Report Highlights Smart Grid Security Vulnerabilities

A cybersecurity coordination task force released a report this week that assesses various security and privacy requirements for the U.S. Smart Grid, as well as strategies needed to address them.

By Jaikumar Vijayan
Tue, September 29, 2009

Computerworld — A cybersecurity coordination task force released a report this week that assesses various security and privacy requirements for the U.S. Smart Grid , as well as strategies needed to address them.

Cybercriminals Can Shut Down U.S. Electrical Grid

The 256-page document was compiled by the task force, comprised of individuals from the government, industry, academia and regulatory bodies, and led by the National Institutes of Standards and Technology (NIST). Now open for comment, NIST will release a final version of the document in March 2010 describing a overall Smart Grid security architecture and security requirements.

The draft report highlights the need for planners to address threats that could potentially allow attackers to penetrate the smart grid, gain access to control software, and alter load conditions to cause widespread disruptions. Cybersecurity strategies for protecting the smart grid need to address not only deliberate attacks but also inadvertent compromises resulting from user errors, equipment failures and buggy software, the report said.

Released as part of the report was a Privacy Impact Analysis that examines some of the privacy implications of establishing a smart grid for power distribution.

A smart grid uses digital technology to transmit, distribute and deliver power to consumer in a more reliable and efficient manner than traditional electricity systems. A key component of the smart grid is the real-time, two-way communication it establishes between consumers and power distributors for tracking energy use and enabling smarter consumption and pricing. Current plans call for nearly 17 million two-way connected smart meters to be installed in U.S. homes over the next few years.

While proponents of a smart grid have touted its potential to improve the electricity system, others have expressed concern about their susceptibility to cyber attacks and inadvertent compromises. Many are concerned that the software, wireless sensor networks and the Advanced Metering Infrastructure (AMI) networks that go into a smart grid present too many points of vulnerability into the network.

In June, security consultancy IOActive Inc. disclosed how its researchers had tested Smart Grid components for security vulnerabilities and had discovered several that could allow attackers to access the network and cut off power. IOActive researchers showed how attackers could spread malware through the network and remotely shut down power to consumers by taking advantage of flaws in the metering devices.

The NIST report is an attempt to assess such threats . The vulnerabilities that are listed in the report were gathered from existing research and security documents including NIST's own guide to industrial control systems security and the Open Web Application Security Project (OWASP) vulnerabilities list.

1 2 next page »

More from CIO

You are here: Technology Topics » Security » News

Most Recent Security Stories

White Papers »

Top 8 Identity & Access Management Challenges with Your Saas Applications

This whitepaper presents the eight biggest identity and access management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them.

Everything You Need To Know About A DDoS Attack

DDoS attacks can bring large online businesses to a complete halt. Banks and eCommerce sites are two high profile sectors that have experienced large attacks recently.

Cloud Impacts and Outcomes for Business Leaders

Learn More

Wanted: A Trusted Provider for Public Cloud Services

Learn how Dell's cloud strategy, built on the highest level of VMware integration and security, is enabling enterprises to get out of the data center business by leveraging Dell as a trusted cloud service provider.

A Universal Log Management Solution

Digital fingerprints are generated by individuals as they use enterprise systems. Do you know where your vulnerabilities are? This white paper discusses the log management landscape and the solution that protects modern networks.

Big Security for Big Data

To meet security problems faced by organizations, a paradigm shift needs to occur. Businesses need the ability to secure, collect, and aggregate data into an intelligent format for real-time alerting and reporting. How do you get started?

Webcasts »

HIPAA Hiccup Solved

Data protection priorities rapidly changed after a patient data leak that caused one healthcare provider unexpected expenses, potential reputational risk and possible HIPAA non-compliance.

Dell Software

This overview of Dell SonicWALL next-generation firewalls showcases how you can increase network security by scanning every packet without any compromises in network performance.

Enhance Network Security with Dell SonicWALL Next-Generation Firewall

This 5-minute video demonstrates some of the key features of Dell SonicWALL. See how intuitive, real-time dashboards enable IT to enhance network security, manage network bandwidth and regain control into the visibility of applications.

The New Mobile Management: Getting A Grip on Complexity

As mobile devices of every description proliferate across the enterprise, the IT pro must ensure that mobile applications have the bandwidth and security they need to run effectively.

Customer Success Video (State of Michigan)

Learn how the State of Michigan is utilizing DeepSight security intelligence to protect critical infrastructure.

PGI Customer Success Video

Learn how PGI is using Symantec Managed Security Services to protect their systems, while allowing them to focus on running, and building, their business.