The SPARKS project organised the third in its ongoing series of stakeholder workshops in Belfast on 26th August, 2016. The event was held alongside the excellent ICS-CSR conference, which we wrote about in a previous blog entry. The focus of the workshop was to highlight the emerging threats that smart grid stakeholders face, and the […]
In this post, I would like to share some reflections on the ICS-CSR (Industrial Control Systems and SCADA Cyber Security) symposium that took place from 23rd – 25th August at CSIT in Belfast, UK. This is not intended to be an exhaustive account of what happened at the symposium, rather a summary of stand-out moments […]
Although much of the focus in the SPARKS project has been on cybersecurity’s role in minimizing the risks and costs of power disruption, the project has also been concerned with identifying and mitigating risks to privacy that may be entailed by the deployment of Smart Grid. One of the key areas in this regard is […]
In his January 2016 Cryptogram newsletter, Bruce Schneier reprinted an essay on “normalization of deviance”: the process of divergence from defined policies and procedures into increasingly risky practices. Explored in detail by Dr. Diane Vaughan, as well as by other researchers and practitioners seeking to explain catastrophic failure events, it bears great relevance on cyber […]
In March 2015, at our SPARKS Stakeholder workshop, the SPARKS team demonstrated how attackers could use a combination of social engineering and custom malware to disrupt energy generation and distribution. Coordinated across three different geographical locations, the attack began with a phishing email to an administrator, continued with lateral movement from that administrative environment into […]
I spoke recently at a workshop organized by the Alan Turing Institute in London to identify areas related to cyber security in which major research is needed. Though I focused on security analytics, I also talked about the need to develop more effective models for understanding and managing risk, citing the work that we are […]
The final keynote at RSA Conference Abu Dhabi 2015 was given by Richard Clarke, always an interesting and challenging speaker. As I listened to his discussion of responding to cyber threats, however, I was struck by his strong emphasis on preventative measures and the relatively little discussion of the essential role of ongoing visibility and […]
SPARKS recently released a document investigating the definition of an intrusion detection system (IDS) that can contribute to securing smart grid Supervisory Control and Data Acquisition (SCADA) SCADA networks. Our main aim is to apply an IDS solution to a solar generation scenario, which focuses on IP-networked photovoltaic inverter devices. This scenario was the focus […]
As we call out on the SPARKS overview webpage, our project aims to provide innovtive solutions to ensure the cybersecurity and resilience of smart grids. Those innovations include technological advancements, particulary through our four mini-projects: 1) intrustion detection systems for SCADA, 2) cyberattack-resilient control systems, 2) security analytics for Smart Grid, and 4) use of […]
In early July, Lloyds published “Business Blackout: The insurance implications of an cyber attack on the US power grid”, a study of the financial impact of a hypothetical electric grid failure scenario in the US. Developed jointly with the University of Cambridge Center for Risk Studies, it is an very important report not only for […]
