Hacking and Cypersecurity
|
As a wireless computer, the Smart Meter on your home can be hacked and perhaps even exposed to viruses and malware in the grid software.
Wirelessly connecting all of our utilities (water, gas and electric) on a Smart Grid makes us vulnerable to hackers and cyber attacks. Foreign enemies have attempted to map our infrastructure, such as the electrical grid. Former CIA Director James Woolsey calls the Smart Grid "really, really stupid". Testifying on Capitol Hill in Feb. 2011 before the House Permanent Select Committee on Intelligence current CIA Director Leon Panetta, "The potential for the next Pearl Harbor could very well be a cyber-attack,". |
"All Your Devices Can Be Hacked" --Avi Rubin, Professor of Computer Science at Johns Hopkins University
|
Hacking Your Home
Computers can be hacked. Wireless computers can be hacked remotely. And because your electric meter has gone from innate gears and wheels to a two-way transmitting computer complete with motherboard, chip, flash memory, radio controls, trace hardware using ZigBee networking technology on the OpenWay smart grid and advanced metering infrastructure (AMI) it can be hacked as well.
Furthermore, using an Itron belt clip radio and a laptop with specialized software any hacker can perform "contingency reading, field programming, field investigations, remote disconnect and reconnect operations and firmware downloads."
Computers can be hacked. Wireless computers can be hacked remotely. And because your electric meter has gone from innate gears and wheels to a two-way transmitting computer complete with motherboard, chip, flash memory, radio controls, trace hardware using ZigBee networking technology on the OpenWay smart grid and advanced metering infrastructure (AMI) it can be hacked as well.
Furthermore, using an Itron belt clip radio and a laptop with specialized software any hacker can perform "contingency reading, field programming, field investigations, remote disconnect and reconnect operations and firmware downloads."
|
Hackers Talk Hacking A Smart Meter
"In the information security business, it seems you can't open a journal or blog site without being inundated with articles about SmartMeters and AMI. There is a lot of speculation and FUD on this topic. There are claims of wormable code and full carnal pwnage. What are the facts? What can you really do to hack a meter, and what does that gain you? This talk will examine the vulnerability points of a typical meter and the systems that support it. Will you be able to hack a meter by the end of this talk? Maybe, maybe not. It depends on how smart you are I guess. What you WILL get out of this talk is a sense of the security realities that adding two-way communication and shutoff switches to the meter on the side of your house brings, along with the ability to tell if the talking head on is full of sh*t or not. Oh yes, I'll also be poking fun at the Tin Foil Hat crowd. If you don't know who that is, come to the talk." --Youtube description (10/2011) |
If you have enough time, motivation, and resources a Smart Meter can be hacked (see video at 43:00), says Robert Former Principal Security Engineer at Itron (SCE's Smart Meter manufacturer).
|
Hacking the Nation's Smart Grid
The remote shut-off capabilities are also causing cyber experts to question the grid's safety. Former CIA Director James Woolsey states that the Department of Energy is "spending $30 million a year staying ahead of these cyber security challenges" and he questions whether this is enough. Of course, he doesn't believe it is and concludes by calling the Smart Grid "really, really stupid".
Why are we then pushing forward with a Smart Grid when experts in the field of State security question the sufficient "protective measures" that are in place?
The remote shut-off capabilities are also causing cyber experts to question the grid's safety. Former CIA Director James Woolsey states that the Department of Energy is "spending $30 million a year staying ahead of these cyber security challenges" and he questions whether this is enough. Of course, he doesn't believe it is and concludes by calling the Smart Grid "really, really stupid".
Why are we then pushing forward with a Smart Grid when experts in the field of State security question the sufficient "protective measures" that are in place?
"But even more pressing and immediate, in terms of vulnerabilities, is the remote shut-off capability in smart meters. Digital smart meters have an electronic disconnect switch that allows the utility company to shut down electricity remotely. (Matthew) Carpenter, (senior security analyst at InGuardian) asked PG&E’s Bromberger directly, 'Why not think about disconnecting the disconnect switch until we figure out more of what we’re dealing with?'" He continues, "...most of the 2.2 million second-generation electric SmartMeter meters are capable of remote connect/disconnect.'”
"With regard to vulnerabilities in general, the panelists acknowledged that new vulnerabilities would always arise in smart systems no matter how well the systems are designed. The important thing is to make compromise as painful and time-consuming a process as possible to deter or delay an attacker and implement processes for adequate detection and response so that when a compromise does occur, utility companies can do something swiftly to limit the damage." --- Wired.com, March 2, 2010
News Articles and Publications
Cyber Security of Power (Smart) Grid in 'Near Chaos' where "attackers clearly have the upper hand,” says the report from Pike Research --- Ottawa Citizen, Nov. 2011
Federal authorities are concerned about new research showing U.S. prisons are vulnerable to computer hackers, who could remotely open cell doors to aid jailbreaks. --- Washington Times, Nov. 2011
Report published by the National Institute of Standards and Technology, an agency of the U.S. Department of Commerce describes potential risks associated with the evolution of the Smart Grid including:
Security Pros Question the Deployment of Smart Meters --- Wired Magazine, March 2010
Electricity Grid in U.S. Penetrated By Spies 'The Chinese have attempted to map our infrastructure, such as the electrical grid,' said a senior intelligence official. 'So have the Russians.' 'Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies', officials said.Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet. --- Wall Street Journal, April 2009
Federal authorities are concerned about new research showing U.S. prisons are vulnerable to computer hackers, who could remotely open cell doors to aid jailbreaks. --- Washington Times, Nov. 2011
Report published by the National Institute of Standards and Technology, an agency of the U.S. Department of Commerce describes potential risks associated with the evolution of the Smart Grid including:
- Greater complexity increases exposure to potential attackers and unintentional errors;
- Networks that link more frequently to other networks introduce common vulnerabilities that may now span multiple Smart Grid domains and increase the potential for cascading failures;
- More interconnections present increased opportunities for “denial of service” attacks, introduction of malicious code (in software/firmware) or compromised hardware, and related types of attacks and intrusions;
- As the number of network nodes increases, the number of entry points and paths that potential adversaries might exploit also increases; and
- Extensive data gathering and two-way information flows may broaden the potential for compromises of data confidentiality and breaches of customer privacy, and compromises of personal data and intrusions of customer privacy. ---Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security, Sept. 2010
Security Pros Question the Deployment of Smart Meters --- Wired Magazine, March 2010
Electricity Grid in U.S. Penetrated By Spies 'The Chinese have attempted to map our infrastructure, such as the electrical grid,' said a senior intelligence official. 'So have the Russians.' 'Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies', officials said.Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet. --- Wall Street Journal, April 2009