Andy Bochman

Expert Blogs

Expert Blogs
A blog where security experts share their knowledge and experiences.
  • Wishful CERAWeek 2012 Energy Sector Security Thoughts

    • 1843 Views
    From The Smart Grid Security Blog Had the great pleasure of participating in CERA's 31st annual energy conference last week in Houston. I was only there for one day, Wednesday, as I participated in a security panel that evening. Earlier, the...
  • Balu Ambody on Smart Grid Security Gains at IBM's 2012 Pulse Conference

    • 1903 Views
    From Smart Grid Security Blog I'm still back in unusually warm Boston, about to head to Houston to join a cybersecurity panel at CERAWEEK on Wednesday. But want you to know that a smart guy I've shared the stage with before, AMI vendor Sensus'...
  • Smart Grid Security Conference Alert: GridSec 2012 Coming Soon

    • 1840 Views
    From Smart Grid Security Blog Here we go again, with what appears to be the best line-up yet. Noticeably, there's going to be significantly more utility representation this time. It already started moving in this direction in the last conference...
  • Webcast Alert: NESCO on PKI for AMI, Smart Grid and ICS Networks

    • 1905 Views
    For those unfamiliar, NESCO = National Electric Sector Cybersecurity Organization (NESCO). And NESCO is running an upcoming webinar on Public Key Infrastructure (PKI) in the context of modernized (and modernizing) grid systems and networks, including...
  • High Impact Cyber Security Legislation Looming for Utilities

    • 1839 Views
    My previous post referenced a recent preliminary report documenting how companies from all sectors are moving slowly to elevate security matters to the CEO and Board of Directors level. And hardly a day goes by where I don't suggest having more than...
  • Electric Sector Not Alone in Moving Slowly re: Security Leadership and Governance

    • 1834 Views
    This CMU report came to me yesterday via Ernie (he's everywhere) Hayden. At 3 pages, it's short enough to consume with one cup of coffee, and its cross-sector findings jump out with alacrity: "Today, cyber attacks have moved to a new level...
  • Hayden Goes Inside on Grid Security for Internal Threats

    • 1833 Views
    Sometimes it's the ones you trust the most who can hurt you the most. It's not something I normally say when meeting with clients, but after attending maybe a thousand or so on-site and virtual security presentations to all manner of customers...
  • Weekend Youtubing: "Smart Meters are not a Killer Fascist Conspiracy"

    • 1836 Views
    I have found the ultimate antidote to the sum of all Smart Meter fears in the form of this video. Before you start it, however, please note that it's really not entirely safe for work. It has many funny bits but a few naughty bits too. Ok, you've...
  • Fifteen Minutes for a Better Grid Security Workforce

    • 1908 Views
    Not too long I ago we posted on the NBISE effort to build a better security professional for critical infrastructure sectors like ours. A lot of work (especially ground work) has been done since then and now NBISE is ready to take it up a notch, with...
  • Responses to Post on James Lewis and 2012 Cybersecurity Act

    • 1640 Views
    I get many great responses to posts here at the SGSB, but seldom as many and as quickly as were elicited by last night's post: A Grid Guy's Perspective on James Lewis' Testimony re: the Cybersecurity Act of 2012 . Here are two of the best...
  • A Grid Guy's Perspective on James Lewis' Testimony re: the Cybersecurity Act of 2012

    • 1407 Views
    James Lewis is Mr. Cybersecurity these days. A colleague (hat tip: Steve O) just sent a note out pointing to a new article appearing front and center on WSJ.com tonight, featuring prominent statements by Dr. Lewis, the Tech Policy Directer of K-Street...
  • Sensitive Digital Data: These Days, You Can't Take it With You

    • 1396 Views
    Though this may change in the future, I haven't travelled much outside the US since joining IBM. My most recent trip was to three Scandinavian countries, and I have to admit it, I didn't think too much about taking extra security precautions while...
  • Webcast Alert: Discussing 2012 Smart Grid Security this Morning on Virtual Energy Forum

    • 1602 Views
    I'm the warm up act this morning (2/9/12) for the main show, Dr. Peter Fuhr of DOE, who'll be doing a talk on "The Implications Of Cyber Security For Smart Grid Tech Development". Show starts at 11 am ET (USA). You can get the details...
  • Just when you thought it was safe to Calculate: More "Incalculable" Smart Grid Security Doom for your Consumption

    • 1397 Views
    It might be a form of Tourettes, sorry. But every once in a while I feel compelled to shine a harsh light on articles that go too far or way too far in in the FUD department. Especially those from reputable publications. What was Said Here are a few selected...
  • Hayden on Common Security Hiccups in Electric Utilities ... and How to Cure 'Em

    • 1115 Views
    It's going to take more than a lozenge to get your utility where it needs to be, security-wise, but this article in SmartGridNews , by former Navy officer and stout energy sector industry veteran Ernie Hayden, gives you some simple ways to get started...
  • Do Utilities need a Security Operations Center (SOC)?

    • 1558 Views
    Of course, it's presumptuous for me to presume to know what work be best for any given utility. I can only work from generalizations of the industry as a whole, so please don't take this the wrong way. But yes, I most certainly think they do....
  • Full Disclosure from 2012 Distributech's Keynote Security Panel

    • 1131 Views
    It's fun to connect with and catch-up with energy sector security friends, and not always at security conferences. I think we all get a kick out of seeing each other and then dispersing back out into the world to promote the cause and fight our battles...
  • A Brief Note to IBM Colleagues apres Distributech 2012

    • 1125 Views
    I feel compelled to say that, though for several good reasons I rarely discuss IBM or IBMers on this blog, I'm going to make a brief exception because of the experience I just had at an annual electric sector conference where, as usual, IBM had a...
  • A Runner's Ode to San Antonio's River Walk

    • 1083 Views
    Prefatory note: if you only want to read about the Smart Grid and/or security, you'll want to skip this post. Because it's only about how I came to an electric sector industry conference , and, running sneakers in hand (so to speak), fell in love...
  • Attention Electric Sector: Wired Reports on Basecamp - SCADA Exploits in the Wild

    • 1113 Views
    Several vendors of PLCs and other equipment related to grid operations, in a study described in a recent edition of Wired's "Threat Level" blog, have had their wares probed by a team of experts led by Dale Peterson of Digital Bond, a respected...
  • Notes from Smart Grid Consumer Collaborative (SGCC) Privacy Panel at Distributech

    • 1111 Views
    Just a couple things for you here related to privacy. First, here's a link to the good organization that sponsored this event, the SGCC . One of my co-panelists from a Texas utility brought up a great point I thought ... a challenge that's facing...
  • Conference Alert: European Smart Grid Cyber Security

    • 1137 Views
    It's going to be in London on 12 and 13 March 2012 Great speaker line-up with experts from both sides of the pond, includes: Office of Cyber Security and Information Assurance, Deputy Director, Mike St John Green European Commission, Policy Officer...
  • Help Build the Cybersecurity Workforce the Electric Sector Needs Now

    • 1077 Views
    So reports of successful attacks in every geography and sector just keep coming and you wonder whether our increasingly connected industry is going to survive the cyber deluge, what with aging infrastructure, aging people, and fraying nerves. Well, some...
  • GoodSpeed to the Rescue for Pernicious Smart Grid Hardware/Firmware Security Problems

    • 1114 Views
    Very much in the spirit of an SGSB post that's turned out to be pretty popular: The Value of Black Hat to Smart Grid Security , free spirited hacker genius Travis Goodspeed is starting something that might raise a few vendors' hackles. But actually...
  • MIT Palantir Reveals Future Views of Grid and Grid Security

    • 1143 Views
    And as in the Lord of the Rings, few can look into a palantir and walk away unscathed. That's true for this recently released grid forecast from MIT, and especially for the sections on cyber security, which have served as the justification for many...