[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, March 28, 2024

Protecting the Electric Grid in a Dangerous World

Identity
Author: Mark Dixon
Wednesday, June 30, 2010
5:07 pm

image When I woke up this morning, I read an intriguing tweet from my son Eric, who lives about a mile away from our house:

“Power has been out for 30 minutes. We have like 15 candles lit… And it’s starting to heat up.”

Well, for young Eric and his wife, a temporary power outage might be a romantic diversion, but we are all tremendously dependent upon available, reliable electricity distribution.  We simply expect the lights to go on when we flip a switch or power our laptops when we plug them in.

In order for that to happen, the national electrical grid or Bulk Electrical System (BES) must reliably carry energy from generating plants to our homes and places of business.  We have grown to rely on that happening, 24x7x365.

However, according to a new white paper published by Oracle,

“there is mounting evidence that North America’s bulk power systems are dangerously exposed to threats from both within and abroad.” 

A few warning signs include:

  • In June 2007, the Department of Homeland Security (DHS) leaked a video that showed how researchers launched a simulated attack that brought down a diesel electrical generator, leaving it coughing in a cloud of smoke, through a remote hack that was dubbed the Aurora vulnerability.
  • In January 2008, a CIA analyst revealed that a number of cyber attacks had cut power to several cities outside the U.S.
  • In May 2008, the Government Accountability Office (GAO) issued a scathing report on the number of security vulnerabilities at the Tennessee Valley Authority, the nation’s largest public power company.
  • In April 2009, The Wall Street Journal reported, according to unnamed current and former national security officials, that Russian and Chinese attackers penetrated the U.S. power grid, installing malware that could potentially be used to disrupt delivery.
  • In July 2009, NERC CSO Michael Assante told the House subcommittee on Emerging Threats, Cyber security, and Science and Technology, “Cyber threats to control systems are

In response to these and other conditions:

”the federal government has responded to this threat with a set of security standards for protecting cyber assets that comprise the BES, and set an aggressive schedule for mandatory compliance, beginning in 2007, with all covered entities required to be in ‘audit compliance’ by June 2010. Non-compliance could cost power companies up to $1 million per day in penalties.

“The North American Energy Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cyber security standards, mandated through the approval of the Federal Energy Regulatory Commission (FERC), provide a broad, though not very prescriptive guide to implement a comprehensive cyber security program, stressing responsibility and accountability for protecting the organization’s critical assets.”

imageThe new Oracle white white paper, entitled, “Protecting the Electric Grid in a Dangerous World,” describes how Oracle Identity Management solutions and the Oracle data security portfolio offer an effective, defense-in-depth security strategy to help meet this challenge, playing a key role in NERC CIP compliance, security and efficient use of resources.

Identity Management:

“Oracle Access Manager, Oracle Identity Manager, Oracle Identity Analytics and other products in the suite of Oracle Identity Management solutions provides application and system-level security, giving power providers and distributors the tools to create sustainable, manageable and auditable controls over access to their critical assets. Identity management and access control are essential components in CIP-003, CIP-004, -005, -006, -007, and are applicable in -008, -009.”

Data Security:

“Oracle’s comprehensive data security portfolio, including Oracle Advanced Security, Oracle Data Masking, Oracle Database Vault, Oracle Label Security and Oracle Audit Vault, allow managing critical information throughout the data protection lifecycle by providing transparent data encryption, masking, privileged user and multi-factor access control, as well as continuous monitoring of database activity. Database security, especially data access controls and privileged user management are essential in CIP–003, -004, -005, -006, -007, -008 and -009.”

imageIt’s great to be a associated with a company whose products can play a major role in the protection of our electrical grid upon which we depend so much.

However, I must admit, lighting a few candles after dark may be enjoyable as well!

PS:  The grid map shown above comes from an interesting interactive map on the NPR.org website.  Enjoy!

 

Whitfield Diffie – Cryptography Pioneer

Identity
Author: Mark Dixon
Tuesday, June 29, 2010
10:17 am

image The most enjoyable segment of my CISSP training course is reviewing Cryptography.  The science of cryptography has always been fascinating to me, although I do not consider myself to be an expert in the field.

This morning we briefly reviewed the Diffie-Hellman protocol:

“Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. It is a type of key exchange.”

Of course, the Diffie in Diffie-Hellman is Dr. Whitfield Diffie, a US cryptographer and one of the pioneers of public-key cryptography, who served as Chief Security Officer of Sun Microsystems for most of the time I spent there.  I only met him once and certainly didn’t know him well, but was impressed with his deep intellect and command of the information security field.

Perhaps (I hope) we’ll meet again.

Comments Off on Whitfield Diffie – Cryptography Pioneer . Permalink . Trackback URL
 

Exploring the Value of Identity

Identity
Author: Mark Dixon
Friday, June 25, 2010
6:10 am

Value: “relative worth, merit, or importance”

image I have been intrigued for a long time about the concept of the “Value” of “Identity”.  Consequently, I plan to devote several posts over the next period of time to this subject.  At this point, I don’ t know just what I will write.  I feel like I am entering a new phase of “Discovering Identity.”

Perhaps this train of thought has been triggered by the reality that businesses seek value in each procurement they make – including Identity and Access Management system purchases.  Nearly every customer meeting I have attended recently inevitably gets around to the addressing the need for a solid business case before a purchase can be made.

But I believe the value of Identity goes farther than business cases.  In his song, “Which Way Does that Old Pony Run,” Lyle Lovett reminds us,  “…what’s riches to you just ain’t riches to me …”.  The value placed on anything, including Identity, must be determined by individual people – the stakeholders in a given situation.

So, if you are so inclined to join me, let’s get on the old pony and explore the world of the Value of Identity.  If you have suggestions or ideas, please share them.  It will be a fun ride.

Technorati Tags: ,
Comments Off on Exploring the Value of Identity . Permalink . Trackback URL
WordPress Tags: ,
 

Stealing My Stolen Identity?

Identity
Author: Mark Dixon
Friday, June 18, 2010
7:32 pm

Thanks to @idtexpert for tweeting this humorous commentary on privacy and Identity Theft.

image

Comments Off on Stealing My Stolen Identity? . Permalink . Trackback URL
WordPress Tags: ,
 

Telepresence in Every Home – Why not Mesa, AZ?

General
Author: Mark Dixon
Friday, June 4, 2010
10:48 am

image An interesting ZDNet article by Larry Dignan yesterday described Songdo, South Korea, which is aiming to be a global business hub and a sustainable city. This new city is being developed on 1,500 acres of reclaimed land in South Korea along Incheon’s waterfront, 40 miles from Seoul.

Songdo is also being wired by Cisco as a “grand telepresence experiment.”

According to Marthin De Beer, senior vice president of Cisco Systems’ emerging technology group:

Every home will have a Telepresence unit built in like a dishwasher. And it’s the developer that is putting those into those apartments as they get built out, because that is how education, health care and government services will get delivered right into the home. It will come to you. You don’t have to go find it. And that is how they will reduce traffic congestion and pollution in the cities. …

Until you’ve tasted it, it’s hard for me to explain to you what it’s like. But you can literally sit back on the couch and see your friends and family in life-size, full high definition, right in your living room, and interact with them. It’s not a small computer screen. You get a full view of everyone. And it’s very different.

But that is just 10% of why I’m excited about it, because the other 90% is that I believe it will do what the browser did for commerce into your home. You used to drive down the street to buy things. Today you go online, and it arrives at your doorstep once you’ve purchased it.

Home telepresence would do the same for services. Today, you still go to see your banker, your lawyer, your accountant, your tutor, etc. Well, what if these services can come in a virtual model right into your home and you can consume them in that way?

OK.   Sounds cool.  I have an appointment to visit my doctor on Monday afternoon.  It would be nice to visit him electronically.  But in order to make that work, it would need to accommodate things like weight, temperature, O2 and blood pressure measurements – all by remote control. How would that work?

It will be interesting to see how this works in South Korea … I’m looking forward to getting on the bandwagon in Mesa, AZ.

Comments Off on Telepresence in Every Home – Why not Mesa, AZ? . Permalink . Trackback URL
WordPress Tags: , , ,
 

Personal Medical Files to go Online

General
Author: Mark Dixon
Friday, June 4, 2010
9:06 am

image Thanks to Mike Waddingham for sharing the link to an article in the Canadian National Post on Monday:

“Telus announced an electronic health service yesterday that will give patients instant online access to all their medical files.”

Telus chief executive Darren Entwistle said this move will "revolutionize" health care:

"Now, Canadians will have the ability to create, store and manage their personal health information across their computers and smartphones and, in the future, TVs," Mr. Entwistle said in an announcement at an e-health conference in Vancouver.

"In a world where wireless network technology has enabled powerful mobile computing, their health information can be right at their fingertips, wherever their lifestyles or business travels take them because their smart-phone will accompany them."

The article further states:

In a demonstration, Telus officials showed how a patient could start a personal health record, inputting their own information — from childhood vaccinations, to allergies, to blood pressure readings — to share with their doctors, pharmacists and other health-care providers.

In turn, patients would have access to their medical records, so if they move, see a specialist or end up unexpectedly in an emergency department, vital health information would be instantly available.

Parents would be able to start and maintain health records for their children.

I applaud this type of automation that puts more control of personal health information in the hands of consumers.  While it certainly demands necessary privacy and security controls, this move recognizes the need to make health records from multiple sources more available, which should lead to improved health care and reduced costs.

It will be interesting to seek how quickly this type of system become available in the US.

Technorati Tags: ,,
Comments Off on Personal Medical Files to go Online . Permalink . Trackback URL
WordPress Tags: , ,
 

Rockin’ with PCI Data Security Standards

Identity
Author: Mark Dixon
Wednesday, June 2, 2010
5:04 pm

Struggling to understand what the PCI Data Security Standard really means? Please take a few minutes to enjoy a  clever short video published by the PCI Security Standards Council. Bob Russo, General Manager of the Council, showed this video as part of his presentation at the Pittsburgh CSO Breakfast Club PCI Security Forum in which I participated last week.

 

The music might be a bit corny, but the message is right on – and a fun respite from the normal dryness of PCI DSS discussions.

Comments Off on Rockin’ with PCI Data Security Standards . Permalink . Trackback URL
WordPress Tags: , ,
 

Lego Printer/Plotter

General
Author: Mark Dixon
Wednesday, June 2, 2010
10:37 am

Pretty cool to see what can be done with Legos if you put your mind to it!

We have built lots of neat stuff with Legos at our house, but nothing quite this complex.

Technorati Tags: ,,
Comments Off on Lego Printer/Plotter . Permalink . Trackback URL
WordPress Tags: , ,
 

Supercomputing Superpowers – Interactive Map

General
Author: Mark Dixon
Wednesday, June 2, 2010
10:22 am

Earlier this week, BBC News published a short article about the bi-annual “Top 500 supercomputer list.” An interactive “tree map” created using Prefuse Flare software, developed by the University of California Berkeley, allows a user to easily see different views of the list, according to attributes such as  speed, operating system, manufacturer and country (shown below).

image

The number one supercomputer:  Cray XT with a maximum speed of 1.759 peta FLOPS with a total of 224,162 cores (AMD processors running Linux).  Crazy!

Comments Off on Supercomputing Superpowers – Interactive Map . Permalink . Trackback URL
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.