A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Security testing for Smart Metering Infrastructure Steve Vandenberg - Robert Hawk (BSides Las Vegas 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Security testing for Smart Metering Infrastructure Steve Vandenberg - Robert Hawk

In July 2010, BC Hydro, the electric utility and grid operator of British Columbia began implementation of its Advanced Metering Infrastructure (AMI) program, formally known as the Smart Meter & Infrastructure (SMI) program. The SMI program transformed BC Hydro from a traditional metering utility to a smart metering utility by implementing smart meters on the customer service points. It was the first step in the smart grid transformation.
An AMI program requires the introduction of many new devices and applications into a utility’s infrastructure. Some of these devices and software may have never been deployed before anywhere in the world. Many are field deployed, outside of the utility’s physical and cyber security perimeters.
Security teams within utilities need to take responsibility for the end to end security of an AMI program. Traditional approaches may not be sufficient to deliver this security. A new approach including pen testing specialist and third party labs may form an important part of this security.
A standards based approach will be required to ground the security and penetration testing both in best practice and in a common set of principles that utility and its partners can accept. The Advanced Metering Infrastructure (AMI) Risk Assessment document prepared by the Advanced Metering Infrastructure Security (AMI-SEC) Task Force can form the basis for creation of the test plans. This document has since been passed to the National Institute of Standards and Technology (NIST) Cyber Security Working Group and was integrated into NIST IR 7628. NIST IR 7628 contains a comprehensive list of possible threats to AMI systems.
For successful outcomes it is important to consider emerging new factors. These are discussed in the presentation.

Bio: Robert Hawk began working as a Private Investigator and Security Consultant in the metropolitan Vancouver area in 1988. In 1995 Mr. Hawk began working in the Information Technology and Information Systems. Now specializing in the fields of Information Systems Security, Computer Security, Cyber Security, and Information Assurance. For the last four years Mr. Hawk has been working in the energy and utility industries in with a focus on security delivery and risk management for Advanced Metering Infrastructures and Smart Grids.
Steve Vandenberg has held a variety of technical and leadership positions with General Electric, Hess, the US State Department and BC Hydro, the British Columbia electric utility. Steve has worked in the Middle East, Asia, Europe and the Americas in the areas of SCADA and Controls Engineering, Cyber Security, Securing and Integrating New Systems, Critical Infrastructure Protection and Emerging Threats.
Steve was responsible for the first implementation of the NERC CIP standards at BC Hydro.
Most recently, Steve led the team of IT security professionals, labs and vendors that were responsible for delivery of the full scope cyber security of BC Hydro’s Smart Meter Infrastructure program, a $2 Billion, 2 million meter AMI deployment. The team’s responsibilities included security design, assessment, testing and incident response for the meters, routers, tools and back end.
Steve holds a BS in Mechanical Engineering from Columbia University, an MBA from the University of Pittsburgh, a Professional Engineer license, a PMP, CRISC and CISSP certifications.

Back to BSides Las Vegas 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast