By Bill Brenner
May 21, 2010
MidAmerican Energy Company is the largest utility in Iowa, strategically
located in the middle of several major markets in the Midwest, providing
service to more than 725,000 electric customers and more than 707,000
natural gas customers in a 10,600 square-mile area from Sioux Falls,
S.D., to the Quad Cities area of Iowa and Illinois. This makes it a
tempting target for an attacker bent on striking a blow to critical
Under the direction of John Kerber, manager of information protection,
MidAmerican did an extensive review of its security procedures and found
that its spread-out network had to be tightened up, particularly when it
came to Internet access. Since the company owns other utilities across
the globe [including PacifiCorp, which provides power to a large swath
of the West coast], there were too many Internet access points that
could be targeted. More importantly, though, the company found its
biggest problem in the code that makes up its myriad applications for
everything from power distribution to online billing services.
"Last May we had an incident where one of our web pages was exploited
through an SQL injection flaw," Kerber said. "It was a wake-up call that
we had vulnerabilities people could find out about."
In tackling the problem from the beginning of the app development
process, MidAmerican is following a growing trend in the infosec
community that relies less on bolt-on defenses and more on code
The code security trend includes the Rugged software movement, BSIMM --
the Building Security In Maturity Model -- and Microsoft's Security
Development Lifecycle (SDL).
Best Selling Security Books and More!
Shop InfoSec News