From teeks99 at yahoo.com Mon Nov 23 16:56:34 2009 From: teeks99 at yahoo.com (Tom Kent) Date: Mon, 23 Nov 2009 16:56:34 -0600 Subject: [energy-transport-wg] Securing the Energy Grid with OSS Message-ID: <4B0B1322.5080304@yahoo.com> Recently I saw that a bunch of stimulus funds were handed out for bringing the nation's electrical grid into the 21st century. A big part of this is using computers to control various parts of the grid, from utility scale substations down into the home with smart meters and smart appliances. http://arst.ch/9bz (arstechnica.com) Anytime you take infrastructure and connct it to computers you are opening it up to a whole new set of threats as well as bringing privacy implications. Here's a couple great articles that go into the details better than I can: http://www.wired.com/threatlevel/2009/10/smartgrid/ http://arst.ch/a7g (arstechnica.com) I believe that there is an oppertunity for help in these situations from the OSS community. here are a couple things i think we could make an impact on: - Open protocols and specifications With all the new technology coming down the pike, all sorts of companies will be sprining up with their gadget or software that will solve some problem. This community could work towards making standards of interoperability so that all these entities could work together. - Network security Putting millions of new, network connected, devices out there could lead to a field day for hackers. I believe that the OSS community could quickly develop security technologies that manufactures could then cheaply incorporate into their devices. - Privacy OSS has a long history of taking a proactive approach on individual privacy. This could be utilized to provide software that is built from the ground up to give uses the privacy that they deserve, while still pushing forward great new technologies. I don't have any particular plans, but I was hoping that this could stir some conversation and the members of this list would be interested in moving forward on some of this. Thoughts? Tom Kent From sklein at cpcug.org Wed Nov 25 09:53:28 2009 From: sklein at cpcug.org (Stanley A. Klein) Date: Wed, 25 Nov 2009 10:53:28 -0500 (EST) Subject: [energy-transport-wg] [Fwd: Re: Securing the Energy Grid with OSS] Message-ID: <16714.207.188.248.157.1259164408.squirrel@www.cpcug.org> Oops, I hit reply instead of reply all. ---------------------------- Original Message ---------------------------- Subject: Re: [energy-transport-wg] Securing the Energy Grid with OSS From: "Stanley A. Klein" Date: Mon, November 23, 2009 9:19 pm To: "Tom Kent" -------------------------------------------------------------------------- I don't know where to start in responding. The best places I can send you are to http://www.nist.gov/smartgrid and to http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/WebHome Within the Twiki, there are the Computer Security Coordination Task Group (CSCTG) and its myriad of subgroups. I'm on Bottom Up, Vulnerability, Top level Requirements, R&D, and Standards, and I chaired Electric Transportation. I'm also on the T&D Domain Experts Working Group (DEWG) and just joined the team for Priority Action Plan (PAP) 11 (also Electric Transportation) and am active in the IEEE standards WG's that are related to PAP 14. I'm also on the hook to respond to questions from the CSCTG Privacy sub-group regarding ET. I commented regarding the two non-open standards in the Framework (ARRA added a requirement for open standards). The two main documents linked from the smartgrid page are the Framework and the security NISTIR. The best thing you can do right now is to comment on the NISTIR (closing date is December 1, although there will be a new version and another round of comments after that, and they won't ignore comments coming in after the closing date). The Framework comment period is closed (although if you send in comments late they may consider them). Another thing to do is to join the SGIP as an organization. It can be either in participating or observing mode. The CSCTG has a working groups page with all the groups, their sub parts of the CSCTG Twiki page and the day and time of their weekly conference calls. You email Annabelle Lee of NIST to get on the mailing lists, of which there is one for the CSCTG and one per subgroup. There are also mailing lists for the PAP teams. See the PAP pages for details. There are also lots of documents. Happy reading. BTW, my small startup company is working on an OSS version of one of the core Smart Grid standards, although we are currently searching for a funding foothold in all this activity. Stan Klein On Mon, November 23, 2009 5:56 pm, Tom Kent wrote: > Recently I saw that a bunch of stimulus funds were handed out for > bringing the nation's electrical grid into the 21st century. A big part > of this is using computers to control various parts of the grid, from > utility scale substations down into the home with smart meters and smart > appliances. > http://arst.ch/9bz (arstechnica.com) > > Anytime you take infrastructure and connct it to computers you are > opening it up to a whole new set of threats as well as bringing privacy > implications. > > Here's a couple great articles that go into the details better than I can: > http://www.wired.com/threatlevel/2009/10/smartgrid/ > http://arst.ch/a7g (arstechnica.com) > > I believe that there is an oppertunity for help in these situations from > the OSS community. here are a couple things i think we could make an > impact on: > > - Open protocols and specifications > With all the new technology coming down the pike, all sorts of companies > will be sprining up with their gadget or software that will solve some > problem. This community could work towards making standards of > interoperability so that all these entities could work together. > > - Network security > Putting millions of new, network connected, devices out there could lead > to a field day for hackers. I believe that the OSS community could > quickly develop security technologies that manufactures could then > cheaply incorporate into their devices. > > - Privacy > OSS has a long history of taking a proactive approach on individual > privacy. This could be utilized to provide software that is built from > the ground up to give uses the privacy that they deserve, while still > pushing forward great new technologies. > > I don't have any particular plans, but I was hoping that this could stir > some conversation and the members of this list would be interested in > moving forward on some of this. Thoughts? > > Tom Kent > > _______________________________________________ > energy-transport-wg mailing list > energy-transport-wg at opensourceforamerica.org > http://opensourceforamerica.org/cgi-bin/mailman/listinfo/energy-transport-wg > -