Monday, January 23, 2017

IoT and the Power Grid. Similarities?

Internet of Things, and Similarities to Other Important Stuff, like our Power Grid.


By Ed Higgins

 In more of a national security matter, there are thousands of similar gadgets scattered around the country, specifically the control systems that manage the United State Power Grids. In fact, many these systems are actually less secure than the latest in IoT gadget technologies due to the antiquated technologies they are built upon.  Hmmmm. Let that marinate for a minute!

Could our power grid be compromised or impacted by a massive targeted attack initiated in the same manner as in the "thermostat example" above?  Yes, unfortunately it could. SCADA systems, by there design, were created as simple systems that provide automated control of valves, switches, and meters and all work to ensure power generation, distribution, and measurement. SCADA systems date back to the 1970's when there was no Internet. While these systems are highly effective at doing their respective job functions, they haven't advanced to comprehend Internet security.  Therefore, companies that generate power and supply to the grid have to build a gap between their corporate networks and the sensitive control network.

However, for convenience and workforce efficiency, and for other reasons, these companies built bridges between the corporate network and the sensitive control network to allow their employees authorized to work in both networks to traverse the bridge. This bridge essentially allows power company employees to sit on the corporate network and connect to the control network. The corporate security and perimeter security around the control network is crucial and must comply with stringent security controls and countermeasures. Now, with the advent of IoT devices coming into the corporate network, there exists another vulnerability that could allow a bad actor to gain access to the corporate network through a compromised IoT devices, and carry out an attack against the control network.  Additional steps and measures need to be taken to ensure that an IoT device doesn't create a beachhead for sustained attempts to infiltrate the control network.  We'll explore this topic in greater detail in a future segment dedicated to Power Grid Security.


I hope you enjoyed this article.

Stay tuned, and stay safe

Ed

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)