Digital Bond's SCADA Security Scientific Symposium held in January 2012 in Miami Beach, FL.

65 of the worlds top DCS and SCADA Security talent gather to discuss ICS security. The presentations are very technical and avoid SCADASEC 101 or IT Security 101.

No results.

German Perspective - Smart Meter Protection Profile

Note - last 10 minutes are audio only

Stephan Beirer of GAI Netconsult briefs the S4 audience on the Smart Meter Gateway Protection Profile being developed in Germany. The effort was funded by the German Government and developed by utilities, vendors and consultants.

For those new to the Common Criteria, Stephan provides some information on a Protection Profile - including the Security Functional Requirements and Security Assurance Requirements. He then discusses the key points in the Protection Profile. Some of the essential threats considered:

- an attacker (local or remote) tries to gain access to the metering data or smart meter configuration/firmwar

- an attacker may try to intercept meter data or configuration/firmware during data transmission

- an attacker may try to gain control of the gateway, meter or controllable local system

The Protection Profile is written to EAL4+. This is actually quite ambitious with EAL4 requiring security assurance requirements during the development process, meaning existing products cannot reach this. The + indicates there are two additional requirements: flaw reporting requirements and vulnerability assessments.