[energy-transport-wg] [Fwd: Re: Securing the Energy Grid with OSS]

Stanley A. Klein sklein at cpcug.org
Wed Nov 25 09:53:28 CST 2009 
Oops, I hit reply instead of reply all.

---------------------------- Original Message ----------------------------
Subject: Re: [energy-transport-wg] Securing the Energy Grid with OSS
From:    "Stanley A. Klein" <sklein at cpcug.org>
Date:    Mon, November 23, 2009 9:19 pm
To:      "Tom Kent" <teeks99 at yahoo.com>
--------------------------------------------------------------------------

I don't know where to start in responding.  The best places I can send you
are to http://www.nist.gov/smartgrid and to
http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/WebHome

Within the Twiki, there are the Computer Security Coordination Task Group
(CSCTG) and its myriad of subgroups.  I'm on Bottom Up, Vulnerability, Top
level Requirements, R&D, and Standards, and I chaired Electric
Transportation.  I'm also on the T&D Domain Experts Working Group (DEWG)
and just joined the team for Priority Action Plan (PAP) 11 (also Electric
Transportation) and am active in the IEEE standards WG's that are related
to PAP 14.  I'm also on the hook to respond to questions from the CSCTG
Privacy sub-group regarding ET.

I commented regarding the two non-open standards in the Framework (ARRA
added a requirement for open standards).

The two main documents linked from the smartgrid page are the Framework
and the security NISTIR.  The best thing you can do right now is to
comment on the NISTIR (closing date is December 1, although there will be
a new version and another round of comments after that, and they won't
ignore comments coming in after the closing date).  The Framework comment
period is closed (although if you send in comments late they may consider
them).  Another thing to do is to join the SGIP as an organization.  It
can be either in participating or observing mode.

The CSCTG has a working groups page with all the groups, their sub parts
of the CSCTG Twiki page and the day and time of their weekly conference
calls.  You email Annabelle Lee of NIST to get on the mailing lists, of
which there is one for the CSCTG and one per subgroup.  There are also
mailing lists for the PAP teams.  See the PAP pages for details.

There are also lots of documents.  Happy reading.

BTW, my small startup company is working on an OSS version of one of the
core Smart Grid standards, although we are currently searching for a
funding foothold in all this activity.


Stan Klein


On Mon, November 23, 2009 5:56 pm, Tom Kent wrote:
> Recently I saw that a bunch of stimulus funds were handed out for
> bringing the nation's electrical grid into the 21st century.  A big part
> of this is using computers to control various parts of the grid, from
> utility scale substations down into the home with smart meters and smart
> appliances.
> http://arst.ch/9bz (arstechnica.com)
>
> Anytime you take infrastructure and connct it to computers you are
> opening it up to a whole new set of threats as well as bringing privacy
> implications.
>
> Here's a couple great articles that go into the details better than I can:
> http://www.wired.com/threatlevel/2009/10/smartgrid/
> http://arst.ch/a7g (arstechnica.com)
>
> I believe that there is an oppertunity for help in these situations from
> the OSS community.  here are a couple things i think we could make an
> impact on:
>
> - Open protocols and specifications
> With all the new technology coming down the pike, all sorts of companies
> will be sprining up with their gadget or software that will solve some
> problem. This community could work towards making standards of
> interoperability so that all these entities could work together.
>
> - Network security
> Putting millions of new, network connected, devices out there could lead
> to a field day for hackers.  I believe that the OSS community could
> quickly develop security technologies that manufactures could then
> cheaply incorporate into their devices.
>
> - Privacy
> OSS has a long history of taking a proactive approach on individual
> privacy.  This could be utilized to provide software that is built from
> the ground up to give uses the privacy that they deserve, while still
> pushing forward great new technologies.
>
> I don't have any particular plans, but I was hoping that this could stir
> some conversation and the members of this list would be interested in
> moving forward on some of this.  Thoughts?
>
> Tom Kent
>
> _______________________________________________
> energy-transport-wg mailing list
> energy-transport-wg at opensourceforamerica.org
> http://opensourceforamerica.org/cgi-bin/mailman/listinfo/energy-transport-wg
>


-
More information about the energy-transport-wg mailing list