1. Home

Will the Smart Grid exacerbate control system cyber problems?

June 15, 2009
Much has been written about what makes control systems different than business IT systems. However, the Smart Grid tends to blur these distinctions as control systems are networked using Ethernet and TCP/IP. With all of the money and focus on Smart Grid, particularly cyber security, there is obviously more attention being paid by many new players. One of my pet slides shows the need for more people from the control system community with domain expertise to get involved because the primary influx of “SCADA security” people were from the IT security community.
Much has been written about what makes control systems different than business IT systems. However, the Smart Grid tends to blur these distinctions as control systems are networked using Ethernet and TCP/IP. With all of the money and focus on Smart Grid, particularly cyber security, there is obviously more attention being paid by many new players. One of my pet slides shows the need for more people from the control system community with domain expertise to get involved because the primary influx of “SCADA security” people were from the IT security community. Unfortunately, that has changed for the worse. It was very obvious at the IEEE P2030 meetings in Santa Clara two weeks ago. There were approximately 150 attendees. When we broke into three task groups, I attended the break out on power systems engineering. There were approximately 50 people in the room – 2 utilities, a number of control system vendors and consultants, and another quarter to third of the room who knew nothing about the electric system. That is not to say the IT community is solely to blame. Jake Brodsky blogged yesterday on the recent announcement by Mike Davis from IO Active concerning cyber vulnerabilities of automated meters they will demonstrate next month at Black Hat 2009. According to Jake, “…the exploits Davis is reported to be using include exploits against memcpy() and strcpy() calls in the embedded code of these devices. I'm no expert at secure programming. However, I have known of the buffer overflow issues with these types of calls for *years*. I think I'm being a realist here. I know there are going to be mistakes; but why can't they be ORIGINAL and UNIQUE? This is brand new territory. We're working with a clean sheet of paper. THERE IS NO EXCUSE FOR THIS KIND OF IGNORANCE AND STUPIDITY!” This is far from the only case where control system suppliers incorporate known vulnerable technology in field control systems. What will it take to get both sides to work together combining the domain expertise of each? Joe Weiss

Continue Reading

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...

Latest from Home

Most Read

Sponsored