Smart Grid Security An Open Question As Vendors Shore Up Equipment

April 21, 2010

There are signs the smart gird is under attack. Not on a large scale, or successfully, so far. But indications are that hackers have turned their intention from the Internet to the power grid.

The roadmap for doing so is publicly available. Last year, IOActive attracted broad attention when its researchers found vulnerabilities in a smart meter and suggested only $500 of equipment was be needed to get inside. The security firm then paved a path by adding software code to one device and spreading to another, as if it were a digital worm or a virus on the Internet.

SmartSynch adds IPsec authentication to its GridRouter. Analysts says utilities need to adopt security strategies

Just last month, InGuardian joined the search party. It was hired by three utilities to probe smart grids and smart meters, and it found flaws in meters from each of the top five manufacturers. The flaws were serious. The researchers found they could sneak inside the meters, the first step to stealing data or turning off power.

According to analysts, smart grid security is a problem that utilities haven’t yet faced up to addressing. There is “denial about the scope and extent” of efforts required to secure smart grids, wrote one Gartner analyst just last week.

Meter and equipment makers have responded by adding more security to their devices. But many analysts argue the biggest improvement will come when utilities focus less on spot solutions and adopt broad security programs or strategies.

Nonetheless, worthwhile improvements continue in the vendor community. In one announcement Wednesday, SmartSynch struck a deal with security firm AuthenTec to add IPsec security to its GridRouter.

The grid router already encrypts communications. Now it will require equipment to authenticate its identity with secure “certificates” before data can be sent.

With some 8 million smart meters deployed in the United States, “we have to assume there are bad actors out there,” says Ravi Raju, SmartSynch’s vice president of corporate strategy.

Leave a Comment » | news | Tagged: , , , , | Permalink
Posted by Mark Boslet

Public Computing Clouds Could Be More Secure That Private Ones

June 26, 2009

At the top of the list of corporate concerns about cloud computing is security.

But before long companies debating whether to migrate their applications into a hosted cloud may find public networks are safer than their own.

Not all private companies maintain the same discipline, says Suns Greg Papadopoulos

Not all private companies maintain the same discipline, says Sun's Greg Papadopoulos

Most public clouds are run in a more secure manner than the networks enterprises maintain on their own, says Sun Microsystems CTO Greg Papadopoulos.

Not all private companies maintain the same discipline, he said Thursday at the Structure 09 conference in San Francisco.

Cloud computing is among the most talked about trends in modern computing – especially today when its promise of lower costs turns heads in corporate suites. Many IT managers are said to be looking closely at moving applications into hosted clouds as they seek to free up technology budgets for new projects and hope to add flexibility to their computing infrastructures.

But the most significant drawback is security. Companies rightly fear that their important customer data could be compromised or stolen if it is hosted in a public cloud.

During a panel discussion at the conference, Papadopoulos turned that thinking on its ear.  The incentive for an employee at a public data center to rifle a company’s data is arguably less than an employee at the company itself, who knows its value, he said.

It could end up that public centers are the more compliant places to be, he said.

Papadoploulos’ thinking could be right. But it will take time for enterprise customers to swallow this counter intuitive pill.

Leave a Comment » | news | Tagged: , , | Permalink
Posted by Mark Boslet

Trend Micro Redefines 20-Years Old Antivirus Industry With Free Cloud Offering

April 13, 2009
Trend Micro wants enterprises to rethink their endpoint security strategy by giving away the latest version of OfficeScan

Trend Micro wants enterprises to rethink their endpoint security strategy by giving away the latest version of OfficeScan

With Trend Micro‘s OfficeScan 10, constantly updating your antivirus software for the latest malware infection is now a thing of the past.

File reputation is the main innovation of this latest incarnation of the Cupertino, Calif.-company’s enterprise antivirus solution released today.

OfficeScan 10 takes the burden of updating the malware list and analyzing each file on the PC, off from the local machine and on to its security cloud, the Smart Protection Network (SPN).

Enterprises also have the option to run a “private” cloud (using the publisher’s SmartScan Server) to which PCs will connect to, instead of Trend Micro’s SPN.

The new cloud-centric technology reduces by 20 percent the antivirus software footprint on each PC, compared to previous versions, while offering 20 percent better protection overall.

“For 20-years, the pattern file (the database of all the bad files in the world) has always existed on the endpoint… In 2008, Trend Labs, our malware research arm, saw 800 new unique malware threats every single hour. In 2009, we expected that to grow to 1,500, and by 2010, there will be 25,000 threats per hour! And it’s a nightmare for IT administrators who have to check that each PCs are updated with the latest pattern file, ” explains Ron Clarkson, Trend Micro’s director of Endpoint Security.

No more downloads of antivirus updates

With OfficeScan 10, there are no updates being downloaded on users’ PCs; which now query the malware database residing on the enterprise’s private cloud or on SPN. A solution that should greatly simplify the work of the IT staff, thus reducing the overall cost of management.

“Traditional security approaches make it very hard for IT administrators to predict ressources utilization at an endpoint over a period of time… 800 new malware every hour, eventually is going to take a toll on the ressources on the endpoint. But with our new technology, these ressources used by the antivirus software still grow but by only 1 or 2 percent a year,” said Clarkson.

Because all the PC’s security (email, Web, file) is now done in the cloud, latency could be the major inhibitor of Trend Micro’s antivirus solution. “We think we solved this issue by providing a hybrid solution with both a private cloud, behind the enterprise’s firewall, and our SPN public cloud managed by us,” adds Clarkson.

To entice companies to move to its newest architecture, Trend Micro is giving away the standard version of OfficeScan 10 to all its current customers. An advanced version is also available for $30 per endpoint (PC, laptop, smartphone).

Here’s a video excerpt of our conversation with Clarkson about the OfficeScan 10 release and why a cloud offering makes sense:

1 Comment | news, software | Tagged: , , , | Permalink
Posted by TechPulse 360

Google Defends Security Of Its Online Docs

April 6, 2009

Google came to the defense of Web-based Google Docs on Monday, claiming that security concerns “do not pose a significant risk to our users.”

The concerns were raised last month by BlueWax analyst Ade Barkah, who said the glitches could expose private data even after a document has been deleted.

For instance, an image in a document would still have its own Web page after the document was erased and someone on the Internet could find it. Another new Google feature called Insert Drawing – which lets a user insert a drawing into a document – stores drawing revisions and could potentially let an outsider access them.

Google in a blog post pointed to ways a user could fully delete an image and keep unwanted viewers from earlier versions of a drawing.

“We are also exploring alternative design options that might further address the concerns,” said Jonathan Rochelle, product manager at Google.

In other words, I guess the work-arounds aren’t enough.

Googles new Insert Drawing feature is under scrutiny

Google's new Insert Drawing feature is under scrutiny

Leave a Comment » | news, online security, web 2.0 | Tagged: , , , | Permalink
Posted by Mark Boslet

Most Companies Have Security Policies, But Workers Ignore Them, Cisco Survey Says

October 28, 2008
More than half of workes ignore secuirty policies

More than half of workes ignore secuirty policies

Most computer security studies don’t get much attention in the media. But this one caught my eye.

Here’s the top newsline: 77 percent of companies have security policies in place, according to a survey of corporations in 10 countries commissioned by Cisco Systems. This is good news if you’ve ever worried your identity might be the next one lost or stolen in the rash of data breeches at major (and minor) companies around the world.

Now the bad news: more than half of employees admit that they don’t adhere to the policies. In France, 84 percent of workers surveyed said they defied policies. In India, 11 percent said they never or rarely abide by them. Doesn’t that make your sub-continent outsourcing decisions look good?

The top reason workers cite for not paying attention to security policies is that the measures run counter to the demands of their jobs. In others words, 42 percent of employees globally believe security gets in their way.

Others fail to grasp the magnitude of security risks while others cite apathy. Sobering, ehh?

Leave a Comment » | computers, news, online security, software | Tagged: , , , | Permalink
Posted by Mark Boslet

With Fraud As A Service, Online Fraud Becomes Mainstream, RSA Security Expert Warns

September 25, 2008

Online fraud was long considered to be not for everyone.

First, because thankfully only a fraction of the population actually dream to become fraudsters with all the gains but also the pains this illegal activity brings.

But also because it’s just not easy as it looks to become a “good” thief and steal people’s online identities or hack into their online bank and/or credit card accounts.

“Believe it or not, when you enter the online fraud community, you have to make a career choice”, says RSA security expert Uri Rivner (pictured) speaking at yesterday’s EMC Silicon Valley briefing. “Either you specialise in harvesting or phishing for identities (social security numbers, bank accounts, etc…) or you specialise in cashing-out on those identities i.e. using them to get cash or buy products. And it’s very hard to do both, because it requires different skill sets.

Read the rest of this entry »

Leave a Comment » | news, software | Tagged: , , , , | Permalink
Posted by TechPulse 360

Follow

Get every new post delivered to your Inbox.

Join 32 other followers