NitroSecurity SIEM Now Incorporates Smart Grid Data

NitroSecurity has extended its critical infrastructure Security Information and Event Management (SIEM) capabilities to incorporate and analyze smart grid data, helping utilities identify potential security issues in hundreds of thousands of vulnerable home and business endpoints and their supporting systems in theelectrical grid.

Last year, Nitro announced that its SIEM product, NitroView, can import, normalize and correlate data from industrial control systems used in electric utilities. Control systems--such as programmable log controllers (PLCs) and remote terminal units (RTUs) and the sensors andactuators they control--are typically serially connected and difficult to monitor for security.

The smart grid is designed to add monitoring, analysis, control and communication capabilities to the national electrical delivery system to deliver power more efficiently. As with many new technologies, functionality, not security, has been the prime consideration, but the myriadhome meters and the systems they connect to have been seen as possible vulnerabilities to attack.

There are numerous issues from a SIEM perspective, which NitroSecurity addresses.

Specifically, NitroSecurity identifies three areas in which the smart grid presents a challenge forSIEM vendors:

Diversity of data and data sources There are many different vendors and systems--billing systems, distribution systems, home networking components, smart metering, the advance metering infrastructure (AMI) that connects to smart meters. This makes it difficult to collect and normalize data. "There’s a hodgepodge of all sorts of new information; there’s no standard logging, no standard deployment, no standard design practices,'" says Eric Knapp, NitroSecurity's director of critical infrastructure markets.

Scale Smart grids are very large, spreading out to homes and businesses across widely distributed geographic areas. "Smart meters are network access points, and there can be hundreds of thousands of them," says Knapp. "If you just try to monitor using standard security monitoring methodologies, you’re going to fail."

Correlation of events between generation systems out to events in a smart meter There is a diverse mix of operating systems, from standard TCP IP networks to highly proprietary vendor OSes. In addition, SIEMs have to deal with a range of dissimilar identifiers, such as thefamiliar IP addresses and user names, control system IDs, customer IDs and meter identification numbers.

NitroSecurity says it has addressed the scalability issue by increasing the performance of its collectors and, most importantly, the performance of its database in handling large volumes of very diverse data. It can now parse any type of tag--"a virtually limitless number of subfields,"according to Knapp--to customize environments to collect and correlate the various types of identifiers, etc. in forming a complete picture of an event across the smart grid infrastructure.

The Stuxnet worm, which was used to disrupt Iran’s uranium enrichment program, has raised security concerns about the power grid, which was considered relatively safe because it depends on separate, somewhat isolated systems. Also, there are concerns that a poorly secured smart grid could leave vulnerable endpoints and connected systems highly vulnerable.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Cloud Security Monitoring (subscription required).