An innovative book, Applied Cyber Security and the Smart Grid offers a way we can implement security controls in the modern power infrastructure. It was exciting to find a book that was completely relevant and up to date in this field of research. Generally, literature detailing smart grid security focuses on SCADA control system issues, rambles on about how Stuxnet was really bad and how we should have known better, or the inherent need for IT security policies. Thankfully, that’s not the case for this publication.
This book doesn’t just focus on the security implications for the smart grid, but also details the environmental and economic factors involved. Case studies help explain security vulnerabilities and associated threats, and these connections are visually illustrated throughout. Furthermore, details on exploiting these vulnerabilities are provided, as are examples of how cyber-attacks on the power infrastructure can affect society. The book offers the reader a well-rounded understanding of why security controls need to be implemented into the modern power infrastructure.
To help readers come to terms with how these vulnerabilities can affect them, the authors detail privacy concerns related to smart meters. The information the power industry possess on a home user could be used in malicious ways. The smart grid vulnerability conundrum is bigger than that, but the authors assert the problem can be fixed with tailored security mechanisms.
The most notable point, in my opinion, is the interconnectedness of the smart grid. This is particularly concerning because you can draw a line from a customer’s energy management system (EMS) in their home, all the way to the bulk energy control and G-SCADA systems in the smart grid. This large-scale distribution makes it challenging to effectively segment these systems, resulting in an architecture where it is relatively easy for an attack to move between them. For the reader unfamiliar with the area, an overview is provided on what the smart grid means, the components present, and the key security and privacy vulnerabilities associated with it. Also, there is a helpful and detailed glossary for those new to some of the industry terms.
Those familiar with the topic can use the index to explore areas of interest. Detailed examples of how security vulnerabilities in the smart grid can have major impact on society are provided, with balanced threat analysis and protection mechanisms, but at no time does it bombard the reader with information.
The accessibility of the book is what compels me to highly recommend it. Written in a friendly, informal manner, the authors enable the reader to gain an insight on this topic. There is also an invitation to discuss the topic, to question and address any concerns with the authors through social media. Very few authors openly give permission for the reader to critique their work, and I think it is this approachable style that made this book even more enjoyable.
The experience of the authors in this field is evident throughout. Knapp brings a wealth of knowledge and firsthand experience of industrial control cybersecurity. Samani is currently VP and CTO for McAfee, with previous experience in cybersecurity and research-orientated working groups. Joel Langill, the technical editor, is referenced quite often throughout, as is his website www.SCADAhacker.com. Langill’s proven experience with integrated industrial control system architecture and design, functional safety, and operational security skills make him the perfect editor to compliment the authors’ knowledge.
The authors, in their approach, have made a book that can be enjoyed by readers with a technical understanding of the area, and those who are not totally au fait. All in all, I would wholly recommend this book, a worthy take on an exciting topic that is often overlooked or deemed exaggerated and irrelevant.