Smart grids are a reality and the future, and they promise greater reliability, affordability, efficiency and, hopefully, a better and environmentally cleaner exploitation of available resources. But all that brings to light new threats to the grids. What does that entail and what can we do to defend them - these are the two main questions that this book offers the answers to.
About the authors
Tony Flick's background is in network and application security, assessments, compliance, and emerging technologies. In the energy industry, he has provided guidance for utilities companies and related technology vendors.
Justin Morehouse has performed over 200 security assessments for Fortune 1000 companies and Federal government agencies. He is currently the assessment lead at one of the nation's largest retailers, and adjunct professor at DeVry University and leads the OWASP Tampa chapter.
Inside the book
To be able to understand what the authors are talking about in the book, the first chapter is a must-read. It explains what a smart grid actually is and the infrastructure on which it rests. As with most technologies, the implementation of smart grids was rushed without giving much thought to security. Now, their security must become one of the top priorities.
When talking about electric grids, we're talking about power generation, transmission and distribution - but we're also talking about networks, because that is what an electric grid is and is comprised of. This chapter presents you helpful diagrams so that you can grasp the concept.
In the next one, you'll find out more about the threats to smart grids: natural, individual and organizational threats. A special part of the chapter is dedicated to the hacker threat and its various incarnations and motives. The impacts of these threats on utility companies and others are next, with various believable scenarios that point out the threats, their attack vectors and their impacts. From threats to individuals to those to entire countries - it makes you realize what the danger really is.
The next few chapters are dedicated to U.S.federal, state and local initiatives and laws to protect smart grids, as well as public and private companies that help in doing that. After that, special attention is given to the utilities companies and third party services with which they partner - which attack vectors they should be ready for, how to defend themselves against them, why it's important to keep tight security controls for partners, etc.
Finally, the authors address the use of mobile applications and devices, and social networking within smart grids - and the threats tied to that use. Following up are two rather technical chapters about attacks on smart meters and devices, and the book ends wit a rather detailed and very informative chapter on the future of smart grids and the various developments that consumers, technology vendors, utilities companies and security experts should expect.
Securing the Smart Grid targets a very specific audience - experts responsible for the security of smart grid deployments, their auditors, and developers and engineers that work on them. For them this book is valuable resource - the topics are covered in depth and in a clear and simple manner. A great number of tips and security checklists in this book should prove really handy.
That being said, a less specific audience could find interesting and benefit from the first and last chapter, and the two that deal with threats to the consumers and to utilities companies.