be accurate… But, well,   really it’s typical of computer security’. •  “ it’s typical of computer security” or “It is nothing   more than supplying security best practices that   exist in other domains.”
•  ‘ I can’t… That is not my area of expertise. I know that it is something that… All of the vendors in the Smart Grid arena are going to require that the systems that we, ultimately, procure must meet all of the standards as they are developed. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS •  ‘ It is nothing more than supplying security best practices that exist in other domains’.
All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS •  ‘ It is an issue. Anytime you start to add more and more layers of access and visibility and communications and connectedness, you have to deal with security issues.   •  ‘ You need to have tools and systems that can track if somebody has changed the firmware, was it initiated by the company or was it externally initiated. So, basically, security is all about event logs.
All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS •  ‘ If you look from a security standpoint, you have to have some way to protect not only the operation of the utility but you also have to have some way to protect the privacy of the customers. •  ‘ We need time to investigate and make the right decisions on technologies because however you start a system is going to drive how that system looks in the end’.
All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS •  ‘ If you get started with the wrong concept, the wrong technology, your hands are going to be tied and you are not going to be able to really capitalize on the true benefits of the smart grid’. •  ‘ Well, if you had asked me six months ago, I would have told you that I had a pretty good idea; now that I have been working with our information services people for the past six months, I don’t know if I know.’
x Points of risk lying within the grid topology, its new devices, and systems. All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY
x All rights reserved: © 2010 Gavan Howe ebranders.com
x All rights reserved: © 2010 Gavan Howe ebranders.com
x All rights reserved: © 2010 Gavan Howe ebranders.com
x All rights reserved: © 2010 Gavan Howe ebranders.com
x All rights reserved: © 2010 Gavan Howe ebranders.com
x All rights reserved: © 2010 Gavan Howe ebranders.com The Human Factor is also called dynamic conservatism .  This manifests itself when staff ‘ignore the facts that influence or change the way the environment behaves, and will knowingly pursue activities to help  maintain  existing systems’. THE HUMAN FACTOR
x All rights reserved: © 2010 Gavan Howe ebranders.com
x D x E x U x V x F   >   R   = C   (change) All rights reserved: © 2010 Gavan Howe ebranders.com Translated into a formula for change to embrace smart gird security the last diagram looks like this: THE HUMAN FACTOR
x All rights reserved: © 2010 Gavan Howe ebranders.com THE HUMAN FACTOR Getting people to change is tough work, and it does work if you give them the tools, and the path to follow,  while leading the change.
x All rights reserved: © 2010 Gavan Howe ebranders.com RISK AND UNCERTAINTY As Frank Knight wrote in his dissertation of 1921,  Risk, Uncertainty and Profit: “ Uncertainty must be taken in a sense radically distinct from the notion of Risk from which it has never been properly separated.… It will appear that a measurable uncertainty, or ‘risk’ proper, is so far different from an immeasurable one, that it is not in effect an uncertainty at all.”
x Cyber Security for the Smart Grid will eventually happen. All rights reserved: © 2010 Gavan Howe ebranders.com Let’s make it happen now.
x END All rights reserved: © 2010 Gavan Howe ebranders.com Gavan Howe,  March 2010 President of ebranders

Contenu connexe

Tendances

Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - FinalTsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Finalsandhibhide
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesBulent Buyukkahraman
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoTMarian Marinov
 
FINAL PROJECT Dean Kay
FINAL PROJECT Dean Kay FINAL PROJECT Dean Kay
FINAL PROJECT Dean Kay Dean Kay
 
Oil and gas cyber security nov 2012
Oil and gas cyber security nov 2012Oil and gas cyber security nov 2012
Oil and gas cyber security nov 2012Dale Butler
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 

Tendances (19)

Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
 
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - FinalTsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network Security
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing Services
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoT
 
FINAL PROJECT Dean Kay
FINAL PROJECT Dean Kay FINAL PROJECT Dean Kay
FINAL PROJECT Dean Kay
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Oil and gas cyber security nov 2012
Oil and gas cyber security nov 2012Oil and gas cyber security nov 2012
Oil and gas cyber security nov 2012
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honey pots
Honey potsHoney pots
Honey pots
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
Sgcp14phillips
Sgcp14phillipsSgcp14phillips
Sgcp14phillips
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 

En vedette

Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...University of Southern California
 
Data Protection in Big Data world (EDW lighting talk)
Data Protection in Big Data world (EDW lighting talk)Data Protection in Big Data world (EDW lighting talk)
Data Protection in Big Data world (EDW lighting talk)Castlebridge Associates
 
Alliander robin hagemans daniel peyron
Alliander robin hagemans daniel peyronAlliander robin hagemans daniel peyron
Alliander robin hagemans daniel peyronBigDataExpo
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDSiva Sasthri
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Security challenges to power grid and smart grid infrastructures
Security challenges to power grid and smart grid infrastructuresSecurity challenges to power grid and smart grid infrastructures
Security challenges to power grid and smart grid infrastructuresP K Agarwal
 
Internet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An IcebergInternet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An IcebergDr. Mazlan Abbas
 
Introduction to IOT & Smart City
Introduction to IOT & Smart CityIntroduction to IOT & Smart City
Introduction to IOT & Smart CityDr. Mazlan Abbas
 
Finding Our Happy Place in the Internet of Things
Finding Our Happy Place in the Internet of ThingsFinding Our Happy Place in the Internet of Things
Finding Our Happy Place in the Internet of ThingsPamela Pavliscak
 
IT in Healthcare
IT in HealthcareIT in Healthcare
IT in HealthcareNetApp
 
[Infographic] How will Internet of Things (IoT) change the world as we know it?
[Infographic] How will Internet of Things (IoT) change the world as we know it?[Infographic] How will Internet of Things (IoT) change the world as we know it?
[Infographic] How will Internet of Things (IoT) change the world as we know it?InterQuest Group
 

En vedette (13)

Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
 
Data Protection in Big Data world (EDW lighting talk)
Data Protection in Big Data world (EDW lighting talk)Data Protection in Big Data world (EDW lighting talk)
Data Protection in Big Data world (EDW lighting talk)
 
Alliander robin hagemans daniel peyron
Alliander robin hagemans daniel peyronAlliander robin hagemans daniel peyron
Alliander robin hagemans daniel peyron
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRID
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Security challenges to power grid and smart grid infrastructures
Security challenges to power grid and smart grid infrastructuresSecurity challenges to power grid and smart grid infrastructures
Security challenges to power grid and smart grid infrastructures
 
Internet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An IcebergInternet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An Iceberg
 
Introduction to IOT & Smart City
Introduction to IOT & Smart CityIntroduction to IOT & Smart City
Introduction to IOT & Smart City
 
PPT - Powerful Presentation Techniques
PPT - Powerful Presentation TechniquesPPT - Powerful Presentation Techniques
PPT - Powerful Presentation Techniques
 
Paris ML meetup
Paris ML meetupParis ML meetup
Paris ML meetup
 
Finding Our Happy Place in the Internet of Things
Finding Our Happy Place in the Internet of ThingsFinding Our Happy Place in the Internet of Things
Finding Our Happy Place in the Internet of Things
 
IT in Healthcare
IT in HealthcareIT in Healthcare
IT in Healthcare
 
[Infographic] How will Internet of Things (IoT) change the world as we know it?
[Infographic] How will Internet of Things (IoT) change the world as we know it?[Infographic] How will Internet of Things (IoT) change the world as we know it?
[Infographic] How will Internet of Things (IoT) change the world as we know it?
 

Similaire à Howe Brand, smart security grid risks

Episode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSEpisode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSContrast Security
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration riskEdgevalue
 
The Security Of A Home Network
The Security Of A Home NetworkThe Security Of A Home Network
The Security Of A Home NetworkAlexis Naranjo
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecuritynathan-axonius
 
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...Dana Gardner
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!Frode Hommedal
 
Detection And Prevention System For Cloud Infrastructure
Detection And Prevention System For Cloud InfrastructureDetection And Prevention System For Cloud Infrastructure
Detection And Prevention System For Cloud InfrastructureMarilyn Marie
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network SecurityMelissa Dudas
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network SecurityDawn Robertson
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t  gartner iam summit uk 2015 - netiq - travis greeneA smarter, more secure io t  gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greenebmcmenemy
 

Similaire à Howe Brand, smart security grid risks (20)

Episode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSEpisode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNS
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
232 a7d01
232 a7d01232 a7d01
232 a7d01
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration risk
 
The Security Of A Home Network
The Security Of A Home NetworkThe Security Of A Home Network
The Security Of A Home Network
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecurity
 
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
 
Security
SecuritySecurity
Security
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!
 
Cloud security
Cloud securityCloud security
Cloud security
 
WeDo Technologies Blog 2014
WeDo Technologies Blog 2014WeDo Technologies Blog 2014
WeDo Technologies Blog 2014
 
Detection And Prevention System For Cloud Infrastructure
Detection And Prevention System For Cloud InfrastructureDetection And Prevention System For Cloud Infrastructure
Detection And Prevention System For Cloud Infrastructure
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 
Use Access Control Systems?
Use Access Control Systems?Use Access Control Systems?
Use Access Control Systems?
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Know
 
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t  gartner iam summit uk 2015 - netiq - travis greeneA smarter, more secure io t  gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
 

Dernier

Beyond Academics - Anibal Romero .pdf
Beyond Academics - Anibal Romero    .pdfBeyond Academics - Anibal Romero    .pdf
Beyond Academics - Anibal Romero .pdfroberttianibal
 
HVAC Replacement Process for Commercial Buildings Guide
HVAC Replacement Process for Commercial Buildings GuideHVAC Replacement Process for Commercial Buildings Guide
HVAC Replacement Process for Commercial Buildings Guideoutreachacdirect
 
Boys Wholesale Clothing Online | Port 213
Boys Wholesale Clothing Online | Port 213Boys Wholesale Clothing Online | Port 213
Boys Wholesale Clothing Online | Port 213Port 213
 
Oι πιο ευτυχισμένες και οι πιο δυστυχισμένες χώρες: Πρωτιά για τη Φινλανδία -...
Oι πιο ευτυχισμένες και οι πιο δυστυχισμένες χώρες: Πρωτιά για τη Φινλανδία -...Oι πιο ευτυχισμένες και οι πιο δυστυχισμένες χώρες: Πρωτιά για τη Φινλανδία -...
Oι πιο ευτυχισμένες και οι πιο δυστυχισμένες χώρες: Πρωτιά για τη Φινλανδία -...Newsroom8
 
The Heirloom Gown: A Tale of Love and Legacy
The Heirloom Gown: A Tale of Love and LegacyThe Heirloom Gown: A Tale of Love and Legacy
The Heirloom Gown: A Tale of Love and Legacyirumsohale
 
Secrets for A Happy Relationship & Marriage.
Secrets for A Happy Relationship & Marriage.Secrets for A Happy Relationship & Marriage.
Secrets for A Happy Relationship & Marriage.Surajkurrey
 
Alex Gurkin: Strategies for a Sustainable Tech Career
Alex Gurkin: Strategies for a Sustainable Tech CareerAlex Gurkin: Strategies for a Sustainable Tech Career
Alex Gurkin: Strategies for a Sustainable Tech CareerAlex Gurkin
 

Dernier (7)

Beyond Academics - Anibal Romero .pdf
Beyond Academics - Anibal Romero    .pdfBeyond Academics - Anibal Romero    .pdf
Beyond Academics - Anibal Romero .pdf
 
HVAC Replacement Process for Commercial Buildings Guide
HVAC Replacement Process for Commercial Buildings GuideHVAC Replacement Process for Commercial Buildings Guide
HVAC Replacement Process for Commercial Buildings Guide
 
Boys Wholesale Clothing Online | Port 213
Boys Wholesale Clothing Online | Port 213Boys Wholesale Clothing Online | Port 213
Boys Wholesale Clothing Online | Port 213
 
Oι πιο ευτυχισμένες και οι πιο δυστυχισμένες χώρες: Πρωτιά για τη Φινλανδία -...
Oι πιο ευτυχισμένες και οι πιο δυστυχισμένες χώρες: Πρωτιά για τη Φινλανδία -...Oι πιο ευτυχισμένες και οι πιο δυστυχισμένες χώρες: Πρωτιά για τη Φινλανδία -...
Oι πιο ευτυχισμένες και οι πιο δυστυχισμένες χώρες: Πρωτιά για τη Φινλανδία -...
 
The Heirloom Gown: A Tale of Love and Legacy
The Heirloom Gown: A Tale of Love and LegacyThe Heirloom Gown: A Tale of Love and Legacy
The Heirloom Gown: A Tale of Love and Legacy
 
Secrets for A Happy Relationship & Marriage.
Secrets for A Happy Relationship & Marriage.Secrets for A Happy Relationship & Marriage.
Secrets for A Happy Relationship & Marriage.
 
Alex Gurkin: Strategies for a Sustainable Tech Career
Alex Gurkin: Strategies for a Sustainable Tech CareerAlex Gurkin: Strategies for a Sustainable Tech Career
Alex Gurkin: Strategies for a Sustainable Tech Career
 

Howe Brand, smart security grid risks

  • 1. x CYBER SECURITY FOR THE SMART GRID All rights reserved: © 2010 Gavan Howe ebranders.com Gavan Howe, PhD (in progress) President of ebranders
  • 2. All rights reserved: © 2010 Gavan Howe ebranders.com FACT Source: Spoonamore & Krutz, 2009 What is the probability of hacking into the smart grid today?
  • 3. x All rights reserved: © 2010 Gavan Howe ebranders.com 100%
  • 4. All rights reserved: © 2010 Gavan Howe ebranders.com CHANGE • Recognize that “ we don’t know what we don’t know ” about many unknowns of Smart Grid Security • Recognize that the greatest potential lies with your people • Recognize it is the Environment you work in that is causing change
  • 5. All rights reserved: © 2010 Gavan Howe ebranders.com “ The human factor is real”
  • 6. FACT All rights reserved: © 2010 Gavan Howe ebranders.com Why is this so? “ Risk taking in the smart grid domain is one of dynamic complexity”
  • 7. • ‘ In 2009 Energy and Oil industries experienced an encounter rate 356% higher than normal for data theft Trojans’. All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY • On Dec 2009 Google, and Intel discovered a breach in their network that led to the loss of sensitive intellectual property for Google. Source: 2009 Annual Global Threat Report
  • 8. In 2007 there were 37,000 cyber attacks in the USA. That is 8 x the 2005 level! All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY • Energy and Oil industries are at most risk, 4 x the average risk of all industries combined! Source: Christian Science Monitor, Jan 2010
  • 9. • ‘ It looks like a very secure network that not only the company but the consumer can count on’. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS BASED ON PHONE SURVEY OF “C” LEVEL EXECUTIVES • ‘ One of those areas is the cyber security problem. We readily admit that, “yes, there is a problem” but we don’t really have a handle on it –no one does’.
  • 10. • ‘ I think it has been far too traditionally organized’. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ They really are not looking at this thing holistically’. • Probably the problem is that too many things are being discussed. It is too much. It is everything to everybody’.
  • 11. x What does Security look like in the Smart Grid? All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ Well, I think it’s not as stringent as cyber security, but it’s got to be accurate… But, well, really it’s typical of computer security’. • “ it’s typical of computer security” or “It is nothing more than supplying security best practices that exist in other domains.”
  • 12. • ‘ I can’t… That is not my area of expertise. I know that it is something that… All of the vendors in the Smart Grid arena are going to require that the systems that we, ultimately, procure must meet all of the standards as they are developed. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ It is nothing more than supplying security best practices that exist in other domains’.
  • 13. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ It is an issue. Anytime you start to add more and more layers of access and visibility and communications and connectedness, you have to deal with security issues. • ‘ You need to have tools and systems that can track if somebody has changed the firmware, was it initiated by the company or was it externally initiated. So, basically, security is all about event logs.
  • 14. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ If you look from a security standpoint, you have to have some way to protect not only the operation of the utility but you also have to have some way to protect the privacy of the customers. • ‘ We need time to investigate and make the right decisions on technologies because however you start a system is going to drive how that system looks in the end’.
  • 15. All rights reserved: © 2010 Gavan Howe ebranders.com RESEARCH FINDINGS • ‘ If you get started with the wrong concept, the wrong technology, your hands are going to be tied and you are not going to be able to really capitalize on the true benefits of the smart grid’. • ‘ Well, if you had asked me six months ago, I would have told you that I had a pretty good idea; now that I have been working with our information services people for the past six months, I don’t know if I know.’
  • 16. x Points of risk lying within the grid topology, its new devices, and systems. All rights reserved: © 2010 Gavan Howe ebranders.com SMART GRID SECURITY
  • 17. x All rights reserved: © 2010 Gavan Howe ebranders.com
  • 18. x All rights reserved: © 2010 Gavan Howe ebranders.com
  • 19. x All rights reserved: © 2010 Gavan Howe ebranders.com
  • 20. x All rights reserved: © 2010 Gavan Howe ebranders.com
  • 21. x All rights reserved: © 2010 Gavan Howe ebranders.com
  • 22. x All rights reserved: © 2010 Gavan Howe ebranders.com The Human Factor is also called dynamic conservatism . This manifests itself when staff ‘ignore the facts that influence or change the way the environment behaves, and will knowingly pursue activities to help maintain existing systems’. THE HUMAN FACTOR
  • 23. x All rights reserved: © 2010 Gavan Howe ebranders.com
  • 24. x D x E x U x V x F > R = C (change) All rights reserved: © 2010 Gavan Howe ebranders.com Translated into a formula for change to embrace smart gird security the last diagram looks like this: THE HUMAN FACTOR
  • 25. x All rights reserved: © 2010 Gavan Howe ebranders.com THE HUMAN FACTOR Getting people to change is tough work, and it does work if you give them the tools, and the path to follow, while leading the change.
  • 26. x All rights reserved: © 2010 Gavan Howe ebranders.com RISK AND UNCERTAINTY As Frank Knight wrote in his dissertation of 1921, Risk, Uncertainty and Profit: “ Uncertainty must be taken in a sense radically distinct from the notion of Risk from which it has never been properly separated.… It will appear that a measurable uncertainty, or ‘risk’ proper, is so far different from an immeasurable one, that it is not in effect an uncertainty at all.”
  • 27. x Cyber Security for the Smart Grid will eventually happen. All rights reserved: © 2010 Gavan Howe ebranders.com Let’s make it happen now.
  • 28. x END All rights reserved: © 2010 Gavan Howe ebranders.com Gavan Howe, March 2010 President of ebranders