| Quick correction: Mike Davis did a lot of fundamental research on the platform IOActive attacked for Black Hat in 2009, but my understanding is that Travis Goodspeed wrote the actual exploit code used in the demonstration. I point this out not to diminish Davis' work, which I'm sure was great, but to illustrate the extent to which "smart grid" attacks are in vogue right now in vulnerability research. There were, I believe, at least 4 talks on it at Black Hat this year. Every software security consultancy in the country has done multiple projects targeting "smart grid" components in general and automated metering (AMI) in particular. Smart grid components are interesting to me not because they're a vector for flashy (and horrific) real-world attacks, but because they demand a different strategy for mitigating attacks. In conventional software, dev teams can rely on a "get it right and then patch what breaks" approach. While updating software is notoriously difficult, it is at least a plausible response to a serious security flaw. When you deploy 100,000 smart meters running RTOS's on TI microcontrollers, this strategy doesn't work. Anything straightforward you do to make those meters feasible to update is going to blow up in your face. And this is an extremely unforgiving place to deploy security countermeasures; you face not only strict code-size limits on the meters themselves, but also RF protocols that need to squeeze every bit out of every message. I think the winning strategy for the "smart grid" is, like Blu-Ray, renewability. Instead of trying to train 500 microcontroller realtime C devs in secure code and crypto protocols, people should sit down and devise mechanisms to recover from security flaws. Things as simple as protocol versioning, or the ability to shun/revoke specific devices, or the ability to fault to manual reads are like to make a bigger difference than whether the devices are using truncated SHA1 vs. SHA256. |