I think your first statement affirmed what I was saying. Most (not all) burglaries are unsophisticated. For the buglers that are planning well, they already know the occupant is not home by existing means. It's fairly well known that most affluent people work the day shift and would be way easier to confirm by driving by than trying to hack a website as the folks that can hack websites would probably be better off doing computer crime.
There is no way to air gap the SCADA for the energy grid these days. The reality is since monopolies are bad and markets solve everything (yes that’s sarcasm) energy is now traded in markets. A map is located at http://www.ferc.gov/market-oversight/mkt-electric/overview.asp if you are interested. Any company that air gapped their SCADA would be a huge competitive disadvantage then all of the others in that market. Also that data is very valuable to engineers doing planning so they know where to do upgrades etc. That being said, those systems aren't just thrown on the company network either. There are multiple layers of security and the normal corporate network is treated as a hostile network like the internet.
The portal will be read only information. I would think two factor would be cost prohibitive, however it will surely be https and should be secured. I don't have anything to do with that part of the business, but I do know it's taken seriously. We have an excellent security staff and much of the team comes from a DOD background.
The short answer is that how we bill you. Smart meters are the first step to implementing time of use rates. The fact of the matter is energy costs your utility can vary up to 10x depending on the time of day. We can't make it as complex to customers, but implementing peak/off peak rates might motivate some people to do their laundry off peak etc. That could save all of us a ton of money as 20% of the generating fleet runs less than 10 days a year on average.
We would never get away with selling data to a third party. The regulator would never approve anything like that and we would not ask. Not to mention I don't see a business case for knowing you fire up your coffee maker at 7:35 AM every day. They can easily glean that information by harvesting existing info like that fact that you purchase coffee at the grocery store every month. Knowing you are using your coffee maker instead of your dishwasher might be pretty difficult with even 1 min data. 11TB doesn't even start to cover 1 min data. A single 32 bit integer isn't even in the ballpark. There is a ton more going on than you realize. Meters have something like 40 different values you can get in addition to various events. I expect something on the order of 1KB per read. We get voltage, power factor etc. along with usage. We are using way more than 11TB for our system that doesn't have even 1% of the number of folks you are talking about. Not to mention finding a system fast enough to do all of the database inserts necessary to keep up with that would be problematic. Than you have to have all of the test, development and disaster recovery systems. To do minute type resolution you would be looking at petabytes for our utility alone. Rough math. I could be mistaken, but it looks like for the entire US you would be looking at like 144,140,000 Electric Customers * 1K/read * 1440 reads/day * 365 Days/year = about 69 PB/year. Keep the data for 7 years as required and have a DR copy too and it gets really expensive as you are in Exabyte territory. Then you get the bandwidth and servers to support all of this and the cost increases from there. I’m not saying it can’t be done, but getting a regulator to approve rate increases to pay for it would be difficult at best.
I wouldn't equate high usage with home electronics nearly as much as I would equate it to poor insulation. If I was looking for expensive electronics I would go much more by neighborhood than energy usage. Nice neighborhoods have nice stuff. There are slumlords that insulate poorly and their tenants have high usage as a result, but probably don't have many nice things. Use patterns could be useful to a burglar, but most burglaries are crimes of opportunity not of planning. Otherwise you would see very few burglaries in poor neighborhoods and many in rich neighborhoods. I said secure as practical, because there is no such thing as completely secure. Everything is a tradeoff unless you unplug the network completely. We don't see a need to secure this system more than we secure SCADA where much greater damage could be done. The portal won’t have information beyond hourly usage and billing info so it's optional anyway.
I think most of the others have already covered the RF side of things, so I'll discuss the privacy aspects. First of all, I do realize the meters have fairly high resolution when it comes to usage so there are some privacy concerns. Keep in mind that just because the meter can tell exactly what channel you are watching in a lab environment, it doesn't work that way in the real world. No utility has the desire to store data at that level of detail. The utility I work for will store data with 1 hour resolution. That means we will know how much power was used during a specific one hour interval. This alone has enormous storage and server requirements. Going to smaller intervals would do nothing for us and compound or storage requirements so it's a non starter. We are a for profit company and have no cost justification for that kind of system. We are also not storing customer information in the same system that we are storing meter data. The system storing meter data will just have a service delivery point so the data can be tied to a customer, but it raises the difficulty level.
As far a remote shutoff goes we are working very hard to make that system as secure as practical. Those commands will be considered privileged and limited to a small group of people. There will also be limits in place so it's not like I could issue a command to shut off 100,000 customers all at once. The security is being handled in a very similar fashion to how we handle our SCADA security where a couple of key strokes can actually shutoff decent sized parts of the grid in our service territory. Needless to say at my utility we are taking your privacy and security very seriously.
So in a nutshell with one hour resolution what could someone lean about you? Well your usage patterns would give some stuff away. Probably the same sort of stuff your neighbors already know. Daily habits such as what shift you work and what time you tend to go to bed at night and what time folks get up in the morning. That being said if your utility gives you access to your data via a portal, I would probably use a fairly decent password and not share it with the world.
Are there wives out there that don't know they have husbands watching porn? Here's a clue for them. If they have a boyfriend or husband he watches porn at least occasionally. There are no exceptions. If they think their guy isn't like the rest and is somehow special, they are naive and wrong. Men are hard wired for this stuff, just because they watch porn doesn't mean they don't love their mate.
I hate to break it to you, but that horse left the barn years ago. The data from these systems is much too valuable and companies that would follow your advice would be at a large competitive disadvantage. That being said, these systems should still be protected with multiple layers of security. I work on SCADA systems and there are multiple security measures such as no default gateways and no less than three firewalls between the SCADA system and the Internet, but it is required that it be connected. For example we need to exchange data on 5 min intervals with our energy market that was implemented, because deregulation and public markets are supposedly better. For example if you would like to see near real time energy market data in the Midwest you can look here https://www.midwestiso.org/MarketsOperations/RealTimeMarketData/Pages/LMPContourMap.aspx
They are probably not allowed to flight pool per Google policy. Many businesses have policies regarding key employees traveling together. This is in case of a crash or or other unfortunate event causing the death of the travelers on board. If the policy is written well, they probably aren't supposed to be in the same car train or bus either as those forms of transportation aren't as safe.
I hate to say it, but Ballmer was right developers, developers, developers. The fact of the matter is that most line of business appliocations are Windows executables. That is changing somewhat in that we are seeing web interfaces added by many vendors, but the same vendors are also adding AD integrated authentication. If other OSs hit a critical mass, there will also be a need for centralized management of patches and anti-virus etc. Imagine if Linux or another OS had enough of an installed base to be a target. Users would still be clicking on trojans and entering the root password when requested.
I hate to say this, but recycling server hardware every three years isn't the right way to go. I have Dell servers that are 7 years old and working fine. They aren't close to using all of the resources so it makes no sence to replace them with anything newer. Resourse intensive apps get server upgrades every 2 or 3 years, but you don't need to upgrade for the sake of upgrading. I don't even bother carrying support on servers beyond the initial 3 years on 90% of my servers, but I do have a third party support some specialized servers that would be a huge pain to change. The trick is you need to know how to rebuild any app you support from scratch or with backups etc. If one of my 7 year old Dells were to fail today, I'd immediately fire up a new box and install everything that's needed on the new server and move on. Really not a big deal. The problem is you have to know how to support what's installed on the servers... every single one of them. If you can't rebuild something from scratch you'll be spending all night learning at some point anyway. Keeping a spare server around is much cheaper than paying for support on a bunch of old servers that rarely have failures other than the occasional HDD.
All aircraft engine manufacturers call for zero ash. I'm guessing that they figured that was the easiest thing to do as opposed to doing actual testing. Since it's never been tested properly, I wouldn't blame the governments for following the written specifications. I also doubt that any engine company is going to be willing to take on the lilability of publishing updated specifications allowing some ash.
I don't understand how they can't have full free speech rights, yet be held accountable for criminal acts. If a 17 year old student came to school with a gun and killed someone, they would want to try them as an adult. If you're going to be held to adult standards in that situation you should also have adult privileges.
Many Europeans live in a much more urban setting then we do in the US. I live in a suburb and therefore I don't bother securing my wireless. If someone wants to use my bandwidth they'll have to be on my property to do it, because I don't get much range out of my house. Why should I bother securing it? It's much more conveniant to leave it open, especially when friends stop over or I'm working on someone's PC. All of my banking etc is run over SSL so it's encrypted endpoint to endpoint anyway. If I lived in a urban setting I would probably have to secure it though since many folks could leach if they wanted to.
I just clicked your link and the third entry is We could not find matches for "Anal Massage for Lovers Vol 2". I'm pretty sure Target never carried that product confirming what you say. I'm wondering if they are spamming from some sort of fixed database or if they are using failed queries from their site. If they are using failed queries, we could turn this against them. Someone could write an app to search target.com for bestiality, necrophilia etc. I wonder if Target would be happy to be the number one result for those search terms.
Mod parent up! This is the same way I get rid of all of the bloatware that comes preinstalled on a new PC. When you get the license agreements, just disagree with them. The software is immediately uninstalled.
I searched a whole bunch of these for the word "fuck" and couldn't find a single instance. I find it hard to believe that nobody got a page from their girl/boy friend saying why don't you come over and fuck me or a message saying holy fuck a plane just hit the WTC.
If this could be done every 4 seconds for hundreds of thousands of data points you might be correct. Unfortunately I don't know of a system that could do this at any speed close to what is required. The speed required doesn't even allow for relational databases, because Oracle, SQL etc can't handle the inserts at the rate required. Here http://www.osisoft.com/software-support/what-is-pi/Architecture.aspx is a typical architecture for this sort of thing. There are multiple layers of firewalling between the control networks and corporate networks, but any company that were to go the air gap route would be bankrupt shortly. These are real-time systems and the markets can change very quickly.
I know all the comments are about to come flooding in that these systems should be air gapped from the Internet, but that isn't practical in today's environment. These systems need to be indirectly connected to the corporate networks, because the data is valuable to the companies. Much of this is due to deregulation. Since deregulation electric utilities no longer operate as islands with their own generation, transmission and customers. Since nobody liked monopolies in the energy industry, the pieces aren't necessarily owned by the same companies anymore. Energy is also bought and sold in a market environment with prices changing all the time and the information is exchanged over the Internet. If you want to see the current Megawatt Hour (MWh) prices in the midwest check out http://www.midwestiso.org/page/LMP+Contour+Map+(EOR). Needless to say air gapping isn't practical in today's environment.
I'm still waiting to see this in action. I know it's fairly easy to synch passwords between systems and even provide some parts of SSO, but I'm still waiting on the application that lets me long into Windows in the morning and never be presented with another login box for the rest of the day. I don't expect it to ever happen.
Slashdot Mirror
Slipstreaming is not a work around. It is a standard feature in Windows Deployment Services and has worked since the days of Windows 2000.
FYI. To clarify. We are getting 1hr resolution. The previous argument was we could be grabbing higher resolution data.
I think your first statement affirmed what I was saying. Most (not all) burglaries are unsophisticated. For the buglers that are planning well, they already know the occupant is not home by existing means. It's fairly well known that most affluent people work the day shift and would be way easier to confirm by driving by than trying to hack a website as the folks that can hack websites would probably be better off doing computer crime.
There is no way to air gap the SCADA for the energy grid these days. The reality is since monopolies are bad and markets solve everything (yes that’s sarcasm) energy is now traded in markets. A map is located at http://www.ferc.gov/market-oversight/mkt-electric/overview.asp if you are interested. Any company that air gapped their SCADA would be a huge competitive disadvantage then all of the others in that market. Also that data is very valuable to engineers doing planning so they know where to do upgrades etc. That being said, those systems aren't just thrown on the company network either. There are multiple layers of security and the normal corporate network is treated as a hostile network like the internet.
The portal will be read only information. I would think two factor would be cost prohibitive, however it will surely be https and should be secured. I don't have anything to do with that part of the business, but I do know it's taken seriously. We have an excellent security staff and much of the team comes from a DOD background.
The short answer is that how we bill you. Smart meters are the first step to implementing time of use rates. The fact of the matter is energy costs your utility can vary up to 10x depending on the time of day. We can't make it as complex to customers, but implementing peak/off peak rates might motivate some people to do their laundry off peak etc. That could save all of us a ton of money as 20% of the generating fleet runs less than 10 days a year on average.
We would never get away with selling data to a third party. The regulator would never approve anything like that and we would not ask. Not to mention I don't see a business case for knowing you fire up your coffee maker at 7:35 AM every day. They can easily glean that information by harvesting existing info like that fact that you purchase coffee at the grocery store every month. Knowing you are using your coffee maker instead of your dishwasher might be pretty difficult with even 1 min data.
11TB doesn't even start to cover 1 min data. A single 32 bit integer isn't even in the ballpark. There is a ton more going on than you realize. Meters have something like 40 different values you can get in addition to various events. I expect something on the order of 1KB per read. We get voltage, power factor etc. along with usage. We are using way more than 11TB for our system that doesn't have even 1% of the number of folks you are talking about. Not to mention finding a system fast enough to do all of the database inserts necessary to keep up with that would be problematic. Than you have to have all of the test, development and disaster recovery systems. To do minute type resolution you would be looking at petabytes for our utility alone. Rough math. I could be mistaken, but it looks like for the entire US you would be looking at like 144,140,000 Electric Customers * 1K/read * 1440 reads/day * 365 Days/year = about 69 PB/year. Keep the data for 7 years as required and have a DR copy too and it gets really expensive as you are in Exabyte territory. Then you get the bandwidth and servers to support all of this and the cost increases from there. I’m not saying it can’t be done, but getting a regulator to approve rate increases to pay for it would be difficult at best.
I wouldn't equate high usage with home electronics nearly as much as I would equate it to poor insulation. If I was looking for expensive electronics I would go much more by neighborhood than energy usage. Nice neighborhoods have nice stuff. There are slumlords that insulate poorly and their tenants have high usage as a result, but probably don't have many nice things. Use patterns could be useful to a burglar, but most burglaries are crimes of opportunity not of planning. Otherwise you would see very few burglaries in poor neighborhoods and many in rich neighborhoods.
I said secure as practical, because there is no such thing as completely secure. Everything is a tradeoff unless you unplug the network completely. We don't see a need to secure this system more than we secure SCADA where much greater damage could be done.
The portal won’t have information beyond hourly usage and billing info so it's optional anyway.
I think most of the others have already covered the RF side of things, so I'll discuss the privacy aspects. First of all, I do realize the meters have fairly high resolution when it comes to usage so there are some privacy concerns. Keep in mind that just because the meter can tell exactly what channel you are watching in a lab environment, it doesn't work that way in the real world. No utility has the desire to store data at that level of detail. The utility I work for will store data with 1 hour resolution. That means we will know how much power was used during a specific one hour interval. This alone has enormous storage and server requirements. Going to smaller intervals would do nothing for us and compound or storage requirements so it's a non starter. We are a for profit company and have no cost justification for that kind of system. We are also not storing customer information in the same system that we are storing meter data. The system storing meter data will just have a service delivery point so the data can be tied to a customer, but it raises the difficulty level.
As far a remote shutoff goes we are working very hard to make that system as secure as practical. Those commands will be considered privileged and limited to a small group of people. There will also be limits in place so it's not like I could issue a command to shut off 100,000 customers all at once. The security is being handled in a very similar fashion to how we handle our SCADA security where a couple of key strokes can actually shutoff decent sized parts of the grid in our service territory. Needless to say at my utility we are taking your privacy and security very seriously.
So in a nutshell with one hour resolution what could someone lean about you? Well your usage patterns would give some stuff away. Probably the same sort of stuff your neighbors already know. Daily habits such as what shift you work and what time you tend to go to bed at night and what time folks get up in the morning. That being said if your utility gives you access to your data via a portal, I would probably use a fairly decent password and not share it with the world.
Are there wives out there that don't know they have husbands watching porn? Here's a clue for them. If they have a boyfriend or husband he watches porn at least occasionally. There are no exceptions. If they think their guy isn't like the rest and is somehow special, they are naive and wrong. Men are hard wired for this stuff, just because they watch porn doesn't mean they don't love their mate.
I hate to break it to you, but that horse left the barn years ago. The data from these systems is much too valuable and companies that would follow your advice would be at a large competitive disadvantage. That being said, these systems should still be protected with multiple layers of security. I work on SCADA systems and there are multiple security measures such as no default gateways and no less than three firewalls between the SCADA system and the Internet, but it is required that it be connected. For example we need to exchange data on 5 min intervals with our energy market that was implemented, because deregulation and public markets are supposedly better. For example if you would like to see near real time energy market data in the Midwest you can look here https://www.midwestiso.org/MarketsOperations/RealTimeMarketData/Pages/LMPContourMap.aspx
They are probably not allowed to flight pool per Google policy. Many businesses have policies regarding key employees traveling together. This is in case of a crash or or other unfortunate event causing the death of the travelers on board. If the policy is written well, they probably aren't supposed to be in the same car train or bus either as those forms of transportation aren't as safe.
I hate to say it, but Ballmer was right developers, developers, developers. The fact of the matter is that most line of business appliocations are Windows executables. That is changing somewhat in that we are seeing web interfaces added by many vendors, but the same vendors are also adding AD integrated authentication. If other OSs hit a critical mass, there will also be a need for centralized management of patches and anti-virus etc. Imagine if Linux or another OS had enough of an installed base to be a target. Users would still be clicking on trojans and entering the root password when requested.
I hate to say this, but recycling server hardware every three years isn't the right way to go. I have Dell servers that are 7 years old and working fine. They aren't close to using all of the resources so it makes no sence to replace them with anything newer. Resourse intensive apps get server upgrades every 2 or 3 years, but you don't need to upgrade for the sake of upgrading. I don't even bother carrying support on servers beyond the initial 3 years on 90% of my servers, but I do have a third party support some specialized servers that would be a huge pain to change. The trick is you need to know how to rebuild any app you support from scratch or with backups etc. If one of my 7 year old Dells were to fail today, I'd immediately fire up a new box and install everything that's needed on the new server and move on. Really not a big deal. The problem is you have to know how to support what's installed on the servers... every single one of them. If you can't rebuild something from scratch you'll be spending all night learning at some point anyway. Keeping a spare server around is much cheaper than paying for support on a bunch of old servers that rarely have failures other than the occasional HDD.
To my wife immediately. She complains that her memory could be better.
Do we now prefer Microsoft to Apple now? Last I knew Slashdot likes the underdog.
All aircraft engine manufacturers call for zero ash. I'm guessing that they figured that was the easiest thing to do as opposed to doing actual testing. Since it's never been tested properly, I wouldn't blame the governments for following the written specifications. I also doubt that any engine company is going to be willing to take on the lilability of publishing updated specifications allowing some ash.
I don't understand how they can't have full free speech rights, yet be held accountable for criminal acts. If a 17 year old student came to school with a gun and killed someone, they would want to try them as an adult. If you're going to be held to adult standards in that situation you should also have adult privileges.
This is slashdot, Linux never crashes. Crashing is something only Microsoft operating systems do.
Imagine the messages if it was Microsoft doing this. And even better would be if Comcast was somehow providing the service.
Many Europeans live in a much more urban setting then we do in the US. I live in a suburb and therefore I don't bother securing my wireless. If someone wants to use my bandwidth they'll have to be on my property to do it, because I don't get much range out of my house. Why should I bother securing it? It's much more conveniant to leave it open, especially when friends stop over or I'm working on someone's PC. All of my banking etc is run over SSL so it's encrypted endpoint to endpoint anyway. If I lived in a urban setting I would probably have to secure it though since many folks could leach if they wanted to.
I just clicked your link and the third entry is We could not find matches for "Anal Massage for Lovers Vol 2". I'm pretty sure Target never carried that product confirming what you say. I'm wondering if they are spamming from some sort of fixed database or if they are using failed queries from their site. If they are using failed queries, we could turn this against them. Someone could write an app to search target.com for bestiality, necrophilia etc. I wonder if Target would be happy to be the number one result for those search terms.
Mod parent up! This is the same way I get rid of all of the bloatware that comes preinstalled on a new PC. When you get the license agreements, just disagree with them. The software is immediately uninstalled.
I searched a whole bunch of these for the word "fuck" and couldn't find a single instance. I find it hard to believe that nobody got a page from their girl/boy friend saying why don't you come over and fuck me or a message saying holy fuck a plane just hit the WTC.
If this could be done every 4 seconds for hundreds of thousands of data points you might be correct. Unfortunately I don't know of a system that could do this at any speed close to what is required. The speed required doesn't even allow for relational databases, because Oracle, SQL etc can't handle the inserts at the rate required. Here http://www.osisoft.com/software-support/what-is-pi/Architecture.aspx is a typical architecture for this sort of thing. There are multiple layers of firewalling between the control networks and corporate networks, but any company that were to go the air gap route would be bankrupt shortly. These are real-time systems and the markets can change very quickly.
I know all the comments are about to come flooding in that these systems should be air gapped from the Internet, but that isn't practical in today's environment. These systems need to be indirectly connected to the corporate networks, because the data is valuable to the companies. Much of this is due to deregulation. Since deregulation electric utilities no longer operate as islands with their own generation, transmission and customers. Since nobody liked monopolies in the energy industry, the pieces aren't necessarily owned by the same companies anymore. Energy is also bought and sold in a market environment with prices changing all the time and the information is exchanged over the Internet. If you want to see the current Megawatt Hour (MWh) prices in the midwest check out http://www.midwestiso.org/page/LMP+Contour+Map+(EOR). Needless to say air gapping isn't practical in today's environment.
I'm still waiting to see this in action. I know it's fairly easy to synch passwords between systems and even provide some parts of SSO, but I'm still waiting on the application that lets me long into Windows in the morning and never be presented with another login box for the rest of the day. I don't expect it to ever happen.