Professional Documents
Culture Documents
Infrastructure
Security:
The
Emerging
Smart
Grid
Cyber
Security
Lecture
1:
Introduc$on
Carl
Hauser
&
Adam
Hahn
Administra$ve
Textbook
(available
online)
Ross
Anderson.
Security
Engineering
2nd
Ed.
Wiley.
hLp://www.cl.cam.ac.uk/
~rja14/book.html
Read
Chapter
1
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Complexity
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Terminology
Threat
circumstance
or
event
with
the
poten$al
to
adversely
impact
organiza$onal
opera$ons
Threat
Events
event
or
situa$on
that
has
the
poten$al
for
causing
undesirable
consequences
Threat
Source
(agent)
intent
and
method
targeted
at
the
inten$onal
exploita$on
of
a
vulnerability
or
a
situa$on
and
method
that
may
accidentally
trigger
a
vulnerability
Security
Mindset
Good
engineering
involves
thinking
about
how
things
can
be
made
to
work;
the
security
mindset
involves
thinking
about
how
things
can
be
made
to
fail.
It
involves
thinking
like
an
aLacker,
an
adversary
or
a
criminal.
Security
professionals
Source: hLps://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html
Psychology
Threats
are
invisible,
intangible
Economic
Financial
investment
in
people
and
technology
Performance
Security
technologies
ofen
consume
computa$on
resources
Challenges
Threats
Asymmetric,
well
funded
adversaries
vs
rate-based
u$li$es
Privacy
Boundless
data
collec$on
and
analysis
Usability
Technical
Less
trus$ng
environments
require
System
vulnerabili$es
ofen
dicult
to
more
congura$on
discover
For$ca$on
Principle
Defender
must
defend
en$re
system
ALacker
will
target
lowest
point
ALack Lifecycle
Source: NERC, DOE. High-Frequency Low Impact Event Risk to the North American Bulk Power Systems. 2009
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Cybercrime
Hac$vism
Na$on-State Threats
Persistent
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Vulnerability Sta$s$cs
Source: hLps://web.nvd.nist.gov/view/vuln/sta$s$cs-results?adv_search=true&cves=on
Vulnerability Lifecycle
Source:
European
Union
Agency
for
Network
and
Informa$on
Security
(ENISA).
Window
of
exposure...
a
real
problem
for
SCADA
systems?
Dec.
2013.
Source:
hLp://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-
hackers-secret-sofware-exploits/
Pervasive
Vulnerability
Modern
systems
have
pervasive
vulnerability
From
a
security
perspec$ve,
they
are
purchased
in
a
broken
state
Only
get
worse
as
$me
progresses
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Privacy
Deni$on:
the
quality
or
state
of
being
apart
from
company
or
observa$on
"Informa$on
privacy"
refers
to
the
user's
ability
to
control
when,
how,
and
to
what
extent
informa$on
about
themselves
will
be
collected,
used,
and
shared
with
others.
Source:
hLp://www.merriam-webster.com/dic$onary/privacy
Source:
hLps://msdn.microsof.com/en-us/library/ms976532.aspx
Source: E. L. Quinn, Privacy and the New Energy Infrastructure, Social Science Research Network (SSRN), Feb. 2009
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Authen$city
Trust
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Incen$ves
for:
-defenders
to
implement
policy,
mechanisms
-aLackers
to
bypass
policy,
mechanisms
Outline
Smart
Grid
Overview
Security
Intro
and
Terminology
Threat
Events
&
Sources
Vulnerabili$es
Privacy
Security
Proper$es
Security
Engineering
Topics
Lecture
#2
Lecture #3
Lecture #4
Lecture #5
Lecture #6
End