- Forrester Councils
- Councils Overview
- log in
Posted by Usman Sindhu on May 10, 2010
I was just reading the recent Elinor Mills interview with Joe Weiss, and I wanted to share a few of my thoughts on the subject of securing industrial control system (ICS). Security for industrial control systems is an important topic in the modernization of critical infrastructure components. Sometimes we get too hung up on concepts like Smart Grid, but we forget that we've been dealing with similar systems for some time now. Currently, supervisory control and data acquisition (SCADA) and programmable logic controllers (PLC) systems are commonly found in electric, oil, gas, and water environments. Over the years these components have gone through varying degrees of modernization, but they are no less susceptible to security threats than smart meters or grids.
Making any of these systems secure depends on the risk assessment and management methodologies employed in the respective domains. To some extent, it involves taking care when deploying these systems and reducing the threat vector when they are connected to either private or public networks. But it also requires scrutiny of the technologies that are being rolled out in the critical infrastructure. For example, sensor based networking is gaining a lot more traction in critical infrastructure modernization. Smart meters and home appliances will rely on Zigbee communication links to transfer data and feeds. Similarly, transportation, public safety, and smart buildings will all rely on wireless sensor technologies to communicate and send data in real time. Researchers have shown vulnerabilities and ways to attack sensor based networks by employing routing attacks like Sinkhole, Replay attack, Selective Forwarding, and the HELLO flood attacks, along with novel methods like Malicious Code Injection. Similar studies have been done to show some inherent vulnerability in the design and manufacturing of the smart meters.
The notion of making infrastructures smart, whether it’s Smart City or Smart Grid, shouldn’t come at the expense of increasing risk exposure. To me, the Smart Grid could become reference architecture for adjacent industries if done properly. We may see the likes of the credit card industry here, which is still going through its efforts to make security built-in. Industries like this suffer from common problems; for example, security not being built into Point of Sale (POS) systems, or card swipe terminals not having encryption for transferring personally identifiable information (PII). Aren’t we facing similar issues in the Smart Grid ecosystem? Don’t we have to address problems that range from securing smart meter communication to encrypting data at various chokepoints in the network?
The points I mentioned above only scratch the surface of security and risk issues, but I have touched on many of them in my previous blog posts. However, here are a few things for adopters (governments, utilities, public safety, education, transportation, smart buildings) of the smart technologies to consider:
That’s all for now, but I’m working on a report that talks about “Demystifying Security and Risk Concerns In The Smart Grid Ecosystem” and would love to hear your thoughts and experiences.
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »