Mocana Speaker at the Smart Grid Conference

smartgridMocana's own Phil Montgomery will be part of an expert panel on smart grid security at the Smart Grid Conference next week in Los Angeles. He'll be talking about some of the challenges device manufacturers and integrators face when trying to rollout next-generation electricity infrastructure that's greener, but tougher for hackers to compromise.

Designing security software for the smart grid is a non-trivial undertaking, and it's a problem we've been working for a while now. Here's what we think is missing in some of the other smart grid security implementations we've seen:

  1. Smart grid security needs to interoperate with multiple security standards, and help utilities (and integrators) avoid vendor lock-in. The package should be a comprehensive solution that enables smart grid devices to interoperate with virtually any security specification, including those from Zigbee, HomePlug, AMI-SEC or IEEE1686. It should let implementers choose the algorithms and keysizes that work best for a particular device—whether that’s elliptic curve (ECC), RSA, AES or something else entirely. That keeps follow-on projects open to the best technologies at the lowest prices, and avoids taxpayers dollars being held hostage to one vendor’s proprietary approach.
  2. Smart grid security needs to scale. And we mean, really really scale. The software should enable utilities to achieve the tremendous per-byte security efficiencies they need in order to handle millions of meters and thousands of servers while maintaining high-availability and fail-over capabilities.
  3. Smart grid security needs to be efficient. The software should be comfortable working in resource-constrained environments, without a lot of spare memory or processor power. These new meters are smart, yes. But supercomputers they ain't, and cryptography is notoriously compute-intensive.
  4. Smart grid security needs to be FIPS-Certified. All government agencies and most contractors require FIPS-certification of cryptographic engines in the solutions they buy — and its a difficult certification to achieve. Smart grid security software should be available to integrators in both source code, *and* as a government-certified FIPS 140-2 Level 1 validated binary. While we're at it, it'd be nice if the engine supported NSA’s Suite B algorithms, providing secure communications between high-assurance (classified) and basic-assurance systems for those smart grid implementations interfacing directly with government agencies.