NewTeeVee Live: Comcast’s On-demand Online to Be Ready “by Hanukkah”

Amy BanseAt our NewTeeVee Live conference this morning, Comcast Interactive Media (s CMCSA) President Amy Banse narrowed down the time line for how soon customers will be able to use On-Demand Online service, which will allow subscribers to access premium cable content on their PCs. The verdict? Sometime before Hanukkah.
“If you were to present On-Demand Online to me as a gift, would it be a Hanukkah gift, or a Christmas gift, or maybe a Kwanzaa gift?” NewTeeVee co-editor Chris Albrecht asked.
“I can’t be very specific, but I can say that we will be able to accommodate all religious groups,” Banse replied. Later, she reiterated that the service would become available to subscribers sometime in early December, before the Jewish holiday begins on Dec. 11. Read More about NewTeeVee Live: Comcast’s On-demand Online to Be Ready “by Hanukkah”

Smart Meter Security: Not Up To Par

Ask your favorite sysadmins or IT experts about computer security and you’re likely to get more of an earful than you bargained for (with a healthy dash of paranoia thrown in for good measure). Why? Because years of outwitting hackers, guarding against malicious code, and bringing infected systems back from the brink have instilled in most of them a cautious and rigorous approach to keeping data (and its users) safe.
Not so, it seems, for some smart meter makers.

Smart Meter Worm Could Spread Like A Virus

blackhatlogoFor a utility that’s in the process of installing smart meters, there are probably few things more terrifying than the simulation of a smart meter worm that IOActive’s Mike Davis showed off at the annual security conference Black Hat on Thursday. During Davis’ presentation, he showed how he and his team at the security consulting firm created a simulation in which over a period of 24 hours about 15,000 out of 22,000 homes had their smart meters taken over by a worm that could render the device under the control of the worm’s designers.
Davis showed off a time-condensed version of the simulation using an overlay on Google Earth. At the beginning of the simulation there were 22,000 green pins on the image of the satellite map to signify actual plotted address in a metropolitan area; after the introduction of the smart meter worm, the majority of the pins quickly turned a shade of red, rapidly spreading from the point where the worm was introduced. The image was reminiscent of the introduction of infectious diseases and Davis said in a real world scenario the rate of the spread of the worm could be slower or faster considering a variety of technical conditions.
Read More about Smart Meter Worm Could Spread Like A Virus

Today in Cleantech

Computer security experts are gathered in Las Vegas for the Black Hat hacker convention and this year there’s a presentation worthy of the smart grid crowd’s attention.  In what is typically the scene of clever network infiltrations and defeated security schemes, IOActive is planning to spotlight the hacker-repelling shortcomings of some smart meters.  The firm will be using a worm, malicious software that can spread on its own and the same type of code that ground many computer networks to a halt in years past.  Smart meter manufacturers will undoubtedly be watching, and given the U.S. Department of Energy’s expressed willingness to withhold smart grid funding over lax cyber security, so should utilities.

Smart Grid: Spotlight on Security

smartmetergeneric4The security of the smart grid is going under the microscope this week. As Patricia Hoffman, the acting assistant secretary for the Department of Energy’s Office of Electricity Delivery and Energy Reliability said in a testimonial last week, the DOE may refuse to hand out smart grid stimulus funds to an otherwise promising project if that applicant can’t prove that the project has addressed cyber security concerns. Well, we should hope so — if we learned anything from the buildout of the Internet it’s that networks that have sophisticated connections will have increasingly sophisticated hackers.
The mainstream media is picking up the story this week, but the Washington Post adds a spin of its own and says utilities have to prove security to get the funds, “as they move to link nearly all elements of the U.S. power grid to the public Internet.” I disagree with that statement — it’s not that all elements of the U.S. power grid will end up connected to the public Internet, it’s that the power grid is creating its own form of Internet, which needs the same type of security requirements as the Internet. It’s still unclear to me whether utilities will end up embracing the Internet and chose to link “nearly all” or even just some of the power grid to the Internet.
Read More about Smart Grid: Spotlight on Security

Smart Grid Security Frenzy: Cyber War Games, Worms and Spies, Oh My!

With all the stories out this week about security threats to the smart grid, you might get the impression that your smart meter’s gonna leave you susceptible to diabolical plots from the likes of Kim Jong Il, Somali pirates and the Joker. There are real concerns, but computer security companies, policy makers and trade groups are making more and more noise about smart grid security at this early stage of the grid’s development in an effort to set standards and to create voluntary programs before federal laws are set. And for those who have a product to sell, it’s also an effort to build a market — grid security will be a big business.

This week the North American Electric Reliability Corp. (NERC) said it has made progress on some “milestones” (more like incremental steps) for smart grid security. NERC says its Board of Trustees has approved the first revisions of its eight cyber security standards, and is working on a second set of revisions to come out later this year. NERC will also soon start assessments, or cyber war games as The Wall Street Journal calls them, with power companies to figure out how best to respond to “cyber incidents.” In addition, NERC has created an alerting portal to inform power companies and personnel when a breach is under way. (We can see it now: ALERT! METERS IN FRESNO ARE UNDER THE CONTROL OF THE PIRATE BAY.)
Read More about Smart Grid Security Frenzy: Cyber War Games, Worms and Spies, Oh My!

YouTube Starts Giving Watchers Ad Choices

YouTube (s GOOG) is running a test on some of its premium content that gives users the choice to either front-load their ad-watching with a single full-length promoted video or stick to midstream ads at intervals throughout.

User Choice Screenshot

For instance, some watchers of a 20-minute-long episode of Lionsgate’s Alf (see screenshot) have the option of watching a 1:23 ad for Target, a 34-second ad for Tampax, or four normal (usually 15- or 30-second) commercial breaks.

Choosing between ads doesn’t just make viewers feel empowered — it’s also good for advertisers. Just figuring out that equation (how to minimize commercial time) probably draws more viewer attention to in-stream ads than they might ever receive. And the test puts a lot more value in promoted videos, which are normally featured around the edges of the viewing experience, such as next to search results. Now promoted video buyers are effectively buying pre-rolls.

The idea isn’t novel, but it’s a good one. Hulu has from early on experimented with user choice about ads, for instance, giving viewers of its films an option to watch movie previews instead of regular mid-roll ads. One day last week, Microsoft (s MSFT) bought out the site with a “Bing-a-thon” promotion for its relaunched search that made the rest of Hulu ad-free for watchers. And Tremor Media earlier this month launched an ad format called V-Choice which allows publishers to give their viewers options about what ads to watch.

Net Security Company Says Smart Grid Should Look to Computing for Security Tools

As we’ve pointed out recently, the power grid will increasingly be adding computing and intelligence, and will in turn be susceptible to the security issues that are currently plaguing the Internet. One of the smartest ways to address these concerns is by following the security lessons learned from the computer industry, and this morning computer security firm IOActive advocates just that.
IOActive says vulnerabilities in the smart grid should be addressed through proven techniques from the computing industry, such as adopting “the requirement of independent third-party security assessments of all Smart Grid technologies” and following a “formal Security Development Lifecycle, as exemplified by Microsoft’s Trustworthy Computing initiative of 2001.” IOActive is a decade-old computer security firm that boasts famous security geeks like Dan Kaminsky on its staff and is advised by Steve Wozniak.
IOActive isn’t the only one suggesting the new smart grid will need to take a cue from computing to combat security risks. Ben Schuman, an analyst with Pacific Crest Securities, and Joe Fagan, an attorney for Pillsbury Winthrop Shaw Pittman who’s spent his career representing the energy industry, told us the same thing last week. The computing industry has spent years developing successful tools to fight those that wish use the Internet for malicious intent. Why not utilize those techniques when it comes to the software and networks that will be managing the future of the power grid?