The Smart (and vulnerable) Grid

Here comes the stunning revelation that the more of an infrastructure you automate and network the more vulnerable it becomes to hacking. In this case it is the realization that the nationwide “Smart Grid” would become a target for hackers should it ever be implemented:

The Smart Grid will use automated meters, two-way communications and advanced sensors to improve electricity efficiency and reliability. The nation’s utilities have embraced the concept and are installing millions of automated meters on homes across the country, the first phase in Smart Grid’s deployment. President Obama has championed Smart Grid, and the recent stimulus bill allocated $4.5 billion for the high-tech program.

But cybersecurity experts said some types of meters can be hacked, as can other points in the Smart Grid’s communications systems. IOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could “take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses.”

Experts said that once in the system, a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously. A hacker also might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.

If recent history is any guide, the system will be rolled out with in sufficient attention paid to security. It will then be breached, patched and breached again. The reason is simple. Engineering is a set of complex trade-offs between competing requirements. Of all those requirements security will be the hardest to quantify. Also the best practices learned from other industries will likely be deemed “too costly” while a system breach is merely a theoretical possibility.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s