Access "AMI networks: PKI security considerations"
This article is part of the April 2012 issue of An expert guide to tokenization and using it effectively
The past year has seen several security incidents involving root certificate authorities, the organizations underpinning much of the security across modern data networks via their use of public key infrastructure (PKI) and digital certificates. The incidents, while limited in scope, reveal a weakness in PKI security: The fundamental complexity in guaranteeing the integrity of all aspects of the provisioning and deployment process, from protecting the root and intermediate certificates, to ensuring the privacy of the keys that guarantee their authenticity. The rollout of PKI components in emerging smart grid and advanced metering infrastructure (AMI) technology introduces a new class of risk to this formerly manually managed infrastructure. A breach of an AMI network’s PKI could result in the compromise of an electric utility’s entire distribution network, with cascading impact to connected transmission and generation assets. This risk is compounded when the utility does not manage the PKI components themselves, instead relying on the manufacturer, integrator... Access >>>
Premium Content for Free.
Unified threat management devices for the enterprise
by Joel Snyder, Contributor
UTMs aren’t just for SMBs anymore. Here are four requirements for enterprise-grade UTM.
AMI networks: PKI security considerations
by Seth Bromberger, Contributor
PKI components in smart grid and AMI infrastructure introduce new hazards.
- Unified threat management devices for the enterprise by Joel Snyder, Contributor
Understanding tokenization: What is tokenization and when to use it
by Adrian Lane, Contributor
Tokenization protects sensitive data to reduce the compliance burden.
Web browser security features make attacks harder
by Robert Westervelt, News Director
Accuvant analysis and hacking contests illustrate browser security improvements.
- Understanding tokenization: What is tokenization and when to use it by Adrian Lane, Contributor
Don’t turn security Big Data analysis into a forgettable cliché
by Michael S. Mimoso, Editorial Director
It’s easy to be cynical about the latest security buzzword, but don’t be so quick to dismiss it.
Marcus Ranum chat: Security startups and security innovation
by Marcus Ranum
Security expert Marcus Ranum talks with Peter Kuper, a partner with In-Q-Tel focused on funding compelling startups to accelerate innovation for the intelligence community.
Information security roles and technology shifts
by Paul Rohmeyer, Contributor
New technologies and business models are rapidly changing the role of the security pro.
- Don’t turn security Big Data analysis into a forgettable cliché by Michael S. Mimoso, Editorial Director
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...