RSA Conference 2012: Swapping info on the smart grid

Share this article:

Leaders in standards and policy say there is a lack of attention being paid the security implications of the smart grid.

Most utilities are developing smart grid technology, such as smart meters, which can be connected to appliances and enable two-way communication between homes and power companies.

But this presents challenges to owners and operators who are seemingly being left in the dark as far as threat intelligence is concerned, said a panel speaking Wednesday at the RSA Conference in San Francisco.

"We're going to see attacks on grids sponsored by nation-states at a minimum when conflicts get serious," said Stewart Baker, distinguished visiting fellow at policy research group the Center for Strategic and International Studies. "Without security there are real problems posed on smart grids…that will allow much more fine-tuned attacks."

An assault on the U.S. power grid has become a concern for the National Security Agency (NSA), yet the department provides little actionable intelligence to the private sector, according to the panel.

"If we really cared about the private sector, we would be bending over backward to see that they have everything they need," said Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council, a security think tank. "If they have to have what the NSA has, then we should do everything we can to declassify what they have."

Some believe it may be the U.S. Department of Homeland Security that has the best chance to invoke change.

"Bringing the government together with the owners and operators would allow them to collaborate and identify what risks there are," said Kevin Gronberg, senior counsel to the U.S. House Committee on Homeland Security. "There are so many different committees on Capitol Hill that feel they have a jurisdiction on the issue. We think it's important that the DHS has the appropriate roles and responsibilities to perform the cyber security mission. We would like to clarify our roles in the team sport that is security."

Government regulation may be a long ways away, but a collaborative effort between various organizations and the private sector can be seen as an immediate solution, panel members said. Enterprises need to be educated with data, and the government is currently working on identifying and sharing important pieces of the security puzzle to tackle the issues with the industry in a holistic view.

"Government has a role, but we have to be measured and rational with our use of funding and authority," Gronberg said. "We also have to make sure that we appropriately leverage the expertise that the government brings to the table."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.