Newsletter – March 2014
March 5, 2014 2 Comments
The stuff going on in the big picture now…..
|Year||January||Trend||% Change||% Since|
The stuff that has caught our eye…..
- A press release, announcing the International Electrotechnical Commission (IEC) has approved the OpenADR 2.0b Profile Specification as a Publicly Available Specification (PAS).
- A press release, announcing the OpenADR Alliance and Wi-SUN Alliance have formed a liaison agreement.
- An article, considering the impact of Google acquiring Nest and how the acquisition could play out in the Demand Response arena.
Smart Grid – Consumer
- The results, of the Residential Demand Response Program using the Bring Your Own Thermostat approach.
- An article, illustrating the complexities and shortage of interoperability when using a smartphone to accomplish home automation.
Smart Grid – Producer
- A survey, detailing the concerns utility executives struggle with now. The leading concern is old infrastructure.
- A discussion, considering three perspectives on the future of electric utilities.
Smart Grid – Security
- An article, reporting Lloyd’s of London has concluded energy firm cyber defense protections are inadequate. They now refuse to issue any policy to any energy firm. SANS provides commentary on this matter. A conclusion causing insurers to turn away an energy firm is resounding proof the current comprehensive strategy is not leading to a more secure energy firm.
Status Update of our 2014 Plan…..
- Scripting for Unattended Server Side Automation is progressing nicely. We have completed our first script. This script is integral to any Demand Response effort.
- No other work since the January newsletter.
Unattended Server Side Automation
- A PHP script to automatically select all thermostats and set their Date/Time is complete. We are finishing the usage instructions. We expect to release the script before the next Blog posting.
- No other work since the February newsletter.
Power Line Communication
- Further discussions with the members of the electronics industry.
- No other work since the January newsletter.
Talk to us with your comments and suggestions on our plan for this year.
The stuff we are talking about now…..
SANS reports an emerging story, about a cyber attack on Target through those involved with Target’s refrigeration and HVAC systems. The attacker infiltrated Target’s systems, stealing payment card data. It appears the attacker gained a foothold in Target’s systems, by using the access credentials of a refrigeration and HVAC company who worked at several Target locations. There is no evidence, to date, either the refrigeration or HVAC systems were involved in the attack. There is evidence of a phishing attack involving malware.
We bring this story to your attention as a reason to reiterate how we handle our public communication plan. We use:
- GNU remotecontrol - Mailing Lists as our primary means of crisis and announcement communication. This is the only list, for now. An alias from bug-remotecontrol is in place.
- GNU remotecontrol – News as our secondary means of crisis and announcement communication.
- GNU remotecontrol – Newsletter (Blog) as our tertiary means of communication, though we do not use it for crisis or announcement communication. The Blog is a newsletter style format. This format provides the ability to get pertinent information GNU remotecontrol users, though not critically important to them.
We do hope there is never a security concern involving GNU remotecontrol. However, in the event any form of crisis involving GNU remotecontrol does occur, we want to be capable and ready to address the crisis as quickly and effectively as possible. Please note the Key Principles of Choosing Decision Makers and Security Considerations are addressed in the GNU remotecontrol manual, as part of our collective preemptive efforts to avoid a security incident.
OTHER TYPES OF THERMOSTATS?
Many people have asked us about adding other types of thermostats to GNU remotecontrol. There are three questions that need to be answered before we can offer GNU remotecontrol support for any IP thermostat. These questions are:
- How to CONNECT to it (NETWORK).
- How to READ from it (CODE).
- How to WRITE to it (CODE).
It is our hope to have dozens and dozens of thermostat types that work with GNU remotecontrol. Let us know if you designed or manufactured a device and you would like to test it with GNU remotecontrol.
The stuff you may want to consider…..
The stuff you REALLY want to consider…..
INDUSTRIAL CONTROL SYSTEMS
A presentation from the Black Hat Briefings - 2013 USA Conference, explaining the exploration of the Teridian System on a Chip (SoC), along with scenarios and techniques to attack the Harvard Architecture Smart Grid Systems, demonstrating pathways to gain coveted binary images of firmware and resident code execution.
GNU remotecontrol relies on OS file access restrictions, Apache authentication, MySQL authentication, and SSL encryption to secure your data. Talk to us you want to find out how you can further strengthen the security of your system, or you have suggestions for improving the security of our current system architecture.
Whatever you do…..don’t get beat up over your Energy Management strategy. GNU remotecontrol is here to help simplify your life, not make it more complicated. Talk to us if you are stuck or cannot figure out the best option for your GNU remotecontrol framework. The chances are the answer you need is something we have already worked through. We would be happy to help you by discussing your situation with you.
…..UNTIL NEXT MONTH!