Smart Grid May Need Security Tutoring

Tuesday, 09 March 2010 11:01

0 Comments

Smart meters have the potential to both lower electrical costs for consumers around the world and promote emerging M2M applications for the corporate world. But at last week’s RSA Security Conference is San Francisco, a panel of experts also outlined some key areas of vulnerability for IP-based smart grids.

Matthew Carpenter, a senior security analyst at InGuardian, says meters are particularly susceptible to “cross-site request forgery” on control systems, where an authentication cookie used to access a utility-controlled system is retrieved by a hacker. Other areas of vulnerability are the remote shut-off capability in smart meters and aggregation points that receive the data from large groups of meters.

“In some circumstances, they’re simply going to give you a denial-of-service if you tamper with them because the crypto is done appropriately from the head-end control system down to the meters and the aggregation point really can’t tinker much with it,” Carpenter explains. “But in other [cases] there’s a great deal of control that that aggregation point has.” Plus, he adds, “they are sitting on the top of a [utility] pole, not in a brick building with guard dogs and razor wire. And [they have] an ethernet cable.”

Just how much damage could be caused by hacking into the smart meters before secondary security kicks in wasn’t addressed but the specter of a major infrastructure shutdown, identity theft of customers or tapering with billing has prompted utilities to make security one of the top priorities going forward in 2010.