Security a must for smart grid

Tuesday, May 25, 2010 @ 04:05 PM gHale


By Gregory Hale
The smart grid is coming, there is no stopping it, but the designers had better think about security or else there could be issues, Vint Cerf, vice president of Google and one of the fathers of the Internet, said Monday night at ConnectivityWeek in Santa Clara, Calif.
“We have to be cautious,” he said. If we are expecting our society to rely on this, it had better be pretty robust. There is still a lot to be done.”
Being robust is key because as Cerf said they have to worry about any kind of compromise that has a long term affect on a large area of the smart grid.
“We have to assume there are bad guys out there trying to do something to the system,” he said. On top of that, “we have operating systems that don’t defend themselves very well.”
One area were the Internet failed, Cerf said, was with authentication.
“One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid,” Cerf said. “We did not do that with the Internet.”
The smart grid can build in strong authentication techniques such as use of digital signatures. Getting such approaches widely adopted on the existing Internet will be a harder job, he said.
Some of the security problems facing the smart grid, much like any company are:
• Spam
• Viruses/worms/trojans, which infect websites, thumb drives and CD-ROMs and DVDs
• DOS and DDOS attacks
• Social engineering
• Poor passwords
• Phishing, pharming (DNS compromise)
• IP address poaching
• Spectacular human error
In addition, the origins of weak security, Cerf said, come from weak operating systems; naïve browsers, which run with too much privilege; poor access control practices; improper configuration of hosts and clients; compromised lap/desktops and servers; BOTNETS, and hackers including those from organized crime and state-sponsored cyberwarfare.
At the end of the day, not enough people are paying attention to ensuring security for the smart grid, Cerf said. “We are responsible to make sure these problems get the attention and then get addressed.”



Leave a Reply

You must be logged in to post a comment.