Even though Itron’s systems are well-designed and have solid protections in place, a determined attacker will almost certainly be able to penetrate the defenses at some point in time. Security-related threats have become not only more numerous and diverse, but also much more damaging and disruptive. New types of security-related incidents emerge frequently. Preventative activities based on the results of thorough risk assessments can lower the number of incidents, but not all incidents can be prevented and there must be a framework for responding to incidents such as
Additionally, specific contractual language with Itron customers has necessitated the need for a more formal incident response process. An incident response capability is therefore both technically and legally necessary for Itron to show due care and due diligence to its customers.
The new Itron Security Center (ISC) offers such a response capability. The ISC consists of a team of expert resources that are dedicated to protecting customers from vulnerabilities in all of Itron’s deployed systems. The ISC reports security vulnerabilities responsibly and collaborates with industry partners to identify threats and find solutions. There is an email reporting system (firstname.lastname@example.org) where issues can be sent by customers and
researchers. Additionally, the ISC provides security bulletins and updates that specifically address any discovered issues and vulnerabilities, as well as information on how to address any discovered concerns.
You can access the full article here Creating the Itron Secutiry Center.