The following text is copyright 2009 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.
Enabling remote control of your environment
By: Scott Bradner
If lengthy requirements were a measure of success then smart grid technology is well on its way to being an anomaly in the environmental controls space, But I'm not going to try to hold my breath for that to happen.
In mid March the Advanced Metering Infrastructure Security (AMI-SEC) Task Force (http://osgug.ucaiug.org/utilisec/amisec/default.aspx) released a 64-page set of security requirements for remotely accessible electric meters. (http://osgug.ucaiug.org/utilisec/amisec/Shared Documents/1. System Security Requirements/AMI System Security Requirements - v1_01.doc) The AMI-SEC Task Force includes a bunch of utilities, the Electric Power Research Institute (EPRI), the US Department of Energy, some people from CMU, among others -- a group that one would hope would have a clue when talking about controlling electric systems and about security. The At first blush this is good timing since the Obama stimulus package contains more than $4B for Smart Grid technology and the Smart Grid depends on remotely accessible electric meters and it would be a good idea if the remotely accessible electric meters were not easy for a bad guy to control.
There are a lot of individual security requirements in this document, I did not count them but it looks like hundreds. But many of the requirements are, to say the least, high-level and non-specific. For example, requirement FIN.37: "The security function shall protect the integrity of transmitted information" and requirement AAC.3 "The security function shall enforce the [assignment: access control security function policy] on [assignment: list of subjects, objects, and operations among subjects and objects covered by the security function policy]." It is fine to have such a requirement but it is merely wishful thinking until specific technology is developed and agreed to.
It is good to see that someone in this industry is paying at least some attention to security - this is not something that I've seen to date. I've looked at many IP-based building control systems, including lighting and environmental control systems. I have yet to find one that even pretends that the system has any network security. All of the ones I've seen do not even mention network security or they assume that they products are deployed on isolated private networks - somehow these manufactures expect that you will build multiple networks in each building. Some of the systems do not even understand virtual LANs and may mean multiple physical Ethernet switches in each network closet. Some, but not all, building access control systems are a bit better but, even in this security-related area, network security does not seem to be a major concern.
Real security is not easy -- just ask the WiFi folks -- but it would be nice if the companies in this area did not operate in the ignorance is bliss mode. The AMI-SEC requirements are a start -- a too big, too complicated, too lacking in details and too fix all problems for all users start -- but at least a start. The next step for the Smart Grid will be much harder. The manufactures will have to decide what parts of this requirements document it will make sense to come up with specific standards for and they will have to find some good security people to help define the standards. (Note that the latter is not a given, all too often folks like this decide that they know enough about security to not involve people who actually understand security.)
I wish them well. You should as well if you don't want your power or heat to be suddenly under the control of some kid half way around the world.
Disclaimer: Harvard is more used to controlling (see the number of Harvard folk who have moved to Washington over the last few months) than being controlled but the above wish is my own.