Thursday, 26 March 2009

Smart grid security scare

To put a damper on the promises of smart grid technology, which I've reported on frequently, US company IOActive, a specialist in smart grid security services, has said that it has found significant security issues in smart grid platforms. Although already in use by utilities in the US and around the world, the company says it could expose countries to attacks on power infrastructure. (Full details are in a press release here).

The company cites industry research that points to (and I quote) "vulnerabilities such as protocol tampering, buffer overflows, persistent, and non-persistent rootkits and code propagation". The net result could be loss of control of smart meter devices to third parties. The company goes on to say that if security is not addressed at the design and implementation stage it may prove cost prohibitive to address them once the devices are deployed.

The research is particularly addressed at the US and in a presentation to the Committee of Homeland Security and DHS on March 16, 2009, the President and CEO of IOActive stated: “The smart grid infrastructure promises to deliver significant benefits for many generations, but first we need to address its inherent security flaws. Based on our research and the ability to easily introduce serious threats, IOActive believes that the relative security immaturity of the smart grid and AMI (Advanced Metering Infrastructure) markets warrants the adoption of proven industry best practices including the requirement of independent third-party security assessments of all smart grid technologies that are being proposed for deployment in the Nation’s critical infrastructure. We are also recommending that the smart grid industry follow a proven formal Security Development Lifecycle, as exemplified by Microsoft’s Trustworthy Computing initiative of 2001, to guide and govern the future development of smart grid technologies.”

The Green IT Report offers a range of market research and consultancy services on the impact and opportunities that environmental issues represent for the ICT sector. Click
here for more details.

© The Green IT Review

No comments:

Post a Comment