Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:I'm the Tech Lead for a Smart Meter Project (Score 1) 684

by Tweezer (#40550263) Attached to: Ask Slashdot: Are Smart Meters Safe?

I think your first statement affirmed what I was saying. Most (not all) burglaries are unsophisticated. For the buglers that are planning well, they already know the occupant is not home by existing means. It's fairly well known that most affluent people work the day shift and would be way easier to confirm by driving by than trying to hack a website as the folks that can hack websites would probably be better off doing computer crime.

There is no way to air gap the SCADA for the energy grid these days. The reality is since monopolies are bad and markets solve everything (yes that’s sarcasm) energy is now traded in markets. A map is located at http://www.ferc.gov/market-oversight/mkt-electric/overview.asp if you are interested. Any company that air gapped their SCADA would be a huge competitive disadvantage then all of the others in that market. Also that data is very valuable to engineers doing planning so they know where to do upgrades etc. That being said, those systems aren't just thrown on the company network either. There are multiple layers of security and the normal corporate network is treated as a hostile network like the internet.

The portal will be read only information. I would think two factor would be cost prohibitive, however it will surely be https and should be secured. I don't have anything to do with that part of the business, but I do know it's taken seriously. We have an excellent security staff and much of the team comes from a DOD background.

Comment: Re:I'm the Tech Lead for a Smart Meter Project (Score 1) 684

by Tweezer (#40549989) Attached to: Ask Slashdot: Are Smart Meters Safe?

The short answer is that how we bill you. Smart meters are the first step to implementing time of use rates. The fact of the matter is energy costs your utility can vary up to 10x depending on the time of day. We can't make it as complex to customers, but implementing peak/off peak rates might motivate some people to do their laundry off peak etc. That could save all of us a ton of money as 20% of the generating fleet runs less than 10 days a year on average.

Comment: Re:I'm the Tech Lead for a Smart Meter Project (Score 1) 684

by Tweezer (#40534583) Attached to: Ask Slashdot: Are Smart Meters Safe?

We would never get away with selling data to a third party. The regulator would never approve anything like that and we would not ask. Not to mention I don't see a business case for knowing you fire up your coffee maker at 7:35 AM every day. They can easily glean that information by harvesting existing info like that fact that you purchase coffee at the grocery store every month. Knowing you are using your coffee maker instead of your dishwasher might be pretty difficult with even 1 min data.
11TB doesn't even start to cover 1 min data. A single 32 bit integer isn't even in the ballpark. There is a ton more going on than you realize. Meters have something like 40 different values you can get in addition to various events. I expect something on the order of 1KB per read. We get voltage, power factor etc. along with usage. We are using way more than 11TB for our system that doesn't have even 1% of the number of folks you are talking about. Not to mention finding a system fast enough to do all of the database inserts necessary to keep up with that would be problematic. Than you have to have all of the test, development and disaster recovery systems. To do minute type resolution you would be looking at petabytes for our utility alone. Rough math. I could be mistaken, but it looks like for the entire US you would be looking at like 144,140,000 Electric Customers * 1K/read * 1440 reads/day * 365 Days/year = about 69 PB/year. Keep the data for 7 years as required and have a DR copy too and it gets really expensive as you are in Exabyte territory. Then you get the bandwidth and servers to support all of this and the cost increases from there. I’m not saying it can’t be done, but getting a regulator to approve rate increases to pay for it would be difficult at best.

Comment: Re:I'm the Tech Lead for a Smart Meter Project (Score 1) 684

by Tweezer (#40531065) Attached to: Ask Slashdot: Are Smart Meters Safe?

I wouldn't equate high usage with home electronics nearly as much as I would equate it to poor insulation. If I was looking for expensive electronics I would go much more by neighborhood than energy usage. Nice neighborhoods have nice stuff. There are slumlords that insulate poorly and their tenants have high usage as a result, but probably don't have many nice things. Use patterns could be useful to a burglar, but most burglaries are crimes of opportunity not of planning. Otherwise you would see very few burglaries in poor neighborhoods and many in rich neighborhoods.
I said secure as practical, because there is no such thing as completely secure. Everything is a tradeoff unless you unplug the network completely. We don't see a need to secure this system more than we secure SCADA where much greater damage could be done.
The portal won’t have information beyond hourly usage and billing info so it's optional anyway.

Comment: I'm the Tech Lead for a Smart Meter Project (Score 4, Informative) 684

by Tweezer (#40530423) Attached to: Ask Slashdot: Are Smart Meters Safe?

I think most of the others have already covered the RF side of things, so I'll discuss the privacy aspects. First of all, I do realize the meters have fairly high resolution when it comes to usage so there are some privacy concerns. Keep in mind that just because the meter can tell exactly what channel you are watching in a lab environment, it doesn't work that way in the real world. No utility has the desire to store data at that level of detail. The utility I work for will store data with 1 hour resolution. That means we will know how much power was used during a specific one hour interval. This alone has enormous storage and server requirements. Going to smaller intervals would do nothing for us and compound or storage requirements so it's a non starter. We are a for profit company and have no cost justification for that kind of system. We are also not storing customer information in the same system that we are storing meter data. The system storing meter data will just have a service delivery point so the data can be tied to a customer, but it raises the difficulty level.

As far a remote shutoff goes we are working very hard to make that system as secure as practical. Those commands will be considered privileged and limited to a small group of people. There will also be limits in place so it's not like I could issue a command to shut off 100,000 customers all at once. The security is being handled in a very similar fashion to how we handle our SCADA security where a couple of key strokes can actually shutoff decent sized parts of the grid in our service territory. Needless to say at my utility we are taking your privacy and security very seriously.

So in a nutshell with one hour resolution what could someone lean about you? Well your usage patterns would give some stuff away. Probably the same sort of stuff your neighbors already know. Daily habits such as what shift you work and what time you tend to go to bed at night and what time folks get up in the morning. That being said if your utility gives you access to your data via a portal, I would probably use a fairly decent password and not share it with the world.

Comment: Re:Maybe the Price (Score 3) 228

by Tweezer (#36997140) Attached to: Internet Eats Into Time-Warner Cable Porn Profits

Are there wives out there that don't know they have husbands watching porn? Here's a clue for them. If they have a boyfriend or husband he watches porn at least occasionally. There are no exceptions. If they think their guy isn't like the rest and is somehow special, they are naive and wrong. Men are hard wired for this stuff, just because they watch porn doesn't mean they don't love their mate.

Comment: Re:Security 101 (Score 2) 101

by Tweezer (#36362434) Attached to: Siemens SCADA Flaws To Be Disclosed At Black Hat

I hate to break it to you, but that horse left the barn years ago. The data from these systems is much too valuable and companies that would follow your advice would be at a large competitive disadvantage. That being said, these systems should still be protected with multiple layers of security. I work on SCADA systems and there are multiple security measures such as no default gateways and no less than three firewalls between the SCADA system and the Internet, but it is required that it be connected. For example we need to exchange data on 5 min intervals with our energy market that was implemented, because deregulation and public markets are supposedly better. For example if you would like to see near real time energy market data in the Midwest you can look here https://www.midwestiso.org/MarketsOperations/RealTimeMarketData/Pages/LMPContourMap.aspx

Comment: Re:Sorry to sound apologetic... (Score 4, Interesting) 427

by Tweezer (#36216090) Attached to: Google Founders' Jets Caught On WSJ's Radar

They are probably not allowed to flight pool per Google policy. Many businesses have policies regarding key employees traveling together. This is in case of a crash or or other unfortunate event causing the death of the travelers on board. If the policy is written well, they probably aren't supposed to be in the same car train or bus either as those forms of transportation aren't as safe.

Comment: It's all about developers (Score 1) 645

by Tweezer (#36107264) Attached to: Sergey Brin: Windows Is "Torturing Users"

I hate to say it, but Ballmer was right developers, developers, developers. The fact of the matter is that most line of business appliocations are Windows executables. That is changing somewhat in that we are seeing web interfaces added by many vendors, but the same vendors are also adding AD integrated authentication. If other OSs hit a critical mass, there will also be a need for centralized management of patches and anti-virus etc. Imagine if Linux or another OS had enough of an installed base to be a target. Users would still be clicking on trojans and entering the root password when requested.

Comment: Re:life of a sysadmin (Score 1) 186

by Tweezer (#34777074) Attached to: Deferred IT Maintenance Is a Ticking Time Bomb

I hate to say this, but recycling server hardware every three years isn't the right way to go. I have Dell servers that are 7 years old and working fine. They aren't close to using all of the resources so it makes no sence to replace them with anything newer. Resourse intensive apps get server upgrades every 2 or 3 years, but you don't need to upgrade for the sake of upgrading. I don't even bother carrying support on servers beyond the initial 3 years on 90% of my servers, but I do have a third party support some specialized servers that would be a huge pain to change. The trick is you need to know how to rebuild any app you support from scratch or with backups etc. If one of my 7 year old Dells were to fail today, I'd immediately fire up a new box and install everything that's needed on the new server and move on. Really not a big deal. The problem is you have to know how to support what's installed on the servers... every single one of them. If you can't rebuild something from scratch you'll be spending all night learning at some point anyway. Keeping a spare server around is much cheaper than paying for support on a bunch of old servers that rarely have failures other than the occasional HDD.

Advertising may be described as the science of arresting the human intelligence long enough to get money from it.

Working...