Rather than wait for signs of a security problem to crop up in smart-grid technologies, wouldn’t it be better to automatically analyze software and hardware to uncover vulnerabilities, whether accidental or malicious?
That’s exactly what the smart-grid firm Sensus is working on through a new partnership with electric power technology company EnerNex and the Oak Ridge National Laboratory (ORNL). Together, they’re working on an advanced security demonstration project called the Automated Vulnerability Detection system.
AVUD, as the project is called in its clunky acronym form, is aimed at developing a cybersecurity system for smart energy meters and other advanced grid technologies. The project will use a Function Extraction (FX) technology evaluation platform developed by ORNL to find and fix security problems before they actually cause problems.
The system will use FX to automatically determine how smart-grid software would behave “in all circumstances of use to determine everything it does.” That should help detect any software-related security problems, unintended or otherwise.
Any problems identified could then be addressed with a fix or mitigation effort of some kind.
The AVUD project is being funded by the US Department of Energy’s Office of Electricity Delivery and energy Reliability.
“While testing can only provide information about the specific scenarios actually observed, static analysis with FX can provide information about system behavior under any circumstances of use, and provides a significantly more robust means of vulnerability detection,” said Sandy Bacik, principal consultant and AVUD co-principal investigator at EnerNex.
“We saw immediate value in this project,” added Balu Ambady, security director at Sensus. “In the future, all advanced meter vendors would want to integrate this type of technology into their QA cycles.”
The AVUD project is scheduled to be completed by the end of 2012.