IOActive's Joshua Pennell puts Smart Grid Security on Agenda at InfoSecurity Europe

Research and Case Studies Underscore need for Utilities to Craft New Security Strategies as Foundation of UK plc's Security

Seattle, Wash—March 30, 2010. IOActive, an international thought leader in software assurance, compliance, and Smart Grid security services, today announced that its founder and president, Joshua Pennell, will speak at Infosecurity Europe, Europe's number one information security event.

In his presentation Securing the Smart Grid: The Journey Ahead, Pennell will share some of IOActive's research insights into Smart Grid design issues that must be resolved immediately including poor authentication, lack of encryption, and inadequate authorization. Pennell also will offer suggestions and best practices that meter vendors can adopt to mitigate these existing vulnerabilities, as well as develop more secure products in the future.

Smart Grid: A Security Risk
These vulnerabilities could result in attacks to the Smart Grid platform, causing utilities to lose momentary system control of their Advanced Metering Infrastructure (AMI) smart meter devices to unauthorized third parties. This would expose utility companies to possible fraud, extortion attempts, lawsuits, or widespread system interruption. If security is not addressed in the design and implementation of these emerging technologies, it may prove cost prohibitive to address them once the devices are fully deployed.

47 million smart meters will be installed in each of the UK's 26 million homes by 2020 at a cost of around £8bn. Across Europe there is an EU Parliamentary commitment to install smart meters in 80% of all buildings across the region by 2020.

IOActive research uncovered multiple programming errors and security vulnerabilities in smart meter devices. The most common component of the Smart Grid, smart meters act as the power distribution endpoints as well as the endpoints for communication and sensory nodes.

"The Smart Grid infrastructure promises to deliver significant benefits for many generations to come, but first we must address its inherent security flaws. IOActive believes that the Smart Grid and Automated Metering Infrastructure (AMI) markets would benefit from the adoption of a formal Security Development Lifecycle and independent, third-party security assessments." said Pennell.

"As our research demonstrates," continued Pennell "these steps are critical to ensure these devices are truly secure now and in the future. The security of the Smart Grid and power infrastructure are at stake here."

Pennell's presentation will cover short- and long-term strategies for improving Smart Grid security. He will share use cases and discuss the ongoing collaboration between IOActive, government officials and utilities to develop long-term tactics for increasing Smart Grid security.

WHAT  Securing the Smart Grid: The Journey Ahead

WHERE  Infosecurity Europe. Earl's Court, London UK

WHEN  April 29, 2010. 12:40–13:05 pm

HOW  For more information, please visit their website.

About Joshua Pennell
As IOActive's founder and president, Joshua Pennell has an 11-year entrepreneurial track record of creating and maintaining a multimillion-dollar, customer-focused, independent global security services organization. Through Pennell's leadership, IOActive has emerged as one of the world's longest standing, highly technical boutique security consultancies with a history based on cutting-edge research and meritocratic governance.

Pennell serves on the advisory boards of Source, Vantos, and SiteScout. He is also the Chairman of IOActive's advisory board, which includes such computer industry venerables as Steve Wozniak, Jim Reavis, and Jason Larsen. In years past, Pennell played an integral role in helping his team win Defcon's Capture the Flag competition for three consecutive years, followed by another three years of technically revolutionizing the competition before handing the game over to Kenshoto.

About IOActive
Established in 1998, IOActive is an industry leader offering comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with many Global 500 companies including power and utility, hardware, retail, financial, media, aerospace, high-tech, and software development organizations. As a home for highly skilled and experienced professionals, IOActive attracts the likes of Dan Kaminsky, Ilja van Sprundel, Mike Davis and Wes Brown—talented consultants who contribute to the growing body of security knowledge by speaking at such elite conferences as Black Hat, Ruxcon, Infosecurity Europe, Defcon, Hack in the Box, BlueHat, CanSec and WhatTheHack. For more information, visit www.ioactive.com or follow the IOActive team on twitter at @IOActive.

The IOActive team will be at Infosecurity Europe 27–29 April at Stand M42. Joshua Pennell and other IOActive spokespeople will be available for interview during the show. To co-ordinate a briefing please contact the IOActive PR team on +44 208 255 5225 or via email to rose@omarketing.co.uk.

-###-