The Internet was a paradigm-changing set of technologies that 30 years ago few could have seen how they would change the nature of the way we communicate, the way we do business and even the way we live. Though resilient, the Internet was built on protocols and standards that were not designed with security in mind, resulting in the creation of an entire industry of security professionals, vendors, standards bodies and regulators to better secure it.
Smart Grid and its own emerging technologies, standards and protocols look to be the same kind of game changer that the Internet was. We can only imagine what new products and services the Smart Grid will enable 30 years from now.
Smart grids also represent a new challenge for security pros. For years we’ve been trained (and in some cases regulated) to implement well known sets of security controls, like firewalls or anti-virus, that help make up for the inherit weaknesses in current computing and network platforms. Isn’t the Smart Grid just another large-scale network that requires the same controls we apply to the Internet?
I hope we don’t think so.
At the 2011 Smart Grid Security Summit in San Diego, I gave a public challenge to the security pros, vendors and regulators that will help secure the Smart Grid. With Smart Grid we must question everything we assume about the traditional security controls we’ve used to secure devices and information on the Internet and focus instead on the basic security principles like least privilege and separation of duties.
My point was not to imply that we don’t need security controls in Smart Grid, nor that controls we use to protect the Internet won’t also work for Smart Grid, but rather that we should be asking ourselves why we need specific controls and what controls could we use instead that might be more effective. In other words, in Smart Grid we have the chance to design it right the first time. This is especially important considering the sheer amount of legacy gear that will have to be protected.
For example, firewalls are a common security control that security professionals recommend for securing networks. On the Internet firewalls serve a necessary albeit more and more ineffective mechanism for minimizing the attack surface of systems that sit behind the firewall. This is because most computing platforms, regardless of brand, and the applications that run on them, are sometimes less than ideal at defending themselves from the innumerable threats against them. Unfortunately, over the last 30 years attackers have learned how to exploit the inherit weaknesses in firewalls (and the people that configure them) so they don’t provide as much value as they could or should.
Does Smart Grid need firewalls? Certainly in some parts of its architecture. Germany has decided to make smart grid gateways a part of every German household. In the Home Area Network environment this may make sense. However, if smart grid components be designed to communicate only with other authorized devices then would smart grid firewalls still be necessary?
Anti-virus is another popular security control that has become a staple of any reasonable security configuration. I argue that anti-virus is a control has already begun to outlive its usefulness in traditional computer networks. We install it despite its weaknesses because it is a control laypersons have come to expect. In some cases, its mandated. But to introduce it to smart grids would be a crutch we could do without. Imagine millions of smart meters or smart transformers trying to download growing databases of virus signatures and store them in their limited memories. This misses an important point. Because of their mission-specific purposes, we should know every line of code in every piece of smart grid software. If this is true, smart devices should know when their code has been tampered with and malicious code replaced with known good. With advanced configuration management, smart grids could be extremely resistant to malware infections without traditional anti-virus software. Such a thing is nearly impossible on our favorite computing platforms. Too many applications. Smart grid software may be much more manageable.
None of this will be easy. Sometimes decisions may be made to do things quickly–or less expensively–than to meet strenuous security design principles. But the challenge stands. We have a unique opportunity to learn from past mistakes and design a system that brings all the benefits energy customers expect and demand in a way that is cost effective and resistant to cyber attack.