Blue Security

Much of Grid Security, or the even narrower SCADA Security is of the don’t let anyone touch anything anywhere variety. Smart grids, Distributed Generation, and Net Zero Energy (NZE) buildings demand that we open up security on the grid.

Let’s contrast two beefy guys, each working in security. One works at the worst prison in the poorest state. One is a bouncer at an upscale night club.

The prison guard in the lowest penitentiary. He enforces a consistent experience on the inmates. He may prevent that prison from being an absolute hell. He does not have permission to make many choices. No one will claim that the guard enhances their time in prison. If he does not protect the inner sections of the prison, as well as the perimeter, things can get very bad in a hurry. He is a hygiene factor, necessary but not desirable.

The bouncer has a more nuanced role. Sure, they stop fights; the better bouncers noticing them before they happen and have a quiet word with someone's friend before they get out of hand.They spend some time just being highly visible. They prevent those already drunk from entering the bar and they escort those who, even if non-violent, have had too many out. They call cabs. The ignored bouncer enhances the value of the experience for everyone who entered the club. He did this by being aware of the situation and aware of the business goals of the establishment. He understands that he provides a service that enhances and enables the other services of the establishment.

When I talk of security with SCADA professionals or with building system professionals,  they tell me “Sure we have security.” They use HTTPS so no one can read our messages. They require long complex passwords so no one can get in. They never talk about enhancing the services offered by the building. They never talk about letting the right people do the right things easily.

Embedded system security sounds just like that Prison Guard. The problem is, we need that situation aware, service oriented bouncer. Bad security subtracts value. Good security adds value. We will need bouncers not guards for the smart grid.

Toby is right.  In fact, there are several aspects of security we may want to consider.  For example:

Authenticity - the information being transmitted is genuinely from the person or device it claims to be from, e.g., "sender is X".

Privacy - the information being transmitted is such that if divulged to a third party, violations of personal privacy may occur. E.g., "this customer's bank account number is X".

Proprietary - the information being transmitted is such that if divulged to a third part, a breach of confidentiality may occur.  E.g., "here are my prices for X".

Authority - the information being transmitted is such that it suggest a higher than normal level of authority, i.e., administrative data vs. user data. E.g., "change this user's access rights to X"

Accuracy - the information being transmitted is such that if an error in transmittal were to occur, life safety could be compromized, e.g., "the breaker status is X".

And so on.  There is an entire taxonomy of security issues related which we should brush up on.



David P. Chassin, MS K1-85
Pacific Northwest National Laboratory
Richland, WA 99352 USA
Phone: 509-375-4369
Email: Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I