Smart gridSmart Grid offers target-rich opportunities for hackers
SCADA systems are vulnerable to hacking, but the smart grid is even more vulnerable; security experts at the Black Hat conference in Las Vegas last week warned that the accelerated deployment of smart-grid technology could leave critical infrastructure and private homes vulnerable to hackers; hacking may come in a benign form — customers might simply figure out how to lower their electricity bills by manipulating how much energy their meters say they are using; hacking may also have more sinister aspects: large-scale attacks may also be possible, and the smart grid’s serious vulnerabilities make it possible to shut down the power supply to an entire city
Haste makes waste: Hackers say the rapidity of smart grid deployment means plent of exploitable vulnerabilities // Source: maximumpc.com
The vulnerability of the smart grid to hacking is not a new concern, and security experts have been warning for a while now about rapid adoption of smart grid technology before these vulnerabilities are addressed (see, for example, “How vulnerable is the smart grid?” 3 December 2009 HSNW; “Smart grid attack likely,” 26 February 2010 HSNW; and “Experts say smart meters are vulnerable to hacking,” 30 March 2010 HSNW).
The worries about the smart grid introducing new vulnerabilities into U.S. critical infrastructure have already spawned a small industry the product of which aim to plug the grid’s security holes (“Smart Grid cybersecurity market to reach $3.7 billion by 2015,” 24 June 2010 HSNW ).
The rush toward the smart grid continues, though. Security experts at the Black Hat conference in Las Vegas last week warned, again, that this accelerated deployment of smart-grid technology could leave critical infrastructure and private homes vulnerable to hackers. They warned that smart-grid hardware and software lacks the necessary safeguards to protect against meddling.
Utilities are being encouraged to install this smart-grid technology — network-connected devices to help intelligently monitor and manage power usage — through funding from the U.S. government’s 2009 stimulus package (“Obama announces $3.4 billion investment in smart grid,” 27 October 2009 HSNW). The smart systems could save energy and automatically adjust usage within homes and businesses. Customers might, for example, agree to let a utility remotely turn off their air conditioners at times of peak use in exchange for a discount.
Erica Naone writes in Technology Review that to receive the stimulus money, however, utilities will have to install new devices across their entire customer base quickly. Security experts say that this could lead to problems down the road — as-yet-unknown vulnerabilities in hardware and software could open up new ways for attackers to manipulate equipment and take control of the energy supply.
As part of the smart-grid deployments, smart meters will be installed in homes and businesses across a utility’s coverage area. These meters can communicate with the utility and with other networked devices — usually via a wireless network of some type. Some ways to hijack this type of equipment have already been revealed. Last year, Mike Davis, a senior security consultant at IOActive, created a piece of software that could spread automatically between smart grid hardware in different homes. The software would then be