Limited Offer
Securing the Smart Grid
Next Generation Power Grid Security
- 1st Edition - September 23, 2010
- Authors: Tony Flick, Justin Morehouse
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 5 7 0 - 7
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 5 7 1 - 4
Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteSecuring the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers.
The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.
- Details how old and new hacking techniques can be used against the grid and how to defend against them
- Discusses current security initiatives and how they fall short of what is needed
- Find out how hackers can use the new infrastructure against itself
Acknowledgments (Tony Flick)
Acknowledgments (Justin Morehouse)
About the Authors
About the Technical Editor
Introduction
Chapter 1 Smart Grid: What Is It?
A Brief History of Electrical Grids
What Is an Electric Grid?
Grid Topologies
Modernizing the Electric Grids
What Is Automatic Meter Reading (AMR)?
AMR Technologies
AMR Network Topologies
Future Infrastructure
Justifications for Smart Grids
What Is a Smart Grid?
Components
What Is AMI?
International Initiatives
Australia
Canada
China
Europe
Why Do We Need to Secure the Smart Grid?
Smart Grid versus Security
Mapping Smart Grid Goals to Security
Summary
Endnotes
Chapter 2 Threats and Impacts: Consumers
Consumer Threats
Naturally Occurring Threats
Weather and Other Natural Disasters
Individual and Organizational Threats
Smart Thieves and Stalkers
Hackers
Terrorism
Government
Utility Companies
Impacts on Consumers
Privacy
Impacts on Availability
Personal Availability
Mobility
Emergency Services
Financial Impacts
Likelihood of Attack
Summary
Endnotes
Chapter 3 Threats and Impacts: Utility Companies and Beyond
Confidentiality
Consumer Privacy
Proprietary Information
Integrity
Service Fraud
Sensor Data Manipulation
Availability
Consumer Targets
Organizational Targets
Vertical Targets
Market Manipulation
National Security Target
Summary
Endnotes
Chapter 4 Federal Effort to Secure Smart Grids
U.S. Federal Government
Energy and Independence Security Act of 2007
American Recovery and Reinvestment Act of 2009
DOE
Legacy Electric Grid Technologies
Current Smart Grid Technologies
Lack of Deployment Equals Lack of Risk
FERC
Mandatory Reliability Standards
Smart Grid Policy
NIST
NIST SP 1108
Smart Grid Cyber Security Strategy and Requirements
DHS NIPP
Sector-Specific Plans
Other Applicable Laws
The Identity Theft Enforcement and Restitution Act of 2008
Electronic Communications Privacy Act of 1986
Breach Notification Laws
Personal Information Protection and Electronic Documents Act
Sponsoring Security
Bureaucracy and Politics in Smart Grid Security
Summary
Endnotes
Chapter 5 State and Local Security Initiatives
State Government
State Laws
State Regulatory Bodies
National Association of Regulatory Utility Commissioners
Colorado PUC
PUC of Texas
Planning for the Future
State Courts
Colorado Court of Appeals
Implications
Promoting Security Education
Politics and the Smart Grid
Summary
Endnotes
Chapter 6 Public and Private Companies
Industry Plans for Self-Policing
NERC Critical Infrastructure Protection Standards
Compliance Versus Security
How Technology Vendors Can Fill the Gaps
How Utility Companies Can Fill the Gaps
Summary
Endnotes
Chapter 7 Attacking the Utility Companies
Motivation
Vulnerability Assessment versus Penetration Test
Other Aspects of a Security Assessment
Network Attacks
Methodologies
System Attacks
SCADA
Legacy Systems
Application Attacks
Life-Imitating Art
Attacking Utility Company Web Applications
Attacking Compiled Code Applications
Wireless Attacks
Wireless Clients
Wi-Fi
Bluetooth
Cellular
Social Engineering Attacks
Selecting Targets
Physical Attacks
Attacking with a Friend
Putting It All Together
Summary
Endnotes
Chapter 8 Securing the Utility Companies
Smart Grid Security Program
ISO/IEC 27000
Top 12 Technical Practices to Secure the Smart Grid
Threat Modeling
Segmentation
Default Deny Firewall Rules
Code and Command Signing
Honeypots
Encryption
Vulnerability Management
Penetration Testing
Source Code Review
Configuration Hardening
Strong Authentication
Logging and Monitoring
Summary
Endnotes
Chapter 9 Third-Party Services
Service Providers
Billing
Consumer Interfaces
Device Support
Attacking Consumers
Functionality Undermines Security
Microsoft Hohm and Google PowerMeter
Smart Devices Gone Wild
Attacking Service Providers
Securing Third-Party Access to the Smart Grid
Trust
Data Access
Network Access
Secure Transport
Assessing the Third Party
Securing the Third Party
Summary
Endnotes
Chapter 10 Mobile Applications and Devices
Why Mobile Applications?
Platforms
Trust
Trusting Strangers
Attacks
Why Attack the Handset?
SMS
Malicious Web Sites
Physical
Securing Mobile Devices
Traditional Security Controls
Secure Syncing
Disk Encryption
Screen Lock
Wiping the Device
Recovery
Forensics
Education
Secure Mobile Applications
Mobile Application Security Controls
Encryption
Summary
Endnotes
Chapter 11 Social Networking and the Smart Grid
The Smart Grid Gets Social
Social Networking Threats
Information Disclosure
Smart Grid Social Networking Security Checklist
Before You Begin
Basic Controls
Summary
Endnotes
Chapter 12 Attacking Smart Meters
Open Source Security Testing Methodology Manual (OSSTMM)
Information Security
Process Security Testing
Internet Technology Security Testing
Communication Security Testing
Wireless Security Testing
Physical Security Testing
NIST Special Publication 800-42: Guideline on Network Security Testing
Security Testing Techniques
Summary
Endnotes
Chapter 13 Attacking Smart Devices
Selecting a Target Smart Device
Attacking a Smart Device
Network Surveying
Port Scanning
Services Identification and System Identification
Vulnerability Research and Verification
Internet Application Testing
Password Cracking
Denial-of-Service Testing
Exploit Testing
Summary
Endnotes
Chapter 14 What’s Next?
Timeline
What Should Consumers Expect?
Smart Devices
Smart Meters
Home Area Network
Electric Vehicles
Personal Power Plant
Privacy
What Should Smart Grid Technology Vendors Expect?
What Should Utility Companies Expect?
Reducing Energy Demand to Reduce Costs and Security
Diagnosing Problems Faster
Beyond Electricity
Curiosity Attacks
What Should Security Professionals Expect and What Do They Predict?
Security versus Functionality
Security Devices
Visions of Gloom and Doom
Smart Grid Community
Conferences 2
Agencies and Groups
Blogs, News Web Sites, and RSS Feeds
Summary
Endnotes
Index
- No. of pages: 320
- Language: English
- Edition: 1
- Published: September 23, 2010
- Imprint: Syngress
- Paperback ISBN: 9781597495707
- eBook ISBN: 9781597495714
TF
Tony Flick
JM