IOActive’s Joshua Pennell Puts Smart Grid Security On Agenda At Infosecurity Europe

Research and Case Studies Underscore Need for Utilities to Craft New Security Strategies as Foundation of UK plc’s Security

Seattle, Washington, USA —March 30, 2010. IOActive, an international thought leader in software assurance, compliance and Smart Grid security services, today announced that its founder and president, Joshua Pennell, will speak at Infosecurity Europe, Europe’s number one information security event.

In his presentation, entitled Securing the Smart Grid: The Journey Ahead, Pennell will share some of IOActive’s research insights into Smart Grid design issues that must be resolved immediately, including poor authentication, lack of encryption and inadequate authorization. Pennell will also offer suggestions and best practices that meter vendors can adopt to mitigate these existing vulnerabilities, as well as develop more secure products in the future.

Smart Grid: A Security Risk

These vulnerabilities could result in attacks to the Smart Grid platform, causing utilities to lose momentary system control of their Advanced Metering Infrastructure (AMI) smart meter devices to unauthorized third parties. This would expose utility companies to possible fraud, extortion attempts, lawsuits or widespread system interruption. If security is not addressed in the design and implementation of these emerging technologies, it may prove cost prohibitive to address them once the devices are fully deployed.

47 million smart meters will be installed in each of the UK’s 26 million homes by 2020 at a cost of around £8bn. Across Europe there is an EU Parlimentary commitment to install smart meters in 80% of all buildings across the region by 2020.

IOActive research uncovered multiple programming errors and security vulnerabilities in smart meter devices. The most common component of the Smart Grid, smart meters act as the power distribution endpoints as well as the endpoints for communication and sensory nodes. 

“The Smart Grid infrastructure promises to deliver significant benefits for many generations to come, but first we must address its inherent security flaws. IOActive believes that the Smart Grid and Automated Metering Infrastructure (AMI) markets would benefit from the adoption of a formal Security Development Lifecycle and independent, third-party security assessments.” said Pennell.

“As our research demonstrates,” continued Pennell “these steps are critical to ensure these devices are truly secure now and in the future. The security of the Smart Grid and power infrastructure are at stake here.”

Pennell’s presentation will cover short- and long-term strategies for improving Smart Grid security. He will share use cases and discuss the ongoing collaboration between IOActive, government officials and utilities to develop long-term tactics for increasing Smart Grid security.

WHAT       Securing the Smart Grid: The Journey Ahead

WHERE      Infosecurity Europe, Earl’s Court, London, UK

WHEN      April 29, 2010, 12:40-13.05 p.m.

ABOUT      For more information, please visit http://www.infosec.co.uk/