Not So Smart Grid?

Tuesday, July 14, 2009

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

According to a security researcher, the so-called Smart Grid technology being rolled out accross the country as part of the stimulus bill, may be vulnerable to numerous attacks.

According to the researcher, many of the commands that allow the power company to interact with the smart-meters at the user's house (for example) do not require authentication, have no encryption and are ripe for attack.

The full article can be found here

Possibly Related Articles:
8049
Network->General
Federal Hardware
Encryption Hacks
Post Rating I Like this!
Default-avatar
Christine Wanta Efforts to secure an environment competes with efforts to streamline profitability, improve efficiency and reduce costs.

New technology solutions often come with unknown security challenges and therefore require real world testing after internal testing to identify security issues.

Existing infrastructure solutions often come with scope issues, poorly and/or broadly worded compliance and regulations, a lack of competent security and other SMEs inside the industry, etc.

I am not defending the problem.

But like most environments, to ensure and encourage security requires that we encourage testing throughout the process, expect failure as an opportunity, etc.
1254764360
Default-avatar
Phil Lambert Being an optimist, the power companies appear to get it. At least a couple of them anyway, they did go ask the right questions which is a positive sign. It appears the answers to those questions though may not be inline with the political direction, so a prudent business decision is to ignore the answer, qualify for the free money, and initiate deployment. The old roll it out and we will fix it later.
1256360551
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.