Thursday, July 23, 2015

Security – Hacking a Car is round the corner

I guess you have read or heard the news about the Hackers that took remote control of a car on the highway. Two researchers exploited a zero-day vulnerability in a Jeep Cherokee’s Uconnect infotainment system to gain wireless control of the car.

Click HERE for the report.

You may be happy to drive a car manufactured “before Internet” hit the road. Now, you can see that the Internet can seriously “hit the road” !

Fortunately there are people that have expected this to happen. Some of them in the USA have already become active: The world’s first automotive cyber-security law may force automakers to deliver software updates and stop vehicle tracking as part of new IT security standards regarding connected cars in the US.

Click HERE to read more background information on the new US Senate Bill.

Click HERE for the Senate Bill.

The number of cars is much bigger than the number of substations – in the USA and in Europe … and all over. It is very likely (from my point of view) that the automobile industry will develop very soon international standards for the Security and Privacy in Cars. I expect that such a development will impact also the discussion on security for power delivery systems. The damage that could be caused by hacking a electrical delivery system could be much higher than turn-on the air-condition in a car.

I have experienced more than 30 years ago that the automakers are strong in introducing standards: The GM led the project MAP (Manufacturing Automation Protocols). Unfortunately manufacturers of automation equipment decided not to follow GM’s vision.

With regard to security, I hope that the automakers will help to bring more security to any kind of smart devices: in cars, in homes, in factories, in substations and …

In case of somebody taking over a car, it may be very dangerous to securely bring a (or even many) cars to a hold. But bringing a part of a power system to a hold means: BLACKOUT!! The “SECURE” state: “STOPPED” means: no power!

In case of a stopped car, you may take the next bus or just walk. A stopped power delivery system must be brought back to operation using again thousands of smart devices. Have you ever asked yourself how many smart network-connected computers are involved in power delivery systems? The number goes into the many millions …

Discuss security issues with your colleagues and your management. And maybe contract with experts …

Friday, July 17, 2015

Learn How Three Big U.S. Utilities Gained Experience With IEC 61850

The three well known U.S. utilities New York Power Authority (NYPA), Kansas City Power and Light (KCP&L), and Southern California Edison (SCE) have recently gained experience with IEC 61850 applications through various projects. Don Von Dollen (EPRI) and Erich Gunther (EnerNex) have given various answers on a very crucial question: “Why is IEC 61850 used all over the world – but not that much in the U.S.?”

The main outcome of their investigation is:

  • Need extensive training to the workforce.
  • Take advantage of help from other utilities and entities (consultants, …).
  • Cross-vendor configuration is burdensome.
  • Case studies and implementation profiles needed.
  • Participate more in the UCAIug 61850 User Group
  • Build a strong test-lab.

I fully agree with Erich!

The main reason for the slow progress in the U.S. is (from my point of view) related to the misinterpretation what IEC 61850 really is. Most people still believe that it is something like DNP4.0 – DNP3.0 plus … Which is totally wrong!

My experience – after some 4.000 – experts educated in IEC 61850 is this: Teamwork (of smart engineers) makes the Dream work!

Erich Gunther has presented a one hour webinar on the subject on July 14, 2015.

Click HERE to listen to Erich’s one hour presentation.
Click HERE for a copy of his slides [pdf].
Click HERE for a paper written by Erich on the subject [pdf]

The need of smart and well educated engineers is required independent of the approach:

  1. Build turn-key substations (most big vendors support this) or
  2. Utility-driven design, configuration, commissioning and test … and operation.

After last weeks 4 day training for a big South-American utility that applies the second approach, I see an increasing need for more vendor-independent training for protection and SCADA applications in substations.

We are here to help you in this regard:

NEW Training Opportunities for IEC 61850, IEC 61400-25, IEC 60870-5-104, and IEC 62351