user warning: Unknown column 'type' in 'field list' query: SELECT module, type FROM captcha_points WHERE form_id = 'search_block_form' in /home/insighto/public_html/sites/all/modules/111captcha1/captcha.inc on line 55.

OpenADE to Publish Draft Green Button Test Procedures

 

The OpenADE Task Force is a group of smart energy management vendors, utilities, and consumer interests developing recommendations toward building interoperable data exchanges that will allow customer authorization and sharing of utility consumption information with 3rd party service providers. The group is also helping the administration and other agencies implement the Green Button, a common data format that allows electricity customers to download their energy usage data and either analyze the data directly, or send it to a third party to understand energy usage. There are tools being developed for a variety of platforms to use this data and OpenADE is now tackling how to test and certify these tools are interpreting the data properly.

OpenADE will put a draft test plan and tool for self-evaluation on greenbuttondata.org– the tools and spec are considered beta at this point. They will also establish a review period for the test plan and once the plan is approved, certification of Green Button software and hardware can proceed.

The Green Button will be an important tool that allows consumers, businesses and government institutions to take control of energy usage. The government agency GSA is already using Green Button, saving money by avoiding expensive energy audits. We will continue to report on progress of this important tool. 

 

White House Releases Progress Report on Grid Modernization

 On February 26th, the White House National Science and Technology Council released a report “highlighting the Administration’s most recent achievements to make the Nation’s electric grid stronger, smarter, and cleaner than ever before.”

The 20 page report follows the President’s State of the Union address, where President  Obama reaffirmed the administration’s commitment to create a stronger, smarter, cleaner electric grid. The report highlights several important steps taken by the administration since it published the June 2011 policy framework for a 21st century grid, available here.

In discussing new technology added to the grid, the report points to the nearly 13 million smart meters, 5,000 automated distribution circuits, and several hundred advanced grid sensors added to the grid because of White House and Congressional initiatives. Nearly $250 million in loans has aided deploying grid technology into rural areas. $100 million was allocated to 50 projects to train the nation’s workforce on advance grid technologies. Consumers will have more information about their energy usage through the Green Button initiative, which is being implemented by utilities around the country. With this information, consumers can control their energy costs and save money.

Finally, the report cites the recent Executive Order intended to strengthen the cybersecurity of critical infrastructure industries, including the electric power sector. This report can be downloaded here

RSA Conference Starts with Optimistic Keynotes

The annual RSA conference, which is the largest gathering of Cybersecurity professionals in North America, kicked off in San Francisco with the keynotes from Art Coviello, Executive Chairman of RSA and Executive Vice President of EMC, and Scott Charney, Corporate Vice President Trustworthy Computing of Microsoft.

Coviello encouraged the 6,000+ conference attendees to discard the FUD (fear, uncertainty, and doubt) and antiquated and obsolete perimeter protection technology in favor of using advanced analytics to proactively manage and improve information security of their organizations and networks. He declared that it is counterproductive to focus on who is responsible for the breaches and instead encouraged the audience to design and implement robust anti-fragile solutions that are less susceptible to failure and are designed to self-heal.

Charney discussed tremendous technological advances made in the recent years and proposed a new paradigm of using "the trusted stack" that improves security. The trusted stack consists of hardware, software, data, and identity. Charney reviewed the recent technology advances and the rapidly evolving threats. He discussed examples of practice and technology adoption that make him optimistic about e future. Charney advocated for stronger national policy and international strategies and cooperation for improving the global state of Cybersecurity. Charney commented that the national strategy should be focused in addressing one of the four aspects of cybersecurity problem: cyber crime, differences among countries on handling cyber space, military espionage, and cyber warfare.

IEEE 2013 Innovative Smart Grid Technologies Conference

IEEE Power and Energy Society (PES) opened its fourth annual Conference on Innovative Smart Grid Technology (ISGT) this week in Washington DC with a keynote address from Patricia Hoffman.

Ms. Hoffman is the Assistant Secretary for the US Department of Energy, working in the Office of Electricity Delivery and Energy Reliability. Ms. Hoffman's remarks summarized some of the benefits and lessons learned as a result of DOE Smart Grid Investment Grants. On the transmission side, visualization tools for Phase Measurement Units (PMUs) are allowing utilities to see areas of stress on the grid, adding robustness to the transmission system.

Ms. Hoffman said "further developments will foster a more predictive grid, rather than a reactive system." Work is continuing on next generation energy management systems and resource availability tools. Further, work is needed to develop consistent data platforms and a convergence of data models. Work in the distribution system allows for peak load reduction and outage management, asset management, microgrids and active distribution systems. Ms. Hoffman also noted that cybersecurity is a critical issue and DOE is supporting work in that area. Ms. Hoffman concluded her remarks stressing the need for workforce development and training of young professional in the utility space.

The IEEE ISGT conference continues through February 27th.

Security Consulting Company Exposes China Cyber Espionage Threat

Yesterday Mandiant, a security consultancy, published report “APT1: Exposing One of China’s Espionage Units.” The report details the extent and the exploits observed by Mandiant from a single entity – Chinese People’s Army Unit 61398. Mandiant analyzed the group’s intrusions against over 150 victims over 7 years resulting in terrabytes of data stolen from numerous US organizations. According to the National Public Radio (NPR), Chinese government denies any involvement. Mandiant CEO, Kevin Mandia, testified last week during the House Intelligence Committee hearing on the cybersecurity bill. 

SANS SCADA Security Summit Report

SANS held its eighth annual North American Industrial Control System (ICS) & SCADA Security Summit at the Disney Resort in Orlando, FL this week, a venue that uses thousands of control systems every day to ensure the fun and safety of visiting families. The event was chaired by Michael Assante, formerly with the North American Electric Reliability Corporation, Idaho National Lab, and American Electric Power. The two-day event featured presentations and panel discussions on a variety of ICS and SCADA security issues. The audience heard from government, academia, utilities, global companies, product suppliers, and security consultants. The picture that emerged is encouraging and complex at the same time. Today, ICS and SCADA are connected to the Internet, through the corporate networks or through remote vendor connections. There may be legitimate business needs for these connections to provide critical control systems data to the business or to allow global companies conduct exploration activities in remote parts of the world without significant personnel commitment. These connections may also be in place due to the lack of awareness of security implications of such connections without any legitimate business reason. Sometimes these connections are secured and sometimes they are not. ICS and SCADA systems suffer from the phenomenon known as hard shell outside and the soft gooey inside – while the perimeter protection may be strong, once the attacker is inside the perimeter they pretty much can have whatever they want. Some vendors are doing great things and using secure coding practices, secure development lifecycle, and genuinely improving the security state of their products, some are not. Workforce is a serious issue, both in terms of expanding a very small number of dedicated SCADA cybersecurity practitioners, providing general user awareness for those who touch SCADA systems, and increasing technology practitioner knowledge for people who deal with technology that touches or is connected to SCADA but are not SCADA engineers.

Ultimately, it is about people and process! Technology is a distant third. If your people don’t know how to tell a phishing exploit from a legitimate email you are in trouble. Resources need to be invested into educating people and creating resilient agile processes for detection, recovery, and reconstitution, because you will be hacked!

The Summit agenda is available at https://www.sans.org/event-downloads/28439/agenda.pdf. The ninth annual event will be held in Florida March 12-20, 2014, including education sessions before the summit. Any questions about this year’s summit should be directed to Klaus Bender at Klaus.bender@utc.org and Nadya Bartol at Nadya.bartol@utc.org.

SANS SCADA Security Meeting

UTC attended a SANS SCADA Security Call to Action meeting, held ahead of the SANS SCADA Security Summit on February 11, 2013. Mike Assante of the SANS Institute called together this meeting to discuss control systems security and potential community response to helping solve this highly publicized challenge. Discussion included speakers from a variety of government, industry, and academia organizations. The speakers acknowledged the challenge and discussed the progress that is being made to improve the situation. The speakers and the audience also discussed potential solutions. People and process emerged as top needs with technology being a distant third. Speakers unanimously acknowledged that investment in training and awareness of general users is paramount. While they also acknowledged that the Industrial Control Systems (ICS) vendors have begun building in quality and security into their solutions, consensus emerged that further progress needs to be made by a greater number by vendors and user organizations. The discussion also touched on the challenges of demonstrating value of security to the corporate leadership and on the value of collaborating with other practitioner communities, such as emergency management professionals. Participants were requested to provide further input one the specific actionable projects the community could undertake to help improvement.

 

 

SNC Identifies Smart Grid Reference Models as a Project for 2013

The elected board of UTC’s Smart Networks Council (SNC) met this week in Reno, NV. The SNC was formed to bring the resources and knowledge of member utilities and the vendor community together to address technical issues critical to achieving reliable delivery of our critical resources.  Membership and participation in SNC activities are included to all Core and Associate Members of UTC. 

 
The SNC’s board approved a plan address the important issue of navigating multiple smart grid architecture refernece documents, and how these architectures relate to recent field deployments. The output of this effort will be an up-to-date reference architecture providing better system design, estimation, implementation and operation tools used by engineers, operations teams and management alike.  This tool will be able to better explain the many elements of smart grid, how communications connectivity relates to these elements, and how standards can move from guidelines to practice, enabling faster and more cost effective deployments of critical technology.  
 
The work group will examine the smart grid models of the SGIP/UCA and IEEE mapping efforts, the nearly complete ITU model, and identify both commonalities and gaps between these models. Through interviews with utility experts, the vendors community, consulting engineers, and industry experts, the study will analyze real world deployments and compare the resulting systems to reference model for gap analysis and validation. 
 
The board believes that a current reference model based on the initial and emerging architectural frameworks, assessed against field based experience and measures, will be a benefit for utilities seeking to deploy and update their systems in the future.  This work will also assist UTC and its members in validating the spectrum requirements for critical infrastructure entities. 
 
SNC membership is open to all UTC Members including utilities and industry solution providers. Parties interested in participating in this project should contact UTC staff (eric.wagner@utc.org or Klaus.bender@utc.org). 
 

Chinese Hackers Suspected in Cyber Attacks on Three U.S. Newspapers

In rapid succession, the New York Times, The Wall Street Journaland the Washington Post revealed that they were the victims of cyber attacks that originated in China.   In the case of the New York Times, the attacks began in late October, when the paper started reporting about the multi-billion dollar fortune accumulated by the family of the Chinese prime minister, Wen Jiabao. Working with security experts, the Times discovered evidence that Chinese hackers were responsible and that they were using methods associated with the Chinese military.  The hackers reportedly stole the corporate passwords for every Time’s employee and used them to gain access to the personal computers of employees. Among the targets were the paper’s Shanghai bureau chief and the former Beijing bureau chief, but there was no evidence that sensitive email files were affected. 

 
The Wall Street Journal disclosed a day later that it also had fallen victim to Chinese hackers, who were trying to monitor the company’s coverage of China by breaking into the paper’s network through computers in its Beijing bureau. From there, the hackers then reportedly infiltrated the paper's global computer system.
 
The Washington Post made public that it dealt with a similar situation that it remediated at the end of 2011. It appears that those cyber attacks, which started as early as 2008 or 2009, targeted the Post’s main information technology server and several other computers. This allowed the hackers to compromise sensitive administrative passwords, giving them potentially wide-ranging access to the paper’s systems before the computers were taken offline and enhanced monitoring was put in place to prevent a recurrence.
 
Bloomberg LP and Thomson Reuters PLC have also reportedly fallen victim to cyber attacks over the summer.  Google disclosed in 2010 that Gmail accounts of Chinese human rights activists were hacked and investigators were able to trace the source to two educational institutions in China, including one with ties to the Chinese military.
 
An interesting wrinkle in the response to the attacks is that companies took the extremely unusual step to engage the United States government by handing over servers to the National Security Agency and the Department of Defense.
 
While Chinese government officials vehemently deny the allegation that this was a state-sponsored or –sanctioned activity, China’s cyber-espionage assists the government’s broader efforts to quell internal dissent by identifying activists and dissidents and tracking them through their e-mail. "Evidence shows that infiltration efforts target the monitoring of the Wall Street Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information," Paula Keve, a spokeswoman for the paper’s publisher, said.  Grady Summers, a vice president at computer security company Mandiant, said that in general, Chinese government hackers “want to know who the sources are, and who in China is talking to the media. They want to understand how the media is portraying them, what they’re planning and what’s coming.”
 

FirstNet Discusses Progress to Date

 APCO held its Emerging Technology Forum this week in Anaheim. The first day of the conference focused on next generation 9-1-1 and cybersecurity and the second day was spent discussing public safety broadband. Two members of FirstNet, responsible for building the public safety broadband network, provided insight into the progress of the effort to day. Kevin McGinnis and Craig Farrill, the acting general manager of FirstNet were the speakers. 

 

Mr. McGinnis detailed some of the applications in emergency medical services that would be enabled by the FirstNet. Mr. Farrill told the audience that the commercial services members of the FirstNet board seek to build the network as soon as possible. He stressed that FirstNet is intended to serve public safety, not a commercial effort. He said that the network has the potential to be the fourth or five largest wireless network in the country. The group has collected over 1300 requirements for the network, developed by public safety, DHS and NTIA. The architecture for the network, at a high level, will assume that FirstNet will be the primary broadband network, with as many as five wireless carriers to provide backup, followed finally by satellite services to "serve every square meter of the country."

 

When asked what role utilities will have in the network, Mr. Farril acknowledged that a utility representative is on the board and the board understands the resources that utilities can provide to FirstNet, especially in rural areas. But Mr. Farril stated that the board is looking to balance speed to market with adding partners to the network and he said the board anticipates that utilities will be an important part of the network, primarily in rural areas. 

 

The FirstNet board is doing state consultations that will gather each state's expectations for the network, add that to the requirements, and then go back to the states for confirmation. Mr. Farril said each state will have a network operating center (NOC) with the potential for regional NOCs for emergencies like the recent hurricane Sandy disaster. 

Syndicate content
     
   

 
     

 

UTC Member Tweets