Andy Bochman

Expert Blogs

Expert Blogs
A blog where security experts share their knowledge and experiences.
  • Don’t Get Me Started: A Quantum of Security Solace

    Recent tech news trumpets the advancement of quantum cryptography (QC) to secure the Smart Grid. I watched the Academy Awards this year (not normal) and found a whole bunch of Bond (James Bond) running through it, including performances of Goldfinger...
  • Electric Sector Security Observations from Distributech 2013, and a Word about Trees

    The show is over for me as I'm up in LA for some IBM training, but it was a very good 2 days. Here's a few of the highlights I took away: Patrica Hoffman, DOE's Assistant Secretary for the Office of Electricity Delivery and Energy Reliability...
  • Conference Alert: Security at Distributech 2013

    The annual electric sector conference in North America is coming up next week in San Diego. Called Distributech , the 7,500 or so attendees will peruse booths featuring the latest reclosers, transformers, comm gear, outage management systems, etc.
  • DoD Software Assurance for Electric Sector Security?

    The US Department of Defense has been thinking about this for a long time, and recently codified a pretty robust response in the form of the National Defense Authorization Act (NDAA) of 2013.
  • Security Double Dutch: Shodan Points out Critical Infrastructure Gaps in the Netherlands

    I've been to the Netherlands several times and saw the country in the news a lot recently when UberStorm Sandy raised concerns that New York City should perhaps get similar types of protective systems. I can assure you that this is about much more...
  • Smart Grid Security 2012 Highlights and 2013 Look Forward

    As a chronic complainer re: the lack of grid security metrics (see post from nearly 2 years ago: "Smart Grid Security Truth: You Can't Do What You Don't Measure"), this has been the most amazing and surprising year for me. By far...
  • Thoughts on the Explosive MI6 OT Breach in Skyfall

    Have you seen the new 007 movie yet, the third of the series that features Daniel Craig as Bond? Called Skyfall, one of its key plot drivers occurs when the evil mastermind blows up part of British spy headquarters, MI6, in London, with a handful of deft...
  • Electric Utility Data Governance: A Prerequisite to Data Security, Privacy and the Promise of Big Data

    Suppose you are the CEO of a large electric utility and you just learned that you’ve had a large data breach. Your guys are telling you it’s possible that several million detailed customer records have been exposed. The privacy ramifications...
  • Energy Sector Security in the Age of Big Data, Mobile and Cloud

    While folks who work in or otherwise know the industry will tell you, utilities are by nature very conservative. Their highest values are reliability and safety, but as most utilities transition from monopolistic to competitive business environments,...
  • From Famine to Feast to Overload: New Electric Sector Security Metrics and Measurement Guidelines Super Helpful (but can be Overwhelming)

    In the space of just a few months, electric utility executives and their security leadership have seen a spate of new guidance documents published that intend to help them manage, monitor, and measure the effectiveness of their cyber risk mitigation strategies...
  • Thinking about Mobile Device Security for a Very Mobile Electric Sector Workforce

    One thing you can say about working for an electric utility: for most employees, it's not a desk job. More than their peers in many other sectors of the economy, electric utilities have used and managed mobile devices as essential tools for a long...
  • People are Talking: Social Media, Electric Companies, Customers and the Quest to Maintain Privacy

    For the longest of time electric utilities had little reason to focus on customer communications, and their residential customers, similarly, often didn’t have much to say to them. So much so that when pressed, many customers couldn’t even...
  • In Energy and Every Business Sector, Connected Devices Bring Great Gains, but Up the Security Ante

    In many industries, increasingly network-connected products are enabling previously unimaginable new capabilities and, at the same time, creating new privacy and security challenges.
  • Walking while Chewing Gum: Building the Smart Grid with Secure Software

    With the naked eye one can see signs of change in our electric infrastructure: smart meters installed by the millions and solar panels going up in similar numbers. Further away and sixty times per second, synchrophasers are monitoring the quality of high...
  • A Call to Elevate Electric Sector Cyber Security Leadership

    Around the world, it’s hard to miss the constant media and analyst drumbeat of warnings about new threats to critical energy infrastructures. Yet recent reports by Carnegie Mellon University and IBM reveal that most utility executives are more focused...
  • The State of the States and Smart Grid Security

    Readers, working your way through this comprehensive yet non alarmist EPIC PIECE of Smart Grid security journalism will take some time, because author and former NH PUC commissioner Nancy Brockway has done her homework and then some.
  • Security Checklists, Compliance Cultures, and Finding a Better Way

    Fixating on responding to a compliance regime is in a sense, like agreeing to not learn. You know how when you're in the passenger seat and even if you go to the same destination a hundred times, if you weren't driving you don't remember how...
  • Cybersecurity-wise, NARUC wants Me to Invest More in What, Exactly?

    That's what I'd be asking if I were the CEO or CFO of a utility and I'd just read this short article introducing the new National Association of Regulatory Utility Commissioners (NARUC) Cybersecurity for State Regulators guide. Before I begin...
  • Talking Back to the CMU/Cylab Report's Energy Sector Findings

    The report in question is the CyLab 2012 Report - Governance of Enterprise Security: How Boards & Senior Executives Are Managing Cyber Risks. Posted on this report recently, HERE , which includes links to it. Have gotten some less-than-happy feedback...
  • Shodan Again: the Search Engine You Need to Know About

    • 1905 Views First mentioned on the SGSB HERE late last year re: a water pump hacking story, Shodan has an interesting origin story and its current use is even more interesting. You know how you use Google or Bing to find links, apps, music...
  • More Datapoints on the Current State of Electric Sector Cybersecurity Governance

    In March we covered the preliminary CyLab report on the state of cross sector Security governance and one of the things it taught me was that electric sector cybersecurity professionals are not alone in their quest to improve/increase the level of interaction...
  • Security FUD Alert: Flame On. Flame Off. Flame Out.

    Here we go again, and this one is not (energy) sector specific. It's more geo-specific ... see: Middle East and North Africa, at least for now. This is a clear-cut case of marketing security through fear, uncertainty and doubt (FUD), and using the...
  • Workshop Alert: ENISA Flexing Grid Security Muscles in Brussels

    This announcement, from the European Network and Information Security Agency (ENISA) hit my inbox earlier today and you might like to see it, especially if you are based in Europe (or would like a reason to visit). I reduced it down for your more rapid...
  • SGCC Releases Smart Grid Privacy Fact Sheet

    In January of this year we gave you a privacy post related to the Smart Grid Consumer Collaborative (SGCC) from a panel session it organized the day before the Distributech conference in San Antonio. Time has passed and now the same great org has produced...
  • WSJ on Speaking Cybersecurity Truth to Power

    This is a short post with a security message that appeared in a prominent place, a message worth repeating. In the Wall Street Journal's relatively new CIO Journal, editor Michael Hickins highlighted recent statements from a local Boston-area healthcare...