Transcript Title – Tahoma (bold), 30pt

Analyst Presentation
Cyber-Security
& Interoperability Breakout - Michelle Mindala-Freeman
National
Town
Meeting
– July 14,
2009
Confidential
Company
Overview
& Update
November
2008`1
DRAFT
November 2008
1
Landis+Gyr Confidential
Introduction…
+Many of Landis+Gyr customers have been early adopters of
intelligent, automated metering systems
+We design smart grid solutions for these customers & prospects that
meet operational & financial objectives and consumers’ needs
+We believe interoperability isn't an end – it’s an process that
requires diligence in design & implementation to deliver real value
+ Security is paramount; however, delivering a secure smart grid is
a journey…perhaps without a final destination
+Our core approach is to deliver the right building blocks for an
interoperable and secure smart grid – rapidly delivery technology
at the pace of value - value to the utility, to the consumers and to
this growing market
2
Landis+Gyr Confidential
Landis+Gyr – where we are the smart grid…
+5,000 people in 30 countries with $1.3B+ in sales.
+Over $1B invested in more than a dozen companies
+ 15+years of fixed network deployment and measurement
automation experience
+Global leader in metering – PG&E, PEPCO, SMUD, E.ON, CHED
+ Leader in fixed networks - 20M+ embedded endpoints - Oncor,
Austin Energy, AEP Texas, Fortis Alberta
Meters &
Endpoints
3
Communication
Networks
Data Management
Application
Demand
Management
Distribution
Automation
Deployment &
Operations
Services
Landis+Gyr Confidential
Interoperability – a means or an end?
+ A smart grid [will] employ real-time, two-way communication
technologies to allow users to connect directly with power
suppliers. The development of the grid will create jobs and spur the
development of innovative products that can be exported.
+The greatest benefit from the smart grid will be interoperability
that will open up every aspect of the generation, distribution, and use
of energy to innovation. *
+Products/ Services
+Improved Competition
+Time to Market
+Customer Value
Source: NIST Interim SG Standards June 09
4
Landis+Gyr Confidential
Interoperability – what can we learn?
+Internet analogy
+Telecom analogy
+Interoperability ≠ Plug and Play
+Specifications ≠ Uniformity
+Sameness ≠ Value
5
Landis+Gyr Confidential
How can we move forward “faster”?
+ Stay focused on drivers
+Drive, not stall, deployments
+Leverage upgradability
+Prioritize - set the value
+Value to Consumers
+Value between Systems
+Value within the System
+ Allow market forces to
+Scale with International
pace
work
Standards
+Flexibility for different Utility
conditions
6
Landis+Gyr Confidential
How is Landis+Gyr approaching Interoperability?
+Develop for Value 1st --- Interoperability at Head-End and HAN
+Protect for the Future -- Secure upgradability
– Meter, Comms & HAN
+Create Scale
– Supporting International standards & working groups
– Promoting Common information/Data Model – Multispeak  CIM
+Evolve for next value phase -- Working to fill standards gaps / refine
– Meter tables
– Common PHY/MAC
– Mesh routing protocols
7
Landis+Gyr Confidential
Security
+Cyber security is a critical issue due to the increasing potential of
cyber attacks and incidents against this critical sector as it becomes
more and more interconnected. Cyber security must address
deliberate attacks…[and] inadvertent compromises of
the…infrastructure*
+Key issues:
– Risk mitigation & protection in current systems
– Standards to assess & address risks in the system
– Addressing future vulnerability as the grid evolves
8
Landis+Gyr Confidential
Landis+Gyr’s Protections Today
+Privacy, Accuracy & Authenticity of Information
– AES encryption & protocol wrappers
– Randomized Meshed Paths
– Unique Channel Schemes
– HAN leveraging ECC
+Avoiding Disruption or Malicious Use of the
Network
– Role-based access control
– Device registration and validation
– Limited allowable / verified actions at the edge
– Natural protection via network design
9
Landis+Gyr Confidential
No one can sit still…
+Disruptions on a widescale today would take tremendous
experimentation & determination, with limited “results”
+However…
– Aug 18, 2008 - Staged cyberattack exposes vulnerability in power grid
– March 21st, 2009 – Power Grid Is Found Susceptible to Cyberattack
– April 8th, 2009 - Electricity Grid in U.S. Penetrated By Spies
– June 12th, 2009 – Hacking will be demonstrated in July
+The cat and mouse chase is on – system managers & vendors
will improve security postures as exploits are developed
10
Landis+Gyr Confidential
An approach to ongoing protection
NR
Authentication
• Providing Individual or System
Identity
Availability and
Integrity
• Avoiding Disruption of
Service
• Ensuring Information is
Unaltered
Confidentiality
11
• Non-Repudiation – Proof of Origin and
Receipt
• Keeping
Information Secret
Landis+Gyr Confidential
Landis+Gyr’s Top Recommended Security Practices
+Implement strong security techniques, such as mutual authentication,
cryptography & message integrity verification to protect information
+Provide countermeasures to identify potential breaches, the areas
affected, and a means for user’s timely reaction
+Ensure protection of all user and credential information, allowing
access according to designated rights.
+Incorporate use of access controls to ensure access to certain
data/functionality is allowed only to specific trusted entities
+Train all employees who have access to AMI data or controls.
+Perform ongoing 3rd-party penetration testing to uncover
vulnerabilities
12
Landis+Gyr Confidential
Thank you
Michelle Mindala-Freeman
VP, Marketing & Product Management, North Am
[email protected]
13
Landis+Gyr Confidential