Smart grid cyber security in 2011: Untenable meets intractable
In the presentation below, you can listen to Andy Bochman, the Energy Security Lead at IBM, looking back and looking forward on smart grid cyber security.
Andy takes a look at the most important events that have shaped 2010, such as Stuxnet and WikiLeaks before getting deeper into details about the smart grid. Among many other things, he talks about security approaches:
- Security through regulation
- NERC CIP +
- SP 800-53 +
- NISTIR 7628.
He also illustrates evolving practices and policies:
- Input and output validation
- Authorization vulnerability
- Password and password mgt
- Error handling, cyrpto, logging and auditing, etc.
Andy also discusses three basic questions, posed earlier this year by IBM colleague Jack Danahy:
- Why are you doing this?
- What are you trying to secure?
- What will happen if you don’t do this right?
For more information about smart grid security, read our interview with Tony Flick which offers smart grid security facts and take a look at a review of Securing the Smart Grid: Next Generation Power Grid Security.