Smart Grid could be vulnerable to hackers

Several reports point to the vulnerability of the Smart Grid.

By Source: CNN, IDG News, and others March 23, 2009

CNN recently reported that "the high technology, digitally based electricity distribution and transmission system known as the ‘Smart Grid’" could be vulnerable to hackers, and "until the United States eliminates the Smart Grid’s vulnerabilities, some experts said, deployment should proceed slowly."

The system "will use automated meters, two-way communications and advanced sensors to improve electricity efficiency and reliability," and the concept has been embraced both by the current administration and by utilities, which "are installing millions of automated meters on homes across the country, the first phase in Smart Grid’s deployment."

A recent project from security consultancy IOActive "determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could ‘take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses.’"

IDG News explained that the IOActive "researchers created a computer worm that could quickly spread among Smart Grid devices, many of which use wireless technology to communicate." And, "in the hands of a malicious hacker, this code could be used to cut power to Smart Grid devices that use a feature called ‘remote disconnect,’ which allows power companies to cut a customer’s power via the network. IOActive briefed the U.S. Dept. of Homeland Security on its findings Monday and is advising the utilities industry to better test the systems before deploying them in the real world."

BusinessWeek adds, "According to a report in the National Journal last year, hackers in China may have already used what little infotech intelligence there is on the current power grid to cause two major U.S. blackouts."

According to experts, "crucial to maintaining security will be establishing industry standards. At the smart grid policy meeting held last week, Federal Energy Regulatory Commission (FERC) chairman Jon Wellinghoff issued a statement calling for the development of “standards to ensure the reliability and security, both physical and cyber, of the electric system.”

While FERC doesn’t itself develop standards, the agency will be asking for input from standards bodies that work on security in the Internet, engineering, and electronics industries."

A "second factor needed to secure the smart grid will be an open platform."

CNet , EETimes, and ZDNet also reported the story.