Cybersecurity Threat Reduction Through Vulnerability Research

This blog was originally posted on Itron acquired Comverge on June 1, 2017, and  all future demand response blogs will be posted here. 

As I outlined in my first blog post, Comverge's cybersecurity approach is based on a Defense in Depth strategy that includes a security-aware systems IntelliDEFENSEBlogdevelopment life cycle (SDLC) that promotes threat reduction through vulnerability research.

As part of Comverge's ongoing commitment to ensure the security and integrity of our DirectLink load control switches and smart thermostats and all related sensitive information, Comverge engaged Optiv, the largest comprehensive pure-play cyber security solutions provider in North America, to perform a research assessment of the DirectLink Server. Optiv has served more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leading security product manufacturers.

Optiv researchers worked with Comverge to construct a detailed threat model that enumerated the system's various components, realistic attack vectors, as well as the "threat actors" who may wish to misuse this technology. Optiv researchers and Comverge developers collaborated to derive a testing methodology tailored to DirectLink and the needs of Comverge's customers.

Optiv performed a review of the relevant hardware platforms. These efforts included disassembly and analysis of Comverge's devices as they pertain to the established threat model. Researchers performed a hardware teardown of the devices, analyzed their components.

Optiv researchers also reviewed the source code using automated tools and manual analysis looking for security related vulnerabilities or more general best practice violations. Optiv researchers used debugging hardware and software to analyze a DirectLink system while it was operational. These efforts allowed researchers to search for vulnerabilities that might arise during the product's day-to-day operation. This dynamic analysis is similar to the actions taken by active reverse engineering efforts used in sophisticated attacks against infrastructure.

At the conclusion of the assessment Optiv expressed the opinion that Comverge partners can be assured that we performed proper due diligence by engaging an experienced and trusted third party to independently evaluate our products from an information security standpoint. Finally, our clients can be assured that Comverge is following a best practices approach to continually improve our organizations maturity and meet or exceed industry standards for information security.

Connecting Today’s Cities for Greater Resourcefulness Tomorrow

The need to apply technology to solve real challenges in our communities is growing. Cities and utilities across the country are facing a broad range of pressing problems and exploring how to best navigate and utilize technology for a smarter, more sustainable and more resourceful city framework.  Underscoring that point, the Obama administration announced funding and support for smart city initiatives in the U.S. This move by the Office of Science and Technology demonstrates that we are ready to bridge from smart cities as a concept to smart cities as a reality.

It’s important that we begin moving beyond simply thinking about how to create smarter cities to actually forming new collaborations and leveraging new technologies to see how we can be more efficient and resourceful with all of our cities’ resources—we are doing this in some cities right now.

For example, Envision Charlotte, first introduced at the Clinton Global Initiative meeting in Sept. 2010, is leading the way in creating an innovative, scalable and replicable smart city model in Charlotte, N.C., which captured the attention of the Obama administration and will become a national role model. Envision Charlotte focused on a two-mile area and tackled energy first and successfully reduced energy use by 16 percent. That’s real progress.

On the opposite side of the country, Lawrence Berkeley National Laboratory and its private sector partners are working together to test energy efficiency in the FLEXLAB™.  FLEXLAB evaluates the energy efficiency of major building systems, as an integrated system, under real world conditions. As one of the partners, Itron is supplying real-time monitoring and management of solar photovoltaic generation using the Itron Solar Gate prototype, Itron's newest application for the ITRON RIVA™ platform.  As part of this effort, Itron's technology is demonstrating how data collected through Itron's gateway can be used to visualize regional solar production, down to the individual installation and the inverter level. That’s real innovation.

These are just a couple of examples of programs that started small but are having real, measurable impact on the smart cities movement. Connecting people and standards-based technology to achieve goals and then building on that success are things we can do today that will create a more resourceful tomorrow.

Join me and other smart city enthusiasts at Meeting of the Minds in Richmond, California this week.


Authored by Russ Vanos, SVP Strategy and Corporate Development at Itron


Moving to a Single Multipurpose IP Network – Looking out to Internet of Things (IoT) and Smart Cities

Itron Utility Week 2015 kicked off this morning with a great general session! We hope you had a chance to watch the livestream, but if you weren’t able to join us, you can learn more about additional livestreamed sessions here.

During one of our first breakout sessions of the morning, we caught up with Simon Pontin, chief technology officer at Itron and Steve Steinhilber, vice president, Global Partner Organization – Vertical Ecosystems at Cisco, to discuss how utilities will benefit from standards-based multipurpose networks. The advent of these new networks are creating service provider communities and driving the continued development and expansion of the Internet of Things (IoT) and smart cities.

Pontin highlighted the benefits that the single multipurpose IP network brings to utilities, including an innovative ecosystem with open standards and interoperability that allows more devices and apps to engage and interact. With increased network connectivity and reliability, the multipurpose network creates new opportunities for innovation, advancement and IoT.

In its current state, IoT enables people and devices to connect in more meaningful ways and leverages data for decision making and increased process efficiency. Although the industry is experiencing an explosion in connectivity, 99 percent of the world is still not connected. Steinhilber noted that as more devices connect to the IoT, it provides multiple opportunities for utilities to not only create value for customers but that the converged networks enable utilities to respond to changes and innovate.

Additionally, it was noted that together, Itron and Cisco are offering the world’s largest standards-based network platform for battery-powered devices and are working towards a common based network for powered and non-powered devices.

Itron Discusses the Internet of Things in Incisor Magazine

Incisor IoT Article

Incisor Magazine recently published an article by Itron’s Roberto Aiello about the Internet of Things (IoT) and moving from simple connections to real-time actions. In the article, Aiello explores what is at the heart of IoT from sensors and networks to plug and play devices.

You can’t have IoT without standards-based technology working in concert, with data coursing through the veins of connected systems. But, simply moving data around will not help us address tomorrow’s challenges or harness new opportunities. We need to think about IoT more broadly and take the next leap from just connecting devices to providing the processing power in them. Thus, enabling devices to take action in the field in real time.

To read the full article, “Rethinking IoT – Moving from Simple Connections to Real-time Actions,” download Incisor magazine’s April 2015 issue at and go to page 13.

Accelerating the Integration of Variable Generation into the Electric Grid

Recently, I was invited to speak at the Utility Variable Generation Integration Group (UVIG) Conference, which was focused on improving the integration of variable generation into the electric power system. UVIG was established in 1989 and currently has more than 160 members from the U.S., Canada, Europe, Asia and New Zealand. The conference was well-attended with participants from Europe, North America and Asia.

This year’s conference topics included a tutorial on stochastic forecasting methods as they apply to quantifying wind and solar generation forecast uncertainty, how to run a solar and wind forecasting trial, integrating stochastic generation forecasts into an EMS system, and industry trends with distributed solar photovoltaic (PV) forecasting.

During the conference, I participated on a panel that discussed ways to incorporate distributed PV into a load forecast. My co-presenters, Jim Blatchford of the California ISO and Dr. Tom Hoff of Clean Power Research, and I discussed how we incorporate the PV forecasts that Clean Power Research develops into the real-time load forecast model Itron developed for the California ISO. If you would like to find out more about the how we do this, feel free to reach me at

If you are interested in learning more about wind and solar generation forecasting, you should consider attending a future UVIG conference.

Internet of Things (IoT), the Cloud, Edge Analytics…


As my eyes wandered through the Knowledge Center at this year’s recent Itron Utility Week (IUW), I was captivated by the future. Stretching from one end of the floor to the other were a mix of Itron products, solutions and partner displays. I could have stopped and discussed meters or fixed networks, but I was drawn to the analytics section and potential of new devices.

As a forecaster, I track emerging trends and economic news. While I’ve heard about the Cloud and Internet of Things (IoT), I haven’t bothered to understand their implications beyond storing photos and getting my iPad connected. With Itron’s announcement of the Riva Platform, the Cloud and IoT move to the forefront of my mind.

If you don’t know, the Riva Platform brings distributed computing power, control, and analytics for automated decision-making. You can read about platform here.

In a nutshell, analytics and intelligence are being pushed to the edge removing the need for centralized cloud or utility control -- thus the phrase “Edge Analytics.” The Star Trek-ian vision of the future places intelligent sensors in every device making decisions that are both useful and efficient. Who wouldn’t want their house door to unlock when it senses you approaching (gone are key chains and time searching for lost keys)? Why do I need to follow my kids around the house turning off lights when sensors can detect an empty room (unlike my office where the sensor only detects movement often leaving me in the dark when I sit still typing)? The only thing I might not want is the tight Star Fleet uniform...

But as a forecaster, I realize that these new products will require electricity to power the chips and sensors. How much will it increase loads? When will all this occur? Is this load growth represented in my forecast?

Checking with Itron engineers, I confirm that the energy requirement for the new chip is negligible. Still, billions of negligible chips are not negligible. But for now, I’m content to believe that (1) billions of chips are outside my forecast time horizon and (2) any negligible increase in energy consumption will be offset by gains in efficiency. After all, I’m willing to sacrifice the load of a few chips against hours of lighting empty rooms.

Itron Brings Edge Intelligence to Internet of Things World Forum



Itron Riva’s edge intelligence enables easy integration of third-party devices and real-time decision-making capabilities while creating numerous possibilities for realizing the promise of the Internet of Things (IoT) to empower smarter utilities and smarter cities worldwide. Action at the edge reduces network traffic, eases the burden of transmitting high volumes of data back to utility for analysis and minimizes human intervention to perform tasks that can now be automated. It is technology like Itron Riva that is helping us all to create a more resourceful world.

This week at the IoT World Forum in Chicago, Itron technology experts will be sharing the possibilities of Riva’s edge intelligence and sharing ways that IoT can empower cities around the world.

Simon Pontin, Itron’s chief technology officer and Russ Vanos, senior vice president of strategy and corporate development, will both be sharing their IoT vision during live interviews at the event. Their interviews will be broadcast throughout the exhibit hall and archived on the event website at:

Russ Vanos- Tuesday, 10/14 @ 2:30 p.m.
Simon Pontin- Tuesday, 10/14 @ 4:00 p.m.

In addition, a number of Itron experts are featured speakers in the breakout sessions listed below. Click here and visit the links below to learn more about session details. We hope to see you in Chicago!

Internet of Things: Convergence in Three Dimensions- Michael Garrison Stuber, Itron
Smart Grid Bubble: Hype or Hope?- Lee Krevat, Sempra Energy & Don Stuckert, BC Hydro
Standards: Breaking Down the Cross-Vertical Barriers- Roberto Aiello, Itron
Smart Grid the Platform- Lee Mazzocchi, Duke Energy
What Privacy Means in an IoT World and How to Protect it to Build Trust- Michael Garrison Stuber, Itron
Privacy and Security in IoT Neworks: How to Gain, Maintain & Restore Confidence- Jim Attridge, BC Hydro

Click here to learn more about the Itron Riva technology platform.

Smart Grid Technology Applied to Industrial IoT

Over the past few years there has been increased interest in using technologies currently deployed in smart grids for Internet of Things (IoT) infrastructure. The combination of the technology’s high performance, low cost and high level of security and the use of standards makes it an excellent option for expanding IoT infrastructure. There is a great opportunity here to draw on existing smart grid technologies, but it must be done correctly. In order to help business leaders understand how advanced metering infrastructure (AMI) technologies can be modified to support multiple IoT applications, I will be leading a session with the presentation of my paper, “Smart Grid Technology Applied to Industrial IoT,” at Internet of Things (IoT) West 2014.

My session at IoT West will explore my recent paper which describes how AMI technologies have been modified to support multiple IoT applications. The technologies are now non-application specific, open, available, and still meet the same stringent smart grid requirements, making these technologies an interesting option for business and civic leaders looking to increase IoT infrastructure.

AMI systems enable the measurement, configuration, and control of energy, gas and water consumption and distribution, through two-way scheduled and on-demand communication. AMI networks are composed of millions of nodes that are inter-connected in a multi-hop mesh network using some combination of wireless and power-line communications. These networks form the so-called Neighbor Area Network (NAN), along with a backhaul network providing connectivity to "command-and-control" management software applications at the utility company back office.

Each node is resource-constrained in terms of processing power, storage capabilities, and communication bandwidth, due to a combination of regulatory and engineering factors such as heat emissions, form factor and cost, but still has to be reachable through its IPv6 address. In addition, battery powered devices must be deployed in harsh environments for over 20 years without an opportunity to replace the batteries.

In a typical AMI deployment, groups of meters within physical proximity form routing domains, which can vary in size from 1,000 to 10,000 meters. Node density can vary significantly. For example, apartment buildings in urban centers may have hundreds of meters in close proximity, whereas rural areas may have sparse node distributions and include nodes that only have a small number of network neighbors.

All of these characteristics make AMI technologies very desirable for IoT infrastructure. The main challenge is how to apply these technologies to the broad Industrial IoT. My paper and presentation at IoT West will explore these challenges and opportunities in greater detail, drawing on examples of successful implementation around the world.

IoT West is a new event covering advanced connectivity and cloud-based control of devices, equipment, facilities and enterprise operations. The conference is taking place in Las Vegas, Nevada November 6 - 7, 2014, and will feature educational sessions showcasing solutions in mobile to mobile and machine intelligence, big data, facility and enterprise wide connectivity, wearables, IoT security, communications networks, cloud-based monitoring and control of equipment, assets, facilities & operations and smart service management.

I hope you will consider joining me at this exciting event!

Learn more by following @IoTShow on Twitter.

I agree to have my personal information transfered to AWeber ( more information )
Opt in to receive notifications when a blog post is published. Don't miss the thought leadership, insight and news from Itron.
We hate spam. Your email address will not be sold or shared with anyone else.