Today’s modern smart grid connects a variety of distributed energy resource assets to the power grid. This creates a diverse and disparate system, which both individuals and power companies can impact, with enormous benefits. Distributed energy collection assets (such as solar panels) are essential to increase the use of green energy, which helps the environment and can reduce costs. Furthermore, consumers have greater insight into their energy usage through modern smart grid technology, allowing them to better conserve energy.

However, an individual’s increased access to the grid can jeopardize the security of the entire system.

Consumers Putting the Smart Grid at Risk?

Because they are often installed and controlled by the consumer, distributed energy resources can put the power grid as a whole at risk. For example, consumers who do not properly secure their devices and/or networks are prime targets for attack. If there are enough compromised devices on a smart grid, bad actors can destabilize the power system and cause significant damage.

Efforts to Increase and Standardize Smart Grid Security

There are efforts underway to increase the security of the smart grid in order to harness the benefits while avoiding the security pitfalls. For example, the European Network for Cyber Security (ENCS) and the European Distribution System Operators’ Association (E.DSO) recently released suggested cyber-security requirements for smart meters (SM) and data concentrators (DC). These guidelines help network operators choose SMs and DCs that enhance security of the smart grid. By creating a consistent set of requirements, smart grids across Europe have a built-in baseline of security.

Planning a Secure Smart Grid

In order to avoid catastrophic results, today’s smart grid operator needs to have a plan in place that accounts for security.

As Ed Wood, CEO of Dispersive Networks, writes in SC Magazine, “Attack-resilient, secure virtual IP networks can be designed and rolled out, which will enable utilities to ensure a more secure overall grid. Advanced virtual networking software that offers the highest level of security is available today and can be integrated directly into Distributed Energy Resource assets, enabling them to ‘plug-n-play’ into ultra-resilient virtual cloud networks. Leveraging the processing and memory of these devices and the public Internet is essential to lowering costs.”

This tactic can help secure the smart grid while taking advantage of the environmental and cost-saving benefits of distributed energy resources.

Modernizing the Smart Grid from IEEE

Want to learn more about the smart grid? Check out Modernizing the Smart Grid, a new 4-course online learning program from IEEE.

One of the biggest frontiers in electrical engineering today is the development and implementation of smart grid technology. Fueled by the global demand for greener technologies and alternative fuels, environmentally-friendly smart grid technology can stimulate stagnated economies. It also has the potential to change the way power is delivered to electricity consumers around the world.

Modernizing the Smart Grid, now available on the IEEE Learning Network, is designed to get you and your team up to speed quickly on the latest smart grid technologies. Interested in bulk discounts for your organization? Contact us today, and we’ll put you in touch with an IEEE Account Specialist.

 

Resources:

Wood, Ed. (18 Jul 2019). How Securing DER Smart Grids Differs from Securing Traditional Energy Grids, and Why it Matters. SC Magazine.

SmartCitiesWorld News Team. (23 Jul 2019). Europe seeks to harmonise smart grid security requirements. SmartCitiesWorld.

With the amount of personal information you have saved in your electronic devices, browsing unsecured websites and enabling settings can expose you to a cyber attack.

Leaders at the Forbes Technology Council recently shared the following tips on what to be aware of and what to change in order to boost your cyber security and better protect your data, both online and off:

9 Cyber Security Tips

  1. Apple iCloud Restores
    iCloud backups are not encrypted end-to-end. Because Apple encrypts your iCloud backups, it can also decrypt your backups. Prefer not to expose your backup data to Apple? Disable iCloud backups and encrypt iTunes backups locally instead.
  2. Wi-Fi Hotspots
    Wi-Fi hotspots are convenient, but many are easy to hack. Plus, it’s even easier to set up a fake hotspot. Even if a Wi-Fi network looks legitimate, use a VPN if possible connect to keep your data safe from prying eyes.
  3. Unread Terms and Conditions
    While you may not care about giving certain companies access to some of your sensitive data, that does not mean you want unknown third parties accessing it through a cyber attack. Make sure you read the Terms & Conditions when you subscribe to a service and try to monitor news about these services.
  4. Two-Factor Authentication
    Be sure to enable two-factor authentication (2FA) on every site that offers it. It’s also a good idea to enable 2FA on your smart devices when available.
  5. Unencrypted Media
    Prevent thieves from accessing the data on your lost or stolen laptop. On a Mac, keep important files and information in FileVault, that requires a password to access your encrypted disk. For Windows PCs, consider using Bitlocker for removable drives since they already have data encryption by default.
  6. Wireless Mice and Keyboards
    Beware of “mousejacking” with your wireless devices connecting to your device. This allows someone within about a football field’s range away to take over a computer. Employees in sensitive industries such as healthcare or finance may want devices with attached keyboards.
  7. Outdated Software
    Hackers can exploit out-of-date software. Be sure to make sure you always have the most recent update on your device by allowing automatic updates.
  8. Phishing Emails
    Some tips for avoiding phishing emails include 1) checking the sender’s email address and verifying the domain, 2) alerting colleagues of any potential phishing emails you see, and 3) examining the context of the email before opening it or clicking on links.
  9. Human Error
    Often, human-related vulnerabilities are the biggest security issues. For example, an unwitting participant might accidentally download malware to their device. It’s important to provide staff training on IT security best practices in order to prevent breaches caused by human error.


Playing Defense

Give your team the training necessary to defend your organization from hackers with Cyber Security Tools for Today’s Environment, an 11-course program from IEEE. Produced and vetted by leading industry experts, this program will help your employees enhance their knowledge and stay current in the field of cyber security. Upon successful completion, they’ll receive valuable CEUs/PDHs that can be used to maintain professional licenses. Connect with an IEEE Content Specialist for a quote today.

 

Resources

(19 Apr 2019). 9 Cyber Security Issues That Could Be Leaving Your Data Vulnerable To Attacks. Forbes.

A career in cyber security is incredibly rewarding. In addition to helping organizations keep their information safe and helping to make the world a better place, cyber security professionals are also paid very well, typically earning over $100,000 per year.

Interested in pursuing a career in cyber security? Here are seven tips to help you get started.

  1. Start learning and doing. While a degree in computer science doesn’t hurt, you don’t need any particular approval or certification to start. What you invest in learning will come back as a great career opportunity.
  2. Earn certificates. A full degree or extensive credentials isn’t essential. For entry-level jobs, you can use your credentials and talent. Show potential employers that you can manage the responsibilities of a cybersecurity position with a security+ or Certified Information Systems Security Professional (CISSP) certification.
  3. Show initiative. Employers like self staters. Look into the numerous books and courses on cyber-related skills that can enhance your resume, like reverse engineering malware and tracking malicious activities on the internet. Employers want those that have basic skills with the potential to become proficient cybersecurity engineers and investigators through self-study and team-led reinforcement of those principles.

Self-directed learning and experimentation are critical. College degrees, vendor training, and professional certifications are great. However, the most frequent interview question is always along the lines of, ‘Tell me about your home lab, what kind of systems you’re running, and work you’re doing?’ Followed up by, ‘What have you learned?’”

Sean Tierney, Head of Cyber Intelligence at Infoblox
  1. Find your passion. There are so many industry segments and application areas. There is network security, endpoint protection, threat intelligence, and more. Maybe you want to work with products or services. If not, perhaps with vendors or customers, in a commercial company or the public sector. Are you interested in operational roles or leadership in known technologies or new ones under development? The options are practically endless.
  2. Keep your options open. Many jobs in cybersecurity are technical, but some aren’t technical at all. The industry needs people with a wide variety of skills — communication, interpersonal, leadership, investigatory, and business understanding. The truly difficult challenges in cybersecurity relate to the leadership of and collaboration between people, and on the most strategic level, it’s about risk management.
  3. Expand your horizons. You will need a well-rounded background in tech work as you grow in your security career. According to Tierney, “The thing that will make you good at security is that you are great at something else first. For example, become a master of the fundamentals of data networks, be an expert at administering multiple operating systems, or be proficient at multiple scripting languages (Python, Bash, etc.).” Rod Rasmussen, Infoblox vice president of cybersecurity agrees, saying,

If you’re already in IT, then spend time studying up on network security, dealing with endpoint hygiene, or whatever is related to the work you’re already doing. You will find that you will become ‘the security guru’ in your office pretty quick by doing that and from there, the transition becomes a lot easier.”

Rod Rasmussen, Vice President of Cybersecurity at Infoblox
  1. Network with industry professionals. Online networking is great, but in-person networking is even better. Try getting involved in meetups, attending conferences, and asking current security professionals for advice over coffee. Tierney says, “Get to know as many people in the industry as you can. Get involved in open source or community projects. Another thing often overlooked in networking is offering to help others more than you ask for help.”

Ready for Work

Perfect for technical professionals who support their company’s IT departments, Cyber Security Tools for Today’s Environment is an 11-course training program that helps employees enhance their knowledge and stay current in the field of cybersecurity. Get your team the cybersecurity training your organization needs to defend against cyber attacks. Upon successful completion of this program, your engineers will receive valuable CEUs/PDHs from IEEE to maintain professional licenses. Request a quote for your organization today.

 

Resources

(19 Mar 2019). How to Begin a Career In Cyber-Security. Forbes.

Bradford, Laurence. (27 Feb 2017). How To Start A Lucrative Career In Cybersecurity. Forbes.

3 fundamentals of effective cyber security for every business

As network infrastructure becomes more complex, ensuring effective cybersecurity becomes more challenging. Hybrid or multi-cloud set-ups that have servers, applications, and data that can reach all over the globe have taken the place of racks of servers stashed away somewhere within your building.

Whatever the size of your organization and in whichever industry you work, the fundamentals of effective cybersecurity are:

  1. Visibility: It’s important to keep track of all of your digital assets since they are something you cannot physically protect. This makes it easier to identify any weak points, security issues and suspicious activity. 
  2. Context: While every threat is a problem, a vulnerability on a public-facing website is more critical than one on an internal network. In order for IT teams to properly identify what needs attention, they need to understand the level of exposure and potential security risk. 
  3. Scalability: Cloud computing is constantly evolving. Cybersecurity technology needs to keep up with cloud innovation to ensure that the risk of a security breach is minimum. It cannot lag behind and obstruct network performance and productivity. 

Ready to Improve Your Security Techniques?

Cyber Security Tools for Today’s Environment is designed to help businesses like yours get and stay secure. In 11 courses, your IT department will get the latest information on how to protect enterprise networks from potential threats. This program is created by leading experts in the field, intended for IT professionals looking to enhance their knowledge and stay current in the field of cybersecurity. Request a quote for your organization today.

Resources

Bradley, Tony. (11 Feb 2019). The Secret To Comprehensive, Scalable And Effective Cybersecurity. Forbes.

Following several recent high-profile cyber attacks, it is more critical than ever for organizations to evaluate their cyber defenses and ask themselves a number of basic cyber security questions to assess their vulnerability.

Each year brings new technological developments that improve people’s lives. At the same time, these advances also introduce new cyber security threats and more attack surfaces.

Moreover, dwindling resources, slow budget growth, increasingly hostile threats, the evolution of the Internet of Things, and expanding ransomware are major reasons why it is becoming more difficult to keep up with the changing threat landscape. Such reasons highlight the need for renewed organizational attention to cyber security. Is your organization vulnerable to a breach or cyber attack?

To evaluate readiness, here are some of the cyber security questions every business should be asking.

  • Do You Require Employees to Use Strong Passwords?
    Weak passwords cause of more than half of all data breaches, yet just 24% of small businesses enact policies requiring employees to have a strong password. It is critical to have a strict password policy in place to protect your network.
  • Are Your Employees Required to Change Their Passwords Regularly?
    Employees must be required to change their passwords regularly to protect data. Nearly 65 percent of businesses do not strictly enforce their password policy, despite having one in place.
  • When Possible, Does Your Business Use Two-Factor Authentication?
    Wherever possible, you should add an additional layer of data security by enforcing two-factor authentication, such as SMS authentication.
  • Are Employees Using Their Personal Smartphones for Work Purposes?
    Personal phones and devices significantly increase the chance of malware attacks when employees use them on the office network.
  • Do You Back Up Your Files?
    A cyber attack can make confidential files completely inaccessible. Protect them by keeping local backups of all critical files and storing copies on an offsite server.
  • Does Every Company Device Have Antivirus and Malware Software Installed?
    Make sure your organization installs the most up-to-date versions of antivirus and malware software on all organizational devices, and that they run properly.
  • Do You Limit the Number of Employees with Administrative Access to Only Those Who Need it?
    Administrative access rights should be assigned sparingly and given only to those employees who absolutely need it to conduct their jobs. Additionally, employees who are granted admin access must be trained and well-educated on security issues.
  • Do You Encrypt Databases and Customer Information?
    Without encryption, your organization’s sensitive data and customer information is accessible to hackers. To reduce data vulnerability, take steps to ensure all your information is encrypted.
  • Have You Trained Your Employees to Recognize Phishing Emails?
    Phishing emails account for nearly half of all cyber attacks, and employees often fail to spot them. It is crucial that every business train their employees to not respond to suspicious emails.

How does your organization prepare to handle a cyber attack? Are you looking for ways to strengthen your organization’s cyber security? If you identified gaps in any of these areas, IEEE provides cyber security and ethical hacking training to help organizations prepare. Learn more about organization pricing and request a quote here.

References:

Bose, Shubhomita. (2017, August 28). 11 Cyber Security Questions Every Small Business Should AskSmall Business Trends.

Gillin, Paul. (2017, January 30). Two-Factor Authentication: A Little Goes a Long WayIBM Security Intelligence.

IEEE Cybersecurity Vulnerability Navigator, 2017.

Lindros, Kim. (2016, September 7). A Small Business Guide to Computer EncryptionBusiness News Daily.