Learn more Download now Shop now Learn more Shop now Shop now Shop now Shop now Shop now Shop now Shop now Shop now Learn More Shop now Shop now Shop now Learn more Shop Fire Shop Kindle Learn More Shop now Shop now

Customer reviews

5.0 out of 5 stars

on 16 August 2013
Applied Cyber Security and the Smart Grid, written by Eric D. Knapp and Raj Samani, is an innovative book, as it offers a way in which we can implement security controls in the modern power infrastructure. It was exciting to find a book that was completely relevant and up to date in this field of research. Generally literature detailing the security concerns with the smart grid, focus on SCADA control system issues, ramble on about how Stuxnet was really bad and how we should have known better, or the inherent need for IT security policies. Thankfully, this is not the case in this publication.

Divided into 8 chapters, this book doesn't just focus on the security implications for the smart grid, but also details the environmental and economical factors involved. Case studies help explain security vulnerabilities and associated threats, and these connections are illustrated in figures and reference diagrams throughout the book. Furthermore, details on exploitation of these vulnerabilities are provided, as are examples of how cyber attacks on the power infrastructure can affect society. This offers the reader a well rounded understanding of why security controls needs to be implemented into the modern power infrastructure.

Also, in order to make the reader understand how these vulnerabilities can affect them, the authors detail the privacy concerns related to the smart meter. The information the power industry possess on a home user could be used in a malicious way. The smart grid vulnerability conundrum is bigger than that, but the authors assert that the problem can be fixed with tailored security mechanisms, and that's comforting to the reader.

The most notable point, in my opinion, is the interconnectedness of the smart grid. This is particularly concerning as you can draw a line from a customer's energy management system (EMS) in their home, all the way to the bulk energy control system and G-SCADA system in the smart grid. This large-scale distribution of systems makes it challenging to effectively segment these systems resulting in an architecture that makes it relatively easy for an attack to move between systems. For the reader unfamiliar with the area, an overview is provided on what the smart grid is; the components present, and the key security and privacy vulnerabilities associated. Also, there is a detailed glossary for those new to some of the industry terms, and this is quite helpful.

For those familiar with the topic, you can use the index and go to areas of interest. Detailed examples of how the security vulnerabilities in the smart grid can have major impact on society, with balanced threat analysis and protection mechanisms, is present, but at no time does it seem like we are being bombarded with information. It explains how you, the reader, could be affected by data breaches and malicious threats. While giving the reader insight into the weaknesses within the energy infrastructure, and providing them with tools for protection, they are also given a list of sources for further reading.

The accessibility of the book is what compels me to highly recommend it. Written in a friendly, informal manner, the authors invite the reader to gain an insight of the area. There is also an invitation to discuss the topic, to question and address any concerns with them through social media. Not many authors openly give permission for the reader to critique their work, and I think it is this approachable style that made this book even more enjoyable.

The experience of the authors in the cyber security and smart grid field is evident throughout the book. Eric D. Knapp brings a wealth of knowledge and firsthand experience of industrial control cyber security. His current role promoting the advancement of embedded security technology for the protection of SCADA and industrial control systems clearly brings substance to their future work claims. Raj Samani is currently working as the VP, Chief Technical Officer for McAfee, with previous experience in cyber security and research orientated working groups. Joel Langill, the technical editor of the book is referenced quite often throughout, as is his website [...] Joel's proven experience with integrated industrial control system architecture and design, functional safety, and operational security skills make him the perfect editor, to compliment the knowledge of the authors.

The authors, in their approach, have made a book that can be enjoyed by both the reader with a technical understanding of the area, and by the reader who isn't totally au fait with it, or why we should be worried about the associated vulnerabilities. All in all, I would wholly recommend this book as it is an exciting topic that is often overlooked or deemed exaggerated and irrelevant.
0Comment|Was this review helpful to you? Report abuse
on 5 May 2013
I had been eagerly awaiting this new book from authors Raj Samani and D. Knapp on a very topical subject of Smart Grid security. Everyone today talks about Smart meters and there seem to be a lot of misconception and confusion about smart meters and smart grids. The book puts any confusion behind by clearing the mist.

The first two chapters smartly explain what the smart grid is, detailing its components of a complex system, in which smart meters are just one of many components. The chapter three shows weaknesses in the systems' designs and how these could be used maliciously, yet keeping the level of detail consciously low to not give someone a guide how to do cause harm. While reading this chapter, I was wondering that it is a small wonder there have not been substantially more cyber incidents in the electricity generation, transmission and distribution.

Chapter four dives into the privacy topics, explaining how collection of electricity consumption data, mostly from the smart meters, has privacy implications. Certainly, when I have my smart meter installed I will be asking tough questions collection intervals and data anonymisation.

Chapter five goes into details of technical standards and protocols, and is a good reference point when doing research on the topic of the smart grid.

I really love chapters six and 7 which explain securing the smart grid components and the supply chain. The section about the situational awareness is well written, and should be read by many SIEM and big data analysis vendors. Clearly, there is a lot of data collected in a smart grid network, security, system, application and person related.
The chapter on securing the supply chain is an exceptional piece of work that one could adapt to other supply chains.

In the big finale, the chapter on the future of the smart grid talks about where this legacy, well interconnected, insecure and highly critical national asset's future should lie. The personal RFPs (P-RFP) is one of my favourite topics that has potential to change the supply chain substantially. It is quite clear that consumers will have much more power in choosing suppliers, being helped by smart meters; while suppliers will benefit from secure smart grid providing wealth of information for the grid optimisation. The big question, with regards to securing critical assets, such as smart grids, is who is going to pay for it. My guess is it will be us consumers for our collective benefit!
I thoroughly enjoyed the book on my Kindle and can wholeheartedly recommend to anyone caring about where your electricity comes from.

Well done Raj and Eric
0Comment|Was this review helpful to you? Report abuse

Need customer service? Click here