As we’ve pointed out recently, the power grid will increasingly be adding computing and intelligence, and will in turn be susceptible to the security issues that are currently plaguing the Internet. One of the smartest ways to address these concerns is by following the security lessons learned from the computer industry, and this morning computer security firm IOActive advocates just that.
IOActive says vulnerabilities in the smart grid should be addressed through proven techniques from the computing industry, such as adopting “the requirement of independent third-party security assessments of all Smart Grid technologies” and following a “formal Security Development Lifecycle, as exemplified by Microsoft’s Trustworthy Computing initiative of 2001.” IOActive is a decade-old computer security firm that boasts famous security geeks like Dan Kaminsky on its staff and is advised by Steve Wozniak.
IOActive isn’t the only one suggesting the new smart grid will need to take a cue from computing to combat security risks. Ben Schuman, an analyst with Pacific Crest Securities, and Joe Fagan, an attorney for Pillsbury Winthrop Shaw Pittman who’s spent his career representing the energy industry, told us the same thing last week. The computing industry has spent years developing successful tools to fight those that wish use the Internet for malicious intent. Why not utilize those techniques when it comes to the software and networks that will be managing the future of the power grid?