[Article]-Interview: Smart Grid Security Expert Justin Searle

[don]

The field of ethical hacking IE penetration testing goes far beyond just your normal enterprise network with various web apps. Anything connected to your internal or external network is an eventual target. Even more scary are those devices that help us control the smart grid. Mr. Searle is just the guy to help us get acquainted with this area.

There's lots of info here, so feel free to ask questions. Justin travels quite a bit, but he will eventually pop his head in the forums to try to further the conversation.

Thank you my friend.

Permanent link: [Article]-Interview: Smart Grid Security Expert Justin Searle

With the changing landscape of warfare away from nation-states only utilizing conventional means to the addition of mobile rogue outfits utilizing cyber-attacks, not only countries but also organizations of all shapes and sizes now need to concern themselves with a new threat. Slowly but surely, the real vulnerability to the power grid is starting to grab the attention of both the public and private sectors. Along with that comes more media attention and in turn pressure to make sure these systems don’t come crashing down affecting hundreds of millions citizens dependent on today’s modern conveniences.

With the need to secure such systems also comes the need for expertise and education. Enter Justin Searle, Managing Partner at UtiliSec.  UtiliSec provides security consulting services to utilities and vendors in the energy sector.  Some of the services offered include security assessments, guidance on regulatory issues like the NERC CIPs, participation in standards work and security training services. So who better to interview in order to shine a light on some of the many aspects of this burgeoning field of security? Here’s several questions to get us all up to speed.

Enjoy,
Don

[dbest]

Just getting involved in SCADA security and the explanation of the entire ICS provided by Justin has made it so simple to understand. Spent a few days talking to the field engineers and they made it sound like some sorta crazy stuff.

Great interview and a good intro to SCADA security.

[meeas]

dbest, I'm glad my explanations so easy to understand.  I agree that trying to understand SCADA from a field/control engineer's perspective is daunting.  It reminds me of my college days taking EE courses.  They seemed to explain the simplest concepts in the most complicated ways.  But in a way, it makes sense.  They are trying to explain the concepts in the context they learned it, which is basically from the ground up with no per-conceived understanding.  My hopes were that I'd be able to shortcut this process and bridge concepts most of use are familiar, giving IT professional at least a basic working model of SCADA and Smart Grid systems.  I'm glad to see that it is working for at least one of the readers.  ;-)

[dbest]

Am sure it worked for a lot more. I just happened to be discussing SCADA security at work and your explanation simplified the understanding.

We will trying to streamline the nomenclature to be used at a company soon and that would help everyone speak the same language, which in turn would make it easier to discuss risks, etc.