Thursday, March 3, 2011

Smart Grid Security East, Day 2

Still getting caught up on e-mails after Smart Grid Security East.  I was hoping to update things from the conference site, but with moderating two panels and networking, I got behind the curve.

So not as much from the second day, but I'll update this as I get a chance to review the conference session videos.

Panel of Security Solutions Vendors
Interesting comments: Most threats are insiders. 
(I'm not sure about that, but clearly most successful attacks are insider.  One defence against both insider and outsider threats:  Before executing a command, the system needs to ask "Does the command make sense?")

Interesting to hear security vendors name the meter manufacturers they're working with. Who's not on the “we're secure” list?

You may have an interoperability standard, but without the ability to enforce interoperability, you don't have anything. It becomes interoperability in theory only.

At one point, commenting on how long the standards process takes (and it is admittedly a long painful process), Mike Ahmadi compared the standards process to the food service industry, noting that food service is all about “there are people here, make food now.”   

Based on that comparison, I'd say that the Smart Grid standards process is the Iron Chef of standards processes;
  • There's not enough time,
  • You don't know what you'll have to work with, and
  • When you're done, people who weren't involved in the process will judge the result.

A great comment from Annabelle Lee's keynote: "If you're not failing, you aren't doing R&D."

From the DOE, FERC, NERC Panel on the Energy Grid Risk Management Process
William J.Hunteman of DOE commented that the goal is the development of a 
risk management process, not a risk management “howto.”  He also commented on the need for a greater utility representation.

As I said, more later after I've had a chance to catch up on the video from parts I missed.

All in all, this was an outstanding conference, with the top people in the field discussing how they see the world of Smart Grid Security.  

We need more conferences like this.

No comments:

Post a Comment