According to published reports, one of the anticipated sessions at the upcoming Black Hat conference will show vulnerabilities within smart metering technologies that certain utilities are deploying to make the electricity grid more intelligent– from energy production through consumption.
The big question is whether the vulnerabilities would put utilities out of compliance with energy industry regulations regarding security.
In the latest episode of eIQcast, Ross Levanto asks eIQnetworks Product Evangelist John Linkous for a review of what we know about the vulnerabilities and the current state of security compliance within the energy industry.
Running time: 10:27
Direct Link: http://eiqcast.podOmatic.com/entry/2009-07-06T06_58_21-07_00
Don’t be like Dick and check out eIQ’s video at logdataisnotenough.com
July 7, 2009 at 11:03 PM
i think one needs to worry if vulnerabilities would put these firms out of business via outages and customer losses … not compliance
July 14, 2009 at 10:17 AM
The goal of compliance — in this case, specifically NERC CIP – is to provide exactly that: a framework to reduce those vulnerabilities that could potentially bankrupt the company. You’re correct in your implication that compliance and security are separate disciplines, but compliance can still help organizations acheive security. Compliance is (one of) the means; security is the goal.