Smart Grid Security: Keeping Hackers Out of Your Power Meter
If the smart grid is watching our power use, who is watching the smart grid?
The smart grid has the potential to revolutionize the way we consume electricity. But there's a catch—networking digital electrical meters into what is essentially an internet for electricity makes the smart grid vulnerable to hackers. And according to some smart grid experts, an educated hacker with $500 worth of materials and equipment could gain control of thousands—or even millions—of meters. Once a hacker has access to the grid, mass blackouts (and chaos) could ensue.
There are, unfortunately, a number of different ways that hackers could shut down the grid, like intercepting codes from a smart meter's two-way radio chip; reverse-engineering smart meter hardware, or using a software radio to interact with wireless communications. And those are just a few of the ways that hackers could access smart meter codes and programming. Once someone has access to this information, they can communicate with all meters of the same brand on a network. In one simulation, the computer security firm IOActive showed that self-replicating malware could turn off power for 15,000 homes in just 24 hours.
The potential for hackers to cause havoc isn't lost on utilities and smart grid companies. According to a recent report from Pike Research, $21 billion will be invested in smart grid security over the next five years. But what does smart grid security look like?
One important factor in securing the grid will be ensuring that it is "future-proof"—that is, making sure that smart meters and other pieces of equipment can be upgraded without swapping them out entirely. Wireless technology company SmartSynch has developed a Universal Communications Module—a device containing wireless networks, fiber optic cables, and power line carriers—with individual components that can be upgraded when new technologies become available. That means security holes can be quickly patched up without having to replace the entire module.
Companies with experience in internet security are also advertising their wares to concerned utilities. Cisco, for example, believes that traditional IT security technologies like firewalls, protection from denial of service, and intrusion detection and prevention should be leveraged to keep the smart grid running. The grid will have to use internet networks for that to work—a solution that Cisco is heavily promoting.
The smart grid's vulnerability goes beyond just shutting down our electricity. Curious hackers (and marketers) could learn volumes about our daily habits if they have access to smart meters. At a recent conference, Siemens admitted that it has the technology to record energy consumption up to the microsecond. It's a capability that allows the company to infer when you get up in the morning, how many people live in the house, whether you have pets, if anyone in the house works from home, and more.
The potential for widespread access to this this kind of information has triggered the Electronic Frontier Foundation to propose a set of rules that would better inform California customers about what kind of information can be collected from their meters and how that information may be shared. The EFF's rules also propose that law enforcement be required to collect a warrant before accessing energy use information.
It's fitting that the EFF is pushing for smart grid privacy rules; the smart grid is undoubtedly on the electronic frontier. Before it moves beyond the frontier and into the mainstream, we need to ensure that it is prepared to meet a slew of security challenges—and fast.
Illustration by Junyi Wu