Howe Brand, smart security grid risks

x

All rights reserved: © 2010 Gavan Howeebranders.com

Gavan Howe, PhD (in progress)President of ebranders

CYBER SECURITYFOR THE SMART GRID


FACT

Source: Spoonamore & Krutz, 2009

What is the probability of

hacking into the smart grid

today?

x


100%100%


CHANGE

• Recognize that “we don’t know

what we don’t know” about many

unknowns of Smart Grid Security

• Recognize that the greatest

potential lies with your people

• Recognize it is the Environment

you work in that is causing change


“The human factor is real”

FACT


Why is this so?

“Risk taking in the smart grid

domain is one of dynamic

complexity”

• ‘In 2009 Energy and Oil industries experienced

an encounter rate 356% higher than

normal for data theft Trojans’.


SMART GRID SECURITY

• On Dec 2009 Google, and Intel discovered a

breach in their network that led to the loss of

sensitive intellectual property for Google.

Source: 2009 Annual Global Threat Report

• In 2007 there were 37,000 cyber attacks in

the USA. That is 8 x the 2005 level!


SMART GRID SECURITY

• Energy and Oil industries are at most risk,

4 x the average risk of all industries combined!

Source: Christian Science Monitor, Jan 2010

• ‘It looks like a very secure network that not only

the company but the consumer can count on’.


RESEARCH FINDINGS BASED ON PHONE SURVEY OF “C” LEVEL EXECUTIVES

• ‘One of those areas is the cyber security problem. We readily admit that,“yes, there is a problem” but we don’t really have a handle on it –no one does’.

• ‘I think it has been far too traditionally organized’.


RESEARCH FINDINGS

• ‘They really are not looking at this thing holistically’.

• Probably the problem is that too many things are being discussed. It is too much. It is everything to everybody’.

x


What does Security look like in theSmart Grid?

RESEARCH FINDINGS

• ‘Well, I think it’s not as stringent as cyber security, but it’s got to be accurate… But, well, really it’s typical of computer security’.

• “it’s typical of computer security” or “It is nothing more than supplying security best practices that exist in other domains.”

• ‘I can’t… That is not my area of expertise. I know that it is something that… All of the vendors in the Smart Grid arena are going to require that the systems that we, ultimately, procure must meet all of the standards as they are developed.


RESEARCH FINDINGS

• ‘It is nothing more than supplying security bestpractices that exist in other domains’.


RESEARCH FINDINGS

• ‘It is an issue. Anytime you start to add more and more layers of access and visibility and communications and connectedness, you have to deal with security issues.

• ‘You need to have tools and systems that can track if somebody has changed the firmware, was it initiated by the company or was it externally initiated. So, basically, security is all about event logs.


RESEARCH FINDINGS

• ‘If you look from a security standpoint, you have to have some way to protect not only the operation of the utility but you also have to have some way to protect the privacy of the customers.

• ‘We need time to investigate and make the right decisions on technologies because however you start a system is going to drive how that system looks in the end’.


RESEARCH FINDINGS

• ‘If you get started with the wrong concept, the wrong technology, your hands are going to be tied and you are not going to be able to really capitalize on the true benefits of the smart grid’.

• ‘Well, if you had asked me six months ago, I would have told you that I had a pretty good idea; now that I have been working with our information services people for the past six months, I don’t know if I know.’

x


Points of risk lying within the grid topology, its new devices, and systems.

SMART GRID SECURITY

x


x


x


x


x


x


The Human Factor is also calleddynamic conservatism.

This manifests itself when staff ‘ignore the facts that influence or change the way the environment behaves, and will knowingly pursue activities to

help maintain existing systems’.

THE HUMAN FACTOR

x


x


Translated into a formula for change to embrace smart gird security

the last diagram looks like this:

THE HUMAN FACTOR

D x E x U x V x F > R = C (change)

x


THE HUMAN FACTOR

Getting people to change is tough work, and it does work if you give them the tools, and the path to

follow, while leading the change.

x


RISK AND UNCERTAINTY

As Frank Knight wrote in his dissertation of 1921, Risk, Uncertainty and Profit:

“Uncertainty must be taken in a sense radically distinct from the notion of Risk from which it has never been properly separated.… It will appear that a measurable uncertainty, or ‘risk’ proper, is so far different from an immeasurable one, that it is not in effect an uncertainty at all.”

x


Cyber Security for the Smart Grid will eventually happen.

Let’s make it happen now.

x


Gavan Howe, March 2010President of ebranders

END

Howe Brand, smart security grid risks

Lifestyle

comthe human

comsmart grid

xall rights

smart grid

human factor

rights reserved

comresearch

supplying