|
PRESENTATION:
|
Developing a Secure Smart Grid
|
|
PRESENTER(S):
|
Ido Dubrawsky, Senior Principal Systems Engineer and Security Engineering Team Lead for Itron, and Michael Milvich, Principal Security Consultant for IOActive
|
|
CONFERENCE:
|
Itron Security Week
|
|
LOCATION:
|
JW Marriott Hill Country Resort in San Antonio, TX
|
|
DATE & TIME:
|
October 21, 2014 at 11:15 AM
|
Utilities deploying Smart Grid and AMI systems face many serious security concerns ranging from the individual system components to the deployment architecture as whole. Achieving technical assurance requires developing processes and policies, participating in threat modeling, and performing penetration testing. Utilities want strong assurances that the devices they deploy in the field for the next 20 to 25 years are designed, hardened, and tested to resist attacks and subversion by malicious parties. Additionally, utilities want to validate their architecture design and test it for vulnerabilities before actual deployment begins.
To help meet these needs, utilities should look to how manufacturers develop their products and choose systems where security is a “baked-in” rather than a “bolted-on” component. Manufacturers must tightly weave and integrate security activities into their product development lifecycle activities, including developing security requirements, participating in threat modeling, adopting secure coding and design practices, and performing penetration testing.
This talk by Michael and Ido will focus on the technical assurances utilities can use to test their Smart Grid and AMI deployments as well as the security practices manufacturers should use to harden their products.
About Michael Milvich
Michael Milvich, Principal Security Consultant for IOActive, is experienced in exploit development, reverse engineering, fuzzing, network, and application testing. As a security consultant at IOActive he performs penetration testing; identifies system vulnerabilities; and designs custom security solutions for clients in software development, telecommunications, financial services, and non-profit organizations. Mr. Milvich’s focus has been on assessing industrial control systems within the electrical power industry and on testing embedded devices.
About Ido Dubrawsky
Ido Dubrawsky is a senior executive in information technology. During his twenty-year career, he has worked in information technology management, security product innovation, and revenue generation in the software and telecommunications industries. Mr. Dubrawsky has a substantial record of leveraging teams and technology to meet profit and goal expectations. He has demonstrated ability to align product development and security strategy with corporate goals through technical and business expertise.
About Itron Utility Week
Itron Utility Week is the utility industry’s premier customer-focused event providing its customers the opportunity to learn from and collaborate with Itron employees, partners and industry leaders to drive better management of energy and water resources. This year the conference is focused on our customers and how they are being resourceful to improve their organizations, and the communities they live in, every day.
About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###
Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github