Presented at
BSidesLV 2014,
Aug. 6, 2014, 3 p.m.
(60 minutes).
In July 2010, BC Hydro, the electric utility and grid operator of British Columbia began implementation of its Advanced Metering Infrastructure (AMI) program, formally known as the Smart Meter & Infrastructure (SMI) program. The SMI program transformed BC Hydro from a traditional metering utility to a smart metering utility by implementing smart meters on the customer service points. It was the first step in the smart grid transformation.
An AMI program requires the introduction of many new devices and applications into a utility's infrastructure. Some of these devices and software may have never been deployed before anywhere in the world. Many are field deployed, outside of the utility's physical and cyber security perimeters.
Security teams within utilities need to take responsibility for the end to end security of an AMI program. Traditional approaches may not be sufficient to deliver this security. A new approach including pen testing specialist and third party labs may form an important part of this security.
A standards based approach will be required to ground the security and penetration testing both in best practice and in a common set of principles that utility and its partners can accept. The Advanced Metering Infrastructure (AMI) Risk Assessment document prepared by the Advanced Metering Infrastructure Security (AMI-SEC) Task Force can form the basis for creation of the test plans. This document has since been passed to the National Institute of Standards and Technology (NIST) Cyber Security Working Group and was integrated into NIST IR 7628. NIST IR 7628 contains a comprehensive list of possible threats to AMI systems.
For successful outcomes it is important to consider emerging new factors. These are discussed in the presentation.
Presenters:
-
Steve Vandenberg
- Security Team Lead - British Columbia Hydro
Steve Vandenberg has held a variety of technical and leadership positions with General Electric, Hess, the US State Department and BC Hydro, the British Columbia electric utility. Steve has worked in the Middle East, Asia, Europe and the Americas in the areas of SCADA and Controls Engineering, Cyber Security, Securing and Integrating New Systems, Critical Infrastructure Protection and Emerging Threats.
Steve was responsible for the first implementation of the NERC CIP standards at BC Hydro.
Most recently, Steve led the team of IT security professionals, labs and vendors that were responsible for delivery of the full scope cyber security of BC Hydro's Smart Meter Infrastructure program, a $2 Billion, 2 million meter AMI deployment. The team's responsibilities included security design, assessment, testing and incident response for the meters, routers, tools and back end.
Steve holds a BS in Mechanical Engineering from Columbia University, an MBA from the University of Pittsburgh, a Professional Engineer license, a PMP, CRISC and CISSP certifications.
-
Robert Hawk
- Principal Consultant - RBH Enterprises
Robert Hawk began working as a Private Investigator and Security Consultant in the metropolitan Vancouver area in 1988. In 1995 Mr. Hawk began working in the Information Technology and Information Systems. Now specializing in the fields of Information Systems Security, Computer Security, Cyber Security, and Information Assurance. For the last four years Mr. Hawk has been working in the energy and utility industries in with a focus on security delivery and risk management for Advanced Metering Infrastructures and Smart Grids.
Links:
Similar Presentations: