By the end of 2015, the potential security risks to the smart grid will reach 440 million new hackable points. Billions are being spent on smart grid cybersecurity, but it seems like every time you turn around, there is yet another vulnerability exposing how to manipulate smart meters or power-grid data. At the IEEE SmartGridComm2010 conference, Le Xie, Texas A&M University's assistant professor of electrical and computer engineering, gave examples of how attackers could hack the power grid for fun and profit.
SmartPlanet interviewed Kenneth Van Meter, Lockheed Martin's general manager of Energy and Cyber Services. "By the end of 2015 we will have 440 million new hackable points on the grid...Every smart meter is going to be a hackable point. There are devices and routers in all of the substations that are hackable. Automated devices at home all become hackable points. We're making the whole network from generation to distribution and meter fully automated, so that's hackable. If you can communicate with it, you can hack it," Van Meter stated.
According to the Lockheed Martin smart grid expert, there are three worst case scenarios for the 3,200 utilities in the U.S:
1. Someone, a neighborhood kid or a person in another country, might turn off the power to a hospital or neighborhood in the middle of night.
2. Voltage control devices could be hacked, turned up and down so that the voltage zaps computers, high-definition TVs or other voltage-sensitive equipment.
3. "If you can cause rapid problems in the grid to occur in the right places at scheduled times, you could destabilize the whole grid, black out whole cities or states and cause massive damage." He added that some devices aren't available in the U.S. and could take two years to get a replacement.
Lockheed Martin is working with DHS on advanced forensics and tools, helping to build the first ever real-time cyber center for utilities, blocking and tackling with a set of cyber security requirements that if utilities don't comply with, then they could be fined as much as $1 million a day.
Technology Review mentioned that last year, IOActive's Mike Davis created software to hijack smart meters. That was before the Stuxnet worm attacked SCADA systems, proving to be malware worthy of a sci-fi movie. Both Jonathan Pollet of Red Tiger Security and Nathan Keltner of Fishnet Security have talked of smart grid vulnerabilities in regards to SCADA systems that are used at utility companies. Keltner said the smart grid amounts to "old-school SCADA that's been bolted into some sort of a newer technology."
At hacker security conferences this summer, researchers presented several smart grid/smart meter talks such as Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters, Wardriving the Smart Grid, and The Night The Lights Went Out In Vegas: Demystifying Smartmeter Networks. There are also bucket loads of smart meter data privacy issues and how it could be used. Ready or not, this nation is moving fast to implement smart grid technologies.
Pike Research estimates that $21 billion will be spent on smart grid cybersecurity by 2015. The Department of Energy recently announced it will invest more than $30 million for ten projects that will address cybersecurity issues facing the smart grid. The U.S. National Institute of Standards and Technology (NIST) have released 537 pages of guidelines on how to protect the smart grid from attack. Will throwing money and policies at the problem make it go away or really fix it?
Only time will tell if the smart grid is the best thing since sliced bread, the next Stuxnet worm nightmare, or perhaps somewhere in-between. Wardriving the Smart Grid sums it up nicely by quoting Charles Palmer, director of IBM's Institute for Advanced Security, "The truth is also that a well-placed squirrel can wreak almost as much havoc as a cyber attack on a power grid." To which Shawn Moyer responded on the Net, "We must find this well-placed squirrel, and ensure that it never falls into the hands of our enemies."