Major concern over smart grid security

Newly allocated funds for the smart grid have resulted in new technologies being distributed across the U.S., but smart grid security remains a major area of concern for security experts.

By Source: By Erica Naone Technology Review Magazine September 11, 2009

The American economic stimulus package allocated $4.5 billion for an upgraded electricity delivery system. The funding for new smart grid technologies has resulted in several million networked meters being distributed in the United States.

The vision of the smart grid promises to combine the power of distributed computing with highly fault-tolerant data communications to deliver real-time distribution of power. Within this infrastructure, smart meters represent an important piece of the end-point distribution segment of the smart grid.

However, critics of the new system say that the new system presents major security problems. Mike Davis, a senior security consultant at IOActive-a research company based in Seattle-gave a presentation at the 2009 Black Hat Briefings on a proof-of-concept cyber attack that could potentially allow an attacker to shut off large numbers of meters remotely. Davis and a team of IOActive researchers developed proof-of-concept malicious code that self-propagated in a peer-to-peer fashion from one meter to the next.

Highlights from Davis’ presentation are below:

A. Attacking Memory

To hack into a smart meter through hardware, an attacker first needs to determine the programming that runs it, says Travis Goodspeed, an independent security researcher who specializes in wireless sensor networks. If the meter hasn’t been built with protective features, a hacker can use syringes to insert a needle into each side of the device’s memory chip. The needle serves as a probe to intercept the electrical signals in the memory chip. By analyzing these signals, the hacker can deduce the device’s programming. Even if the meter includes security features, he says, it may be possible to extract the information using customized tools.

B. Digital Radio

The smart meter’s two-way radio chip allows the device to be read remotely and to receive commands over the network. The software in the chip contains security codes that an attacker who’s cracked the meter’s programming can use to get on the network and begin issuing commands. Goodspeed has shown that the codes can be extracted using syringes in a process similar to the attack on the memory.

C. Accessing the Meter

One way to hack into a smart meter is through its wireless networking device, says David Baker, IOActive’s director of services. An attacker can use a software radio, which can be programmed to emulate a variety of communications devices, to listen in on wireless communications with the network and deduce over time how to communicate with the meters. Another method, Baker says, is to attack the hardware. An attacker could steal a meter from the side of a house and reverse-engineer it. This method, he says, while inexpensive, does require a good knowledge of integrated circuits.

D. Spreading Malware to the Network

With access to one smart meter’s programming and codes, Baker says, someone can communicate with all the meters of the same brand that are connected to the network. To demonstrate his attack, Davis crafted a piece of malware that could self-replicate to other meters, allowing an attacker to shut them down remotely. In simulations, Davis showed that if his worm were released in an area where all the houses were equipped with the same brand of meter, the worm could spread to 15,000 homes in the space of 24 hours.

E. Measuring Electrical Usage

At the heart of a smart meter are the sensors that measure energy usage. Unscrupulous individuals have long tried to save money on their electric bills by interfering with a meter’s ability to accurately report how much energy has been consumed. That type of fraud may still be possible on a smart meter, though many of the devices are designed to protect against the mechanical methods traditionally used.