Bob Radvanosky is one of the world’s leading cyber security experts, with more than two decades of experience designing IT security solutions for the utility, homeland security, healthcare, transportation, and nuclear power industries. The author of nine books on cyber security, Radvanosky lives by a simple mantra: “If it’s a system, it can be broken and exploited.”
After a little CIA-worthy skullduggery (Infracritical, the critical infrastructure protection firm he co-founded, publishes zero contact information on its website), we caught up with Radvanosky to get his insight into SmartGrid-related threats and opportunities.
For utilities investing in SmartGrid technologies, what are some current security threats they need to keep in mind?
Radvanosky: Three things. The first is accidentally overcharging customers. When PGE rolled out its smart meters a few years ago, customers who were part of the initial rollout were significantly over-charged at first. There was a class action lawsuit, and this is still a concern for a lot of people.
The second thing to keep in mind is that an adversary would be able to find out a person’s usage, a potential privacy issue. Third is remediation for system vulnerabilities. If a vulnerability is discovered, say by a private researcher, how quickly would that vulnerability would be addressed? How much would that cost, and would the utility take steps to remediate it?
Talk about the emerging security technologies you find most promising. How is grid security going to change in the next three to five years?
Radvanosky: More than anything else, both firms and technologies are starting to wake up to how important critical infrastructure is. Adversaries are taking advantage of what should have been secured infrastructures to get bank records, medical records, etc. Looking to the future, companies are developing technology to safeguard their customer’s financial information, their usage information, and other private data. There will be integrated technologies that allow utilities to track multiple types of customer data. Improvements in firewalls and intruder detection systems are also being explored. There will be applications focused specifically on these areas in coming years. These threats are being addressed, but slowly.
As a globally-renowned grid security expert, what keeps you up at night? What aspect of grid security worries you the most?
Radvanosky: The thing that keeps me up at night is vulnerabilities in devices attached to a larger network (transportation, energy). What’s secure today might not be secure tomorrow. In the case of SmartGrid, one concern is disruption of operations due to loss of telemetry from the customer to the company, or vice versa: in other words the accuracy of data recording. Another concern is vandalism -- meters or supporting infrastructure, -- which could have a devastating impact on local and regional communities. A third SmartGrid-related concern is the potential for injury – even fatalities, if a smart meter attached to a medical facility failed. What if someone was able to turn it off and prevent power delivery to a facility where patients were on life support? My biggest concern is that although that’s been discussed in the energy sector, I’m not entirely sure it’s been effectively addressed.