Andy Bochman

Expert Blogs

Expert Blogs
A blog where security experts share their knowledge and experiences.
  • Thoughts on the Explosive MI6 OT Breach in Skyfall

    Have you seen the new 007 movie yet, the third of the series that features Daniel Craig as Bond? Called Skyfall, one of its key plot drivers occurs when the evil mastermind blows up part of British spy headquarters, MI6, in London, with a handful of deft...
  • Don’t Get Me Started: A Quantum of Security Solace

    Recent tech news trumpets the advancement of quantum cryptography (QC) to secure the Smart Grid. I watched the Academy Awards this year (not normal) and found a whole bunch of Bond (James Bond) running through it, including performances of Goldfinger...
  • Electric Utility Data Governance: A Prerequisite to Data Security, Privacy and the Promise of Big Data

    Suppose you are the CEO of a large electric utility and you just learned that you’ve had a large data breach. Your guys are telling you it’s possible that several million detailed customer records have been exposed. The privacy ramifications...
  • Thinking about Mobile Device Security for a Very Mobile Electric Sector Workforce

    One thing you can say about working for an electric utility: for most employees, it's not a desk job. More than their peers in many other sectors of the economy, electric utilities have used and managed mobile devices as essential tools for a long...
  • Energy Sector Security in the Age of Big Data, Mobile and Cloud

    While folks who work in or otherwise know the industry will tell you, utilities are by nature very conservative. Their highest values are reliability and safety, but as most utilities transition from monopolistic to competitive business environments,...
  • People are Talking: Social Media, Electric Companies, Customers and the Quest to Maintain Privacy

    For the longest of time electric utilities had little reason to focus on customer communications, and their residential customers, similarly, often didn’t have much to say to them. So much so that when pressed, many customers couldn’t even...
  • Smart Grid Security 2012 Highlights and 2013 Look Forward

    As a chronic complainer re: the lack of grid security metrics (see post from nearly 2 years ago: "Smart Grid Security Truth: You Can't Do What You Don't Measure"), this has been the most amazing and surprising year for me. By far...
  • DoD Software Assurance for Electric Sector Security?

    The US Department of Defense has been thinking about this for a long time, and recently codified a pretty robust response in the form of the National Defense Authorization Act (NDAA) of 2013.
  • From Famine to Feast to Overload: New Electric Sector Security Metrics and Measurement Guidelines Super Helpful (but can be Overwhelming)

    In the space of just a few months, electric utility executives and their security leadership have seen a spate of new guidance documents published that intend to help them manage, monitor, and measure the effectiveness of their cyber risk mitigation strategies...
  • Walking while Chewing Gum: Building the Smart Grid with Secure Software

    With the naked eye one can see signs of change in our electric infrastructure: smart meters installed by the millions and solar panels going up in similar numbers. Further away and sixty times per second, synchrophasers are monitoring the quality of high...
  • The State of the States and Smart Grid Security

    Readers, working your way through this comprehensive yet non alarmist EPIC PIECE of Smart Grid security journalism will take some time, because author and former NH PUC commissioner Nancy Brockway has done her homework and then some.
  • Conference Alert: Security at Distributech 2013

    The annual electric sector conference in North America is coming up next week in San Diego. Called Distributech , the 7,500 or so attendees will peruse booths featuring the latest reclosers, transformers, comm gear, outage management systems, etc.
  • Electric Sector Security Observations from Distributech 2013, and a Word about Trees

    The show is over for me as I'm up in LA for some IBM training, but it was a very good 2 days. Here's a few of the highlights I took away: Patrica Hoffman, DOE's Assistant Secretary for the Office of Electricity Delivery and Energy Reliability...
  • Security Double Dutch: Shodan Points out Critical Infrastructure Gaps in the Netherlands

    I've been to the Netherlands several times and saw the country in the news a lot recently when UberStorm Sandy raised concerns that New York City should perhaps get similar types of protective systems. I can assure you that this is about much more...
  • April is the Cruelest Month for Critical Infrastructure Security

    We have none other than T. S. Eliot to thank for the prescient and uncannily accurate observation he made 90 years ago. Of course he was probably referring to something else ... I can tell you if you really want to know. As my brother from another mother...
  • Measuring Security? In the Electric Sector? Are you Serious? Someone Is.

    Tried making the case most recently with Time for Electric Sector to Measure Up on Security and Smart Grid Security Truth: You Can't Do What You Don't Measure but couldn't detect a measurable response. Without a lingua franca for security...
  • SGCC Releases Smart Grid Privacy Fact Sheet

    In January of this year we gave you a privacy post related to the Smart Grid Consumer Collaborative (SGCC) from a panel session it organized the day before the Distributech conference in San Antonio. Time has passed and now the same great org has produced...
  • More Datapoints on the Current State of Electric Sector Cybersecurity Governance

    In March we covered the preliminary CyLab report on the state of cross sector Security governance and one of the things it taught me was that electric sector cybersecurity professionals are not alone in their quest to improve/increase the level of interaction...
  • Shodan Again: the Search Engine You Need to Know About

    • 1907 Views First mentioned on the SGSB HERE late last year re: a water pump hacking story, Shodan has an interesting origin story and its current use is even more interesting. You know how you use Google or Bing to find links, apps, music...
  • Talking Back to the CMU/Cylab Report's Energy Sector Findings

    The report in question is the CyLab 2012 Report - Governance of Enterprise Security: How Boards & Senior Executives Are Managing Cyber Risks. Posted on this report recently, HERE , which includes links to it. Have gotten some less-than-happy feedback...
  • Cybersecurity-wise, NARUC wants Me to Invest More in What, Exactly?

    That's what I'd be asking if I were the CEO or CFO of a utility and I'd just read this short article introducing the new National Association of Regulatory Utility Commissioners (NARUC) Cybersecurity for State Regulators guide. Before I begin...
  • Security Checklists, Compliance Cultures, and Finding a Better Way

    Fixating on responding to a compliance regime is in a sense, like agreeing to not learn. You know how when you're in the passenger seat and even if you go to the same destination a hundred times, if you weren't driving you don't remember how...
  • Fifteen Minutes for a Better Grid Security Workforce

    Not too long I ago we posted on the NBISE effort to build a better security professional for critical infrastructure sectors like ours. A lot of work (especially ground work) has been done since then and now NBISE is ready to take it up a notch, with...
  • Webcast Alert: NESCO on PKI for AMI, Smart Grid and ICS Networks

    For those unfamiliar, NESCO = National Electric Sector Cybersecurity Organization (NESCO). And NESCO is running an upcoming webinar on Public Key Infrastructure (PKI) in the context of modernized (and modernizing) grid systems and networks, including...
  • A Call to Elevate Electric Sector Cyber Security Leadership

    Around the world, it’s hard to miss the constant media and analyst drumbeat of warnings about new threats to critical energy infrastructures. Yet recent reports by Carnegie Mellon University and IBM reveal that most utility executives are more focused...