OWASP AppSec DC 2012/AMI Security

From OWASP
Revision as of 19:59, 11 March 2012 by Mark.bristow (Talk | contribs)

Jump to: navigation, search

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Advanced Metering Infrastructure (AMI) is the most exposed part of the Smart Grid. Public-facing devices include smart meters on the sides of businesses and houses and aggregation points on the top of telephone poles. But the risks and vulnerabilities do not stop here. The back-end resources of an AMI implementation are still potentially vulnerable to all of the same threat vectors as everyday web-based business solutions. Cross-site scripting, cross site request forgery, insufficient network monitoring, and questionable web server and database configurations all play a part in increasing the risk to the AMI deployment and the electrical grid itself. This presentation will outline these vulnerabilities and provide recommendations that will increase the security of an AMI deployment and increase the reliability of the electrical infrastructure it supports. This presentation will cover the following topics:
- AMI implementation overview from Smart Meters to the back-end resources - Smart meter hacking techniques and mitigations - FHSS analysis techniques and mitigations - Network configuration and monitoring concerns and mitigations - Web application vulnerabilities and mitigations

The Speakers

John Sawyer

Owasp logo normal.jpg
Bio TBA

Don Weber

Owasp logo normal.jpg
Bio TBA

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg