Opinion
Opinion: The hackability of the smart grid
By Ira Winkler
December 2, 2009 09:21 AM ET
Computerworld - What can harm you most? That for which you are least prepared. Given the level of denial within power companies that are gearing up for the smart grid, I'd say we can expect a lot of harm to be heading their way.
I've been thinking about this because a state government CISO recently told me that he worries a lot about the smart grid and the tremendous damage that could result if it were exploited. But when he has sounded the alarm, other people in the government have said they don't see how hacking the smart grid could cause much damage.
The evidence that I have seen says otherwise.
Hackers have the means, and they don't lack for motivation, be it terrorism, extortion, piracy or just sheer orneriness.
The means are simple enough. The smart grid is a theoretically closed network, but one with an access point at every home, business and other electrical power user where a smart-grid device is installed. Those devices, which essentially put the smarts into the grid, are computers with access to the network. In the same way attackers have found vulnerabilities in every other computer and software system, they will find vulnerabilities in smart-grid devices.
In fact, they already have, with a security consultancy demonstrating the vulnerability. In theory, potential attacks are limited only by the functions of the devices. Essentially, the devices can be turned against themselves and the entire power grid.
Here are some of the things I foresee as quite within the realm of possibility:
1. Cutting electricity to all homes and businesses. A custom worm could shut down the power grid. Smart-grid devices generally track the electricity flowing into a building, but they can also be programmed to stop the flow of electricity into a building. A hacker could exploit that capability to interrupt the flow of electricity or implement a service cancellation message, and could even design a worm that would seek out other systems to infect. Before you know it, no one on the network would be able to receive power.
Consider the 2003 power failure in the Northeast U.S. In the early hours of the outage, speculation was rampant that terrorists were to blame. There was a collective sigh of relief when Homeland Security Secretary Tom Ridge formally declared that the event was not terrorist-related. While it baffles me that it is more comforting for people to think it is OK for the power to go out for no good reason at all, that event demonstrated that even the specter of terrorism can cause a psychic blow to the country.
Free Insider Guide