on 16 August 2013
Applied Cyber Security and the Smart Grid, written by Eric D. Knapp and Raj Samani, is an innovative book, as it offers a way in which we can implement security controls in the modern power infrastructure. It was exciting to find a book that was completely relevant and up to date in this field of research. Generally literature detailing the security concerns with the smart grid, focus on SCADA control system issues, ramble on about how Stuxnet was really bad and how we should have known better, or the inherent need for IT security policies. Thankfully, this is not the case in this publication.
Divided into 8 chapters, this book doesn't just focus on the security implications for the smart grid, but also details the environmental and economical factors involved. Case studies help explain security vulnerabilities and associated threats, and these connections are illustrated in figures and reference diagrams throughout the book. Furthermore, details on exploitation of these vulnerabilities are provided, as are examples of how cyber attacks on the power infrastructure can affect society. This offers the reader a well rounded understanding of why security controls needs to be implemented into the modern power infrastructure.
Also, in order to make the reader understand how these vulnerabilities can affect them, the authors detail the privacy concerns related to the smart meter. The information the power industry possess on a home user could be used in a malicious way. The smart grid vulnerability conundrum is bigger than that, but the authors assert that the problem can be fixed with tailored security mechanisms, and that's comforting to the reader.
The most notable point, in my opinion, is the interconnectedness of the smart grid. This is particularly concerning as you can draw a line from a customer's energy management system (EMS) in their home, all the way to the bulk energy control system and G-SCADA system in the smart grid. This large-scale distribution of systems makes it challenging to effectively segment these systems resulting in an architecture that makes it relatively easy for an attack to move between systems. For the reader unfamiliar with the area, an overview is provided on what the smart grid is; the components present, and the key security and privacy vulnerabilities associated. Also, there is a detailed glossary for those new to some of the industry terms, and this is quite helpful.
For those familiar with the topic, you can use the index and go to areas of interest. Detailed examples of how the security vulnerabilities in the smart grid can have major impact on society, with balanced threat analysis and protection mechanisms, is present, but at no time does it seem like we are being bombarded with information. It explains how you, the reader, could be affected by data breaches and malicious threats. While giving the reader insight into the weaknesses within the energy infrastructure, and providing them with tools for protection, they are also given a list of sources for further reading.
The accessibility of the book is what compels me to highly recommend it. Written in a friendly, informal manner, the authors invite the reader to gain an insight of the area. There is also an invitation to discuss the topic, to question and address any concerns with them through social media. Not many authors openly give permission for the reader to critique their work, and I think it is this approachable style that made this book even more enjoyable.
The experience of the authors in the cyber security and smart grid field is evident throughout the book. Eric D. Knapp brings a wealth of knowledge and firsthand experience of industrial control cyber security. His current role promoting the advancement of embedded security technology for the protection of SCADA and industrial control systems clearly brings substance to their future work claims. Raj Samani is currently working as the VP, Chief Technical Officer for McAfee, with previous experience in cyber security and research orientated working groups. Joel Langill, the technical editor of the book is referenced quite often throughout, as is his website [...] Joel's proven experience with integrated industrial control system architecture and design, functional safety, and operational security skills make him the perfect editor, to compliment the knowledge of the authors.
The authors, in their approach, have made a book that can be enjoyed by both the reader with a technical understanding of the area, and by the reader who isn't totally au fait with it, or why we should be worried about the associated vulnerabilities. All in all, I would wholly recommend this book as it is an exciting topic that is often overlooked or deemed exaggerated and irrelevant.