RSA Conference: ​Lessons from Utilities – Internet of Things security

Bob Griffin is a long time senior executive at RSA. In that role, his primary focus is on a research project in Europe looking at security analytics on the smart grid. With the rapid proliferation of end point devices we’re seeing, particularly with the rise of the Internet of Things, or IoT, he brings some valuable insights from one of the oldest industries of the modern world.

I spoke to Griffin at this year’s RSA Conference in San Francisco.

“In the grid, in addition to inputting sensors into electric substations, where there’s always been some level of temperature and voltage sensors, the most rapid deployment of devices is actually on the wire infrastructure,” he says.

According to Griffin, in San Francisco, there may be in excess of a million sensors on the electrical cables just for voltage monitoring. As result, the utility can localise and analyse faults faster than before.

From the work he has done, Griffin has seen a significant divergence with two distinct IoT environments emerging.

“One is this industrialised environment in which a lot of what’s happening is the instrumentation of existing infrastructure and mechanisms – by and large it’s sensor information that’s being targeting as the focus of IoT. It’s the same in manufacturing,” says Griffin.

The other fork in the IoT road is personal devices, according to Griffin. That ranges from individuals with smartwatches, pacemakers or other medical and health related mechanisms. This also covers cars and homes.

“These significantly represent new kinds of information being gathered – information that was, in the past, largely done in doctor’s offices or in terms of cars at a repair shop”.

With such vast quantities of different information being collected in those two realms, there will be a growing need for analytics that can help us gain better insights through that data and then the ability to use that data for improved corporate and personal security.

The addition of so many sensors is delivering a qualitative change, and not just a quantitative one says Griffin. While we might be reviewing more data as we connect more devices to our networks, we are able to more finely control systems so we can operate them more efficiently.

For example, Griffin worked at aluminium smelters at one time. And while there were many sensors in place then, the latest generation of sensors, combined with analytics, allow those plants to better utilise facilities so yields are improved and equipment is operated more cost effectively.

“I know from colleagues in operational technology that those are being used for degrees of interactive feedback and manipulation of control systems that wouldn’t have been possible without this degree of additional information. It does mean new kinds of algorithms are being used that aren’t just looking for known patterns of variance but also indicators of compromise. Has someone being trying to manipulate the controller?”.

When it comes to security, it’s clear that not all IoT devices are created equally. For example, it would take a massive compromise for enough low cost sensors to be compromised and cause a significant issue. On the other hand, there are some significant opportunities to use sensors to get a better handle on operational security and detect anomalies and potential breaches.

When Griffin spoke about this with some utilities he was met with some opposition, particularly from IT departments that felt they were already overloaded. However, he pointed out that the use of this kind of data was already part of the organisational expertise where collection of data to monitor anomalies and correct faults was an everyday activity.

“That dramatically changed the conversation,” says Griffin.

That internal data can then be correlated with external data in order to detect and diagnose faults. But it’s analytics that makes it possible to manage the vast volumes of data and then prioritise what needs to be given the most attention rather than finding and fixing every small issue.

“It’s not about replacing people with artificial intelligence but deliver a much more broadly assistive system that takes care of things that otherwise they would otherwise not be able to accomplish’” says Griffin. “They’re not giving up control – they’re actually getting much better control of their environment”.

Read more: ​RSA Conference: Symantec hones focus following Veritas separation

The key, he says, is to link the analytics with the risks you’re trying to specifically mitigate. For example, in the case of the recently hacked Ukrainian power grid, outages caused by external attack would have been high on the utility’s risk register. If the utility had the right tools in place to detect anomalies, then it may have been possible to either thwart or minimise the impact of that breach.

Anthony Caruana attended RSA Conference 2016 as a guest of RSA

Join the CSO newsletter!

Error: Please check your email address.

Tags San FranciscoInternet of Things#RSACIoT securityRSA Conference 2016CSO Australia

More about GriffinRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place