Thursday, August 20, 2009

5 Years and How Many Devices?

We were working yesterday on some background for our continuing research on Smart Grid device security, and I found an absolutely prescient piece by an associate professor at CMU, in the Department of Electrical and Computer Engineering, named Philip Koopman. The article was carried in July, 2004 by Embedded Computing Magazine. You can find it here.

I'd recommend you give it a read, because it provides some non-Apocalyptic views of the dangers of insufficiently secured micro-controlling devices, just the kind that we have been worrying about as we watch Smart Grid pilots, roll-outs, and meter buys over the past year. The Smart Grid wasn't yet in vogue, and the interactive power management that empowers it was not evident, but Professor Koopman does an excellent job of painting some non-tragic but disturbing scenarios in an even less connected energy market.

We at the Smart Grid Security Blog continue to plead, on street corners, conferences, and on Capitol Hill, that people take a closer look at their new interactive power infrastructure before we find ourselves in too deep. Would that we knew Professor Koopman in 2004, because he shines a light years in advance of our current road to risk:
Many embedded systems are created by small development teams or even lone engineers. Organizations that write only a few kilobytes of code per year usually can’t afford a security specialist and often don’t realize they need one. However, even seemingly trivial programs may need to provide some level of security assurance. Until standard development practice includes rigorous security analysis, developers may overlook even the solutions already available.
You are a man ahead of your time, Koopman.

No comments: