OWASP AppSec DC 2012/AMI Security

The Presentation
Advanced Metering Infrastructure (AMI) is the most exposed part of the Smart Grid. Public-facing devices include smart meters on the sides of businesses and houses and aggregation points on the top of telephone poles. But the risks and vulnerabilities do not stop here. The back-end resources of an AMI implementation are still potentially vulnerable to all of the same threat vectors as everyday web-based business solutions. Cross-site scripting, cross site request forgery, insufficient network monitoring, and questionable web server and database configurations all play a part in increasing the risk to the AMI deployment and the electrical grid itself. This presentation will outline these vulnerabilities and provide recommendations that will increase the security of an AMI deployment and increase the reliability of the electrical infrastructure it supports. This presentation will cover the following topics: - AMI implementation overview from Smart Meters to the back-end resources - Smart meter hacking techniques and mitigations - FHSS analysis techniques and mitigations - Network configuration and monitoring concerns and mitigations - Web application vulnerabilities and mitigations

The Speakers
John Sawyer and Don Weber