There has been a lot of attention lately on the “smart grid” and the coming evolution of the US (and global) power grid into a more robust, information and data-centric environment. Much press has been generated around the security and insecurity of these changes.
Currently, NIST and various other concerned parties, are hard at work on formalizing the standards around this particular environment and the products that will eventually make up this public spectrum of life. In the MSI lab, we have researched and reviewed much of this data and would like to offer forth some general recommendations for both the consideration of the various standards bodies and the particular vendors developing products in this area. Here they are, in no particular order:
First, we would ask that you design your products and the underlying standards with industry standard best practices for information security in mind. The security practices for IT are well established, mature and offer a large amount of protection against common security issues. Please include them in your designs.
Next, we would offer the following bullet items for your consideration:
- Please take steps to minimize the attack surfaces of all products throughout the system to reduce the chances that attackers have to interact with the system components. Many of the products we have looked at offer far too wide and too many attack surfaces. This should definitely include reducing the attack surfaces available to system processes and thus, by implication, malware.
- Please ensure that your system includes the ability to update the components in a meaningful way. As the smart grid system evolves, security issues are bound to arise and being able to patch, upgrade and mitigate them where possible will be a powerful feature.
- Please implement end-to-end detective controls that include the ability to monitor the components for fraud, tampering, etc. Please include not just operational detective controls, but also logging, reporting and support for forensic hashing and other incident analysis capabilities.
- You MUST be prepared to implement these systems with strongly authenticated, role-based access controls. Implementations that rely solely on single factor authentication are not strong enough for banking applications, so they should not be considered strong enough for the power grid either.
- Please take every opportunity to prevent and restrict data leaks. Reducing the information available to the casual attacker does help prevent casual compromise. While these reductions might not prevent the determined, focused attacker, the exposure of these attack surfaces to the casual attacker is much more probable and thus should be controlled for in your security equation.
- When you implement encryption into your products and systems, please choose appropriate, strongly peer-reviewed encryption. Proprietary encryption is too large of a risk for the public infrastructure. Also, please ensure effective, yet low resource requirement key management. Complicated key managed approaches do not differentiate your product in a good way, nor do they usually enhance security in any meaningful way. Proper key management technologies and encryption exist, please use them.
- The same goes for protocols as encryption. We have standard protocols defined that are mature, stable, understood and effective. Please leverage these protocols and standards wherever possible and reduce or eliminate proprietary protocols. Again, the risk is just too large for the world to take a chance on unproven, non-peer reviewed math and algorithms.
- Please design these systems with defense in depth in mind. You must provide multiple controls for confidentiality, integrity and availability. Failure to do this at a meaningful level creates substantial risk for you, your clients and the public.
- Please ensure that your allow for rational processes for risk assessment, risk management and mitigation. If systems require high complexity or resources to perform these tasks, they simply are not likely to get done in the longer term of the smart grid when the shiny newness rubs off.
- Please apply the same care and attention to consumer privacy and protection as you do to managing waste, fraud and abuse. This helps you design more secure components and protects both you and the public in a myriad of ways.
- Please ensure that your product or system includes appropriate training materials, documentation and ongoing support for handling security and operational issues. Very little of the smart grid technology is likely to be “fire and forget” over the long haul. Please make sure your organization continues to create appropriate materials to educate and inform your users.
Largely, the rewards of the smart grid are incredible. Energy savings and reduced ecological impact are both key components of why the smart grid is in the public eye and is achieving so much momentum. However, like all change, the public is right to fear some facets. If done right, this will become the largest, most technological network ever created. Done wrong, it represents a significant risk for privacy, safety and national security. At MSI, we believe that the project can and will be done right! Thus, we want to contribute as much as possible to the right outcome.
Thanks for reading and please, take some time and educate yourself about the smart grid technologies. Your voice is very important and we all need to lend a hand and mind to the effort!