EBN - Semico Spin - How Many Vulnerable Points Can the Smart Grid Have?

datasheets.com EBN.com EDN.com EETimes.com Embedded.com PlanetAnalog.com TechOnline.com

Events ▼

UBM Tech ▼

PlanetAnalog.com

					MOBILE




Home Blogs Message Boards Research Key Sections Supply Chain \| Join Login About

Facing Supply Risks: Korea, Europe, and Future Supply Chain Shocks - Peter Drucker famously ... Transferring Sourcing & Payment to the Cloud - Collaboration with sourcing partners and B2B ... Vietnam Stymied by Ongoing Port Headache - Asia's transportation revolution was supposed to ... Manufacturers Can Learn From Showrooming - The supply chain business model requires novel ... Boeing Cuts Both Risk & Costs - After reducing risk by spreading out its operations, Boeing ...
	SEMICO SPIN How Many Vulnerable Points Can the Smart Grid Have? Bio Email This Print Comment Michell Prunty, Semico Research 7/2/2012 (8) comments NO RATINGS Login to Rate Tweet The answer to the question in the headline, it turns out, is many. So many, in fact, that the consensus is to just give up. Your system is vulnerable. Someone, somewhere, can get into your system as you're reading this, turn on your printer, turn on your camera, snap a picture of you, draw a funny picture on it, and then send it through your printer as you look on in confusion. This has, yes, actually happened to me. There are so many vulnerabilities along the grid that trying to fix all the little holes could drive software engineers crazy. So, to keep us all sane, let's focus on minimizing the damage instead of eliminating it altogether. There are three points of entry for the smart grid: The consumer segment: This segment includes devices like your phone or tablet or computer. The concentrator segment: This segment includes your router or a wireless gateway. This segment manages maybe a dozen or so consumer devices. The backend: This segment includes a few servers that manage thousands of concentrators. When the backend goes down, whole regions can go dark. Of course, while the most important point along the grid is the backend, the most vulnerable point is the consumer segment. It's the most vulnerable because security hinders a user's ability to enjoy his product, so we as consumers often ignore security. But really, if a hacker gets access to your phone, you're the only one affected. So instead of spending millions of dollars and hours trying to save us from ourselves, doesn't it make more sense to focus on the backend, where, if a hacker gets access, thousands of systems could be affected? Freescale Semiconductor Inc. agrees, and its QoriQ T4240 with Layerscape addresses these issues with Trust 1.1 and 2.0. Freescale defines a secure product as something that satisfies four requirements: It has an irreversible configuration, which means that it has a secure boot and is tamper-resistant because the code has been hardwired into the silicon. It is uniquely identifiable with strong authorization requirements. There are runtime integrity checks. It has secure communication channels. As a result, the right code will only work with the right security key. No security key means the product is effectively bricked. And with Freescale, if its product senses tampering, then the flash that stores all the authorization codes will be wiped so the codes cannot be stolen. Considering that anywhere from 50 percent to 73 percent of passwords are used over and over again, credential stealing can become a serious problem. Freescale's solution eliminates the possibility of credential stealing by assuming the possibility of a security breach and minimizing the damage from the start. Keep in mind that these security measures aren't for your phone or computer, but for enterprise-level servers that handle thousands of smaller systems, ensuring that the backend stays up so we can keep using our phones. Security should be happening on the backend, and the people at the Freescale Technology Forum agreed. It was quite refreshing to sit in on a discussion that was willing to address the fact that you cannot secure the grid from the consumer segment, even if it is the most vulnerable. Email This Print Comment COMMENTS View comments: newest first \| oldest first \| threaded [close this box] User Rank Supply Network Guru Re: Attack methods improve also syedzunair 7/12/2012 10:57:26 AM NO RATINGS Login to Rate Michell, Server end security is more sophisticated and requires much more work than user end security. It is important to protect that part of the cycle because all the information may be accessed if a server has been hacked into. Reply Post Message Messages List Start a Board User Rank Blogger Re: Attack methods improve also Michell Prunty 7/5/2012 1:39:41 AM NO RATINGS Login to Rate @ syedzunair Vulnerabilities from a consumer's end are only a part of the problem. We can add as many layers of security as we want on the consumer end, and that will never solve the problem. It will just waste money and anger the customers. The bigger threat, which Freescale's solution is directed towards, in on the server end. Credential stealing on that end can be as simple as someone accidentally downloading a behind-the-curtain keylogger to get as many passwords as possible. Those passwords can then be used to open up other secure networks. (or steal Sony PS3 passwords... or linkedin passwords... or government passwords?) IMO, security should be focused on those types of security breaches that can bring down regional communication or power supplies. Those security breaches don't come from the random transactions we make on our cell phones. Minimizing damage doesn't mean stopping the intrusion – it means minimizing how much theft can occur once the hacker is inside, and that's what Freescale's solution does. Reply Post Message Messages List Start a Board User Rank Supply Network Guru Re: Attack methods improve also syedzunair 7/4/2012 3:56:43 PM NO RATINGS Login to Rate Michelle, it seems difficult to prevent credential theft because every user is exposed to threats ona regular basis. A mechanism that would help to reduce the theft impact could be to go for an additional layer of security when performing transactions. Reply Post Message Messages List Start a Board User Rank Supply Network Guru Re: Credential stealing mfbertozzi 7/4/2012 3:31:58 AM NO RATINGS Login to Rate That's right, but going further I was thinking implication due to biometric smart for bypassing vulnerability at current stage; it seems real applications are still not widespread, imo benefits could be a lot. Reply Post Message Messages List Start a Board User Rank Supply Network Guru Credential stealing Jacob 7/4/2012 12:49:35 AM NO RATINGS 1 saves Login to Rate Credential stealing is so common in most of the sector, irrespective of it's a software or hardware. So far no tamper proof solutions are available, but there should be some mechanisms to minimize the user's bad experiences. Now a day's real-time token generation is also not safer because of many reasons. Reply Post Message Messages List Start a Board User Rank Blogger Vulnerabilities Barbara Jorgensen 7/2/2012 5:35:53 PM NO RATINGS Login to Rate I've always been leery about the consumer market and smart technology. "Smart" seems to add a layer of uncertainty that hardwired plain-old-systems don't have to face (yet.) I also agree that focusing on the infrastructure is where the attention should be. Although getting into the grid is possible through the consumer interface, breaking into the infrastructure can wreak so much more havoc. This week's experience with power failures and record high heat should remind us how dependent we are on energy and that a prolonged outage costs lives. If your e-mail goes down, it's an inconvenience. If you lose power...it's another story. Reply Post Message Messages List Start a Board User Rank Blogger Re: Attack methods improve also Michell Prunty 7/2/2012 12:25:22 PM NO RATINGS Login to Rate @Cryptoman Absolutely - which is why its better to stop worrying about stopping all threats (because that's impossible) and instead worry about minimizing the damage. Credential stealing is one place that designers can look to in order to minimize the data theft, but every single person using the system is a vulnerability so it's a tough order. Reply Post Message Messages List Start a Board User Rank Blogger Attack methods improve also Cryptoman 7/2/2012 11:02:41 AM NO RATINGS Login to Rate As impressive as Freescale's solution may sound (and that is not eh only one of its kind), the fact that attack techniques progress in parallel to the protection mechanisms remains and that is what makes security a difficult problem to solve. The difficulty in designing effective security mechanisms is mainly because of the fact that a designer has to factor in all possible threats, which is a very difficult task. While a designer may put in a lot of effort say to tamper proofing a device, an attacker that sits on the opposite side of the planet may develop methods to perform a remote attack that can be successful whilst maintaining his anonimity as well! Tamper proofing is a brilliant marketing tool because most of us think about security in terms of tangible concepts such as a big safe with a huge lock on it or a door with 10 locks. As long as one provides a 'sense of security' to an average customer, a sale is almost guaranteed. The customer usually sleeps comfortably until something goes wrong. An attacker never challenges a system via its strongest point. A successful attacker is the one who is able to identify the weakest point in the system where he performs the attack. The key question is 'Has the designer accounted for all possible threats?' I must also add that a security system designer's job is much more difficult compared to an attacker. This is because a designer has to ensure that the system is protected against ALL attacks. However, an attacker has to find only ONE weakness to exploit and only needs to crack the system ONCE to be successful. Reply Post Message Messages List Start a Board				More Blogs from Semico Spin Activision Skylanders Game Ignites New NFC Market (4) comments Wireless communications is transforming gaming -- and silicon demand -- with the rise of the addictive Skylanders franchise. TransferJet: Accelerating Wireless Charging (20) comments Wireless charging from Toshiba will soon make it possible for us to dump the wires littering our offices and homes. See Me, Touch Me, Move Me at CES (11) comments CES showed many interesting devices and applications using sensors and MEMS. But this is just the beginning; more innovation will occur. Crushing on PNI Sensor's Games Tracker (3) comments A new sensor tracker module for games from PNI Sensor is a must-have whenever it finally hits the market in a gaming device. MEMS Microphones Gain Acceptance in Smartphones (3) comments High-definition MEMS microphones from firms like Akustica are set to spread rapidly as smartphone makers gobble them up, says Semico. MORE FROM SEMICO SPIN Datasheets.com Parts Search 185 million searchable parts (please enter a part number or hit search to begin) Latest Poll (3) Comments MORE POLLS EBN Dialogue / LIVE CHAT Have a tête-à-tête with leaders & luminaries EBN Dialogue enables and encourages you to participate in live chats with notable leaders and luminaries. Not only editors and journalists, but the entire EBN community is able to comment and ask questions. Listed below are upcoming and archived chats. Archived Dialogues Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters. Read Euro-Crisis: What It Means for High-Tech Firms Join EBN Editor in Chief Bolaji Ojo and Contributing Editor Jennifer Baljko on Thursday, July 12, at 10:00 a.m. EDT for a Live Chat on high-tech and Europe's economic difficulties. Read Microsoft Surface: Potential Winners & Losers What are the implications for the electronics industry supply chain of Microsoft Corp.'s decision to launch its own tablet PC? Join industry veteran and EE Times' systems and OEM expert Rick Merritt on Tuesday, July 3, at 12:00 pm EDT for a Live Chat on this subject. Read ALL ARCHIVED DIALOGUES Latest EBN Dialogue Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters. READ DIALOGUE Webinars Upcoming Webinars Facing Supply Risks: Korea, Europe, and Future Supply Chain Shocks Date: 7/9/2013 11:00 a.m. eastern Peter Drucker famously said "Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window." Yet in the razor's-edge world of electronics—with a lean supply chain and just-in-time demands—the need to know the future is vital. Archived Webinars Averting the Supply Chain Talent Crisis Date: 4/30/2013 You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically. Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions? Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges. MORE WEBINARS \| WEBINAR ARCHIVES EBN Newswire ENGLEWOOD, COLO. 3/20/2013 Arrow Establishes IT Asset Disposition and Reverse ... PHOENIX 3/20/2013 Avnet, Inc. to Acquire RTI Holdings MANSFIELD, TEXAS 3/12/2013 Mouser Receives Top Award from Harwin PHOENIX 2/28/2013 Avnet Tapped Among Fortune’s “World's Most Admired ... SANTA CLARA, CALIF. 1/29/2013 UBM & Lytica Launch Component Pricing Tool PHOENIX 1/16/2013 Avnet Embedded Opens Development Labs SANTA MONICA, CA 1/15/2013 Master Distributors Offering Tamura Sensors PHOENIX 1/15/2013 Avnet Express Stocks Pulse NFC Antennas FORT WORTH, TX 1/15/2013 Executive Moves at Allied Electronics MOORESTOWN, NJ 1/11/2013 Alliance Sensors Partners With Marposs FORT WORTH, TX 1/9/2013 TTI Enhances Apple iOS Mobile App MANSFIELD, TX 1/9/2013 Mouser First to Stock Ultra-Slim Murata EDLCs MORE NEWSWIRE Resources sponsored content Digital Edition: Critical Issues & Challenges for the Supply Chain & Electronics in 2013 3/5/2013 Offshoring: Was it the right decision? 10/23/2012 Digital Publication: Electronics and the Challenges Manufacturers Face Today 9/19/2012 Nearshoring - OEMs Reevaluate Global Manufacturing Strategies 7/5/2012 Clusters Meld Benefits of Offshoring and Vertical Integration 7/5/2012 Component Data Management for Environmental Compliance: Challenges and Solutions 5/15/2012 Different Approaches to Standalone Solar Light 8/23/2011 Future Electronics FIRST Supply Chain Solutions 2/3/2011 Class D Amplifier Design 1/21/2011 Solar Electricity: A Renewable Energy Source 1/21/2011 Power Supply for High Performance Analog 1/21/2011 LED solutions make down light applications flexible, reliable, and more energy efficient 1/3/2011 Navigating unchartered waters: new challenges in specifying LED luminaire lifetime 12/28/2010 Medical: Freescale and Texas Instruments-Contributions to Pulse Oximetry 10/18/2010 Medical: Freescale and Texas Instruments-Infusion Pump Advancement 10/18/2010 Medical: Freescale and Texas Instruments-Monitoring the Heartbeat of ECG Technology 10/18/2010 Freescale Semiconductor: SAVING CRITICAL TIME: HOW TO SPEED UP MEDICAL SCREENINGS AND REMOTE PATIENT MONITORING 10/18/2010 MORE WHITE PAPERS Video Resources Twitter Feed follow us Like Us on Facebook


HOME BLOGS MESSAGE BOARDS RESEARCH \| JOIN LOGIN ABOUT RSS Contact Us Help

To save this item to your list of favorite EBN content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]