Wednesday, 6 May 2009

Smart grid industry should adopt Security Development Lifecycle: study


A study has highlighted that smart grid technology is susceptible to common security vulnerabilities such as protocol tampering, buffer overflows, persistent, and non-persistent rootkits, and code propagation.

These vulnerabilities, according to
IOActive, a provider of application and smart grid security services, could result in attacks to the smart grid platform, causing utilities to lose momentary system control of their advanced metering infrastructure (AMI) smart meter devices to unauthorised third parties. This would expose utility companies to possible fraud, extortion attempts, lawsuits or wide spread system interruption.

Joshua Pennell, president and CEO, IOActive, recommended that the smart grid industry should follow a proven formal Security Development Lifecycle, as exemplified by Microsoft’s Trustworthy Computing initiative of 2001, to guide and govern the future development of smart grid technologies.

IOActive, which verified significant security issues within multiple smart grid platforms, emphasised that if security is not addressed in the design and implementation of these emerging technologies, it may prove cost prohibitive to address them once the devices are fully deployed in the field.

In terms of deployments, it shared that over two million smart meters are being used currently in the US and it is estimated that the more than 73 participating utilities have ordered 17 million additional smart meter devices.

Related links:
Security, Utilities, Advanced Metering Infrastructure, Smart Meters

No comments: