[SCADASEC] 'Smart' power meters herald future of ourelectricity use

Old, Bob (SBT US) bob.old at siemens.com
Wed May 7 11:46:45 CDT 2008 

I'm most familiar with the communications within the residences between
the utility meters and the Programmable Communicating Thermostats.
Southern California Edison has been responding to the California Energy
Commission requirements for residential Demand Response.  They are using
ZigBee to meet OpenHAN requirements.  However, I'm in ZigBee on the
Commercial Building Automation side, which has yet to feel the brunt of
the CEC mandates.

The network communication security within the residence is adequate to
the task.  I believe the network communication security between the
Utility and the meters to be every bit as robust.  The utilities and the
meter OEMs required some of the same technology for within the residence
as was used between the meter and the utility company.  I heard that the
NSA had paid millions of dollars to one of the ZigBee participants for a
license to use some of this technology having to do with ECC.  Some of
these security procedures are specified in section 4 of the current
ZigBee stack document.  This is available on the public side of the
ZigBee website.  After the Smart Energy Profile is approved, the Key
Establishment cluster will be moved to the ZigBee Cluster Library which
is also available on the public side of the ZigBee website.  If you're a
propeller-head like me, these make for great reading!

As Marc notes below, this security is directly related to Utility
revenue; they take it very seriously.  The people involved from all
parties are top-notch professionals.

Best,
B.O.  May 7, 2008
--
Robert Old
Siemens Building Technologies, Inc., HVAC Products
1000 Deerfield Pkwy., Buffalo Grove, IL 60089-4513  USA
Phone: +1(847)941-5623, Skype: bobold2
bob.old at siemens.com

-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Marc
Tritschler
Sent: Wednesday, May 7, 2008 3:40 AM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] 'Smart' power meters herald future of
ourelectricity use

It is a SCADA-like security issue, by virtue of the fact that the
architectures are not dissimilar - large numbers of field devices (smart
metering implementations in fact will have even more data points than
large SCADA), and with new smart meters the control element may exist in
order to facilitate remote disconnection.  There are additional risks
due to
the fact that the meters could be accessible by anyone because of their
location (at least one in every home).  I believe that there are also
some
different elements, because metering has a direct relationship with
utility
revenue.  This opens up the potential for fraud attempts.  I'd also be
interested in list subscribers opinions about the relevance of Sarbanes
Oxley (SOx) here.

Marc


2008/5/6 ljknews <ljknews at mac.com>:

> At 7:28 AM -0500 5/6/08, Bob Radvanovsky wrote:
>
> > ** BOB'S NOTE:  Without some individuals' comments that this isn't a
> 'SCADA security related issue', I say that it -- potentially -- is and
can
> be.  What are the possibilities of architectures, such as this, of
being
> hacked, modified and manipulated?  If so, without going into too much
> technical detail -- how???
> >
> > =============================
> >
> > URL: http://www.physorg.com/news129131121.html
>
> > His utility, PPL Corp., is among a growing number of electricity
> > providers that are testing pricing plans in which rates are set
> > higher during the hours of peak demand, roughly following the
> > curves of supply and demand in the wholesale energy markets.
>
> This is "new" only for residential customers.  It has been used
> for non-residential customers for decades, and those can be more
> of an infrastructure risk than residential customers.
> --
> Larry Kilgallen
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
>
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>

_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec

To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html

scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec

More information about the scadasec mailing list