Itron is testing the security of its smart meters in a project with the Department of Energy’s Idaho National Laboratory.  Itron has agreed to let the laboratory assess the security of its products so the company can address them.  Experts say security is currently a hot topic throughout the smart grid industry.

The move by Itron, the world’s biggest smart meter manufacturer, will ensure that the smart grid of the future is tamper-proof.  Other companies, the government, and industry groups are all interested in developing best practices for a secure smart grid.

Recent media reports detailing the potential for a smart grid to be hacked have made security a hot topic as has the Obama administration’s focus on IT security of all kinds.

President Obama referred to smart grid security as a primary reason for creating the new “cybersecurity czar” position at the White House.  This followed a string of news reports stating that foreign entities had hacked the power grid.  

IOActive, the cybersecurity firm, claimed it had proven it could hack a smart meter system and effectively control it to increase or decrease power to millions of homes at the same time.  According to IOActive security consultant Mike Davis, most smart meter systems use no encryption or authentication processes at all.

Rich Creegan, vice president of marketing at Itron, denies Davis’ claim.  Itron has collaborated with Certicom, the cybersecurity provider, to integrate encryption into its products and has developed a “trust centre” architecture for its smart meter networks that are “diligently locked down with certification and authorization, in our opinion to the highest security levels available.”

Additionally, Itron is working with Industrial Defender to address hacking concerns.  Industrial Defender is “the watchdog, minding the perimeter, so to speak, and makes sure the right people are getting into the right places,” said Creegan.

If smart meters were accessible they certainly could be taken exploited to send out malicious signals.  Utilities will be entering the digital age after using conventional hardware for more than a century.

“When you are embedding intelligence, when you are providing two-way command and control then you need to be very diligent about the way you’re putting assets out at the edge of your security system,” explained Creegan.

Erfan Ibrahim, power delivery technical executive at the Electric Power Research Institute, agreed that smart meters are not devoid of security measures.  “It’s not true that smart meters are being put up without any meter-to-meter authentication and encryption,” he said.  “It’s just not happening.”
Ibrahim believes that IOActive may have been considering security loopholes that were discovered in pilot projects which are meant to be testing grounds for new systems.

“I don’t want to suggest that we’ve solved the cybersecurity problem,” he said, adding that “these elementary things that grade-level hackers are going to do, have been covered.  Now we’re talking about sophisticated scenarios where the hacker really knows the system and could exploit the vulnerabilities.”

The toughest security challenges are within a utility company.  “The biggest challenge we see from our customers is [guarding against] the malicious and non-malicious attempts from inside the perimeter of the network,” said Todd Nicholson of Industrial Defender.  Nicholson added that running the power grid from end-to-end over an IP network does open up the potential for hacking.

Itron
2111 N Molter Road
Liberty Lake, Washington 99019
United States
http://www.itron.com

IOActive
701 5th Avenue, #6850
Seattle, WA 98104
http://www.ioactive.com

Certicom
5520 Explorer Drive
4th Floor
Mississauga, ON
http://www.certicom.com

Industrial Defender
16 Chestnut Street, Suite 300
Foxborough, MA  02035
http://www.industrialdefender.com

Electric Power Research Institute
3420 Hillview Avenue
Palo Alto, California 94304
http://my.epri.com
© smartmeters.com. No Reproduction without permission.