8/14/2019 A Mi Press Release 032309

1/2

March 23, 2009FOR IMMEDIATE RELEASE Contact:

Jennifer Steffens202.409.7707

jsteffens@ioactive.com

www.ioactive.com

IOACTIVE VERIFIES CRITICAL FLAWS IN NEXT GENERATION ENERGY

INFRASTRUCTURE

Company Cautions Against Wider Adoption of Smart Grid Technology Until SecurityRisks are Mitigated and Industry Adopts a Security Development Lifecycle

Seattle, WAMarch 23, 2009IOActive, a leading provider of application and smartgrid security services, today announced that the company has verified significantsecurity issues within multiple Smart Grid platforms, which are being positioned tosupport the nations next-generation power infrastructure. Smart Grid technology isalready deployed by numerous utilities around the country and the vulnerabilitiesidentified by IOActive could further expose the country to attacks on our critical powerinfrastructure.

Research conducted throughout the industry has independently concluded thesetechnologies are susceptible to common security vulnerabilities such as protocoltampering, buffer overflows, persistent, and non-persistent rootkits and codepropagation. These vulnerabilities could result in attacks to the Smart Grid platform,causing utilities to lose momentary system control of their Advanced MeteringInfrastructure (AMI) Smart Meter devices to unauthorized third parties. This wouldexpose utility companies to possible fraud, extortion attempts, lawsuits or widespreadsystem interruption. If security is not addressed in the design and implementation ofthese emerging technologies, it may prove cost prohibitive to address them once thedevices are fully deployed.

In a presentation to the Committee of Homeland Security and DHS on March 16, 2009,Joshua Pennell, President and CEO of IOActive stated: The Smart Grid infrastructurepromises to deliver significant benefits for many generations, but first we need toaddress its inherent security flaws. Based on our research and the ability to easilyintroduce serious threats, IOActive believes that the relative security immaturity of theSmart Grid and AMI markets warrants the adoption of proven industry best practicesincluding the requirement of independent third-party security assessments of all SmartGrid technologies that are being proposed for deployment in the Nations criticalinfrastructure. We are also recommending that the Smart Grid industry follow a provenformal Security Development Lifecycle, as exemplified by Microsofts TrustworthyComputing initiative of 2001, to guide and govern the future development of Smart Gridtechnologies.

8/14/2019 A Mi Press Release 032309

2/2

The Smart Grid is the automated, widely distributed energy delivery network that ischaracterized by a two-way flow of electricity and information and will be capable ofmonitoring everything from power plants to customer preferences to individualappliances. The grid incorporates the benefits of distributed computing and fault-tolerantcommunications to deliver real-time information and enable the near-instantaneous

balance of supply and demand at the device level. Over 2 million Smart Meters areused in the United States today. It is estimated that the more than 73 participatingutilities have ordered 17 million additional Smart Meter devices.

About IOActive

IOActive is an industry leader that offers comprehensive security services includingsoftware assurance, smart grid security, infrastructure audits, training, incidentresponse, and Governance Risk Compliance. Established in 1998 and headquartered inSeattle, IOActive has attracted many well-known security experts including DanKaminsky, Jason Larsen, Steve Wozniak, Wes Brown, Tiller Beauchamp, and Ilja vanSprundel. For additional information please visit: www.ioactive.com.