When Smart Meters Get Hacked: The Nightmare Scenario

donderdag, 12 juni 2014 - Categorie: Berichten Internationaal

Bron: www.takebackyourpower.net/news/2014/06/10/smart-meter-nightmare-scenario/ .
10 juni 2014

by K.T. Weaver, Guest Writer for Take Back Your Power
Nick Hunn at Creative Connectivity is a wireless technology expert who is quite skeptical of the purported benefits of smart meters and the current level of smart grid system security. He recently wrote an article entitled, “When Smart Meters Get Hacked” (June 8, 2014).

What follows are some selected quotations from his article dealing primarily with the smart meter “feature” of remote disconnect:

“There‘s a lot of talk about grid security and data privacy in the energy industry, but very little about the consequences of what happens if smart meters go wrong. By going wrong, I don‘t just mean people attempting to hack their meters to reduce their bills. That will probably happen. I‘m more interested in the nightmare scenario when several million electricity meters suddenly disconnect.

Whenever I’ve asked a utility about what they’d do if a million meters disconnected, the only response I’ve had is a puzzled look and the reply that ‘that can’t happen’. It probably won’t, but it could. If it does, the economic effect on the country would be disastrous. It’s probably the most effective terrorist attack available. …

In theory only the utility has access to the relay in your meter and they claim to have a secure system. But that’s not strictly true. There is a threat where a rogue programmer working for the meter manufacturer could insert some additional code which would disconnect the meter at a specified day in the future. That threat is very low but maybe not as low as it should be. If this happens, the consequences are catastrophic.

All they need to do is to insert a few lines of code into the firmware for a smart meter which will disconnect the meter at some specific time in the future. For best effect, they’d set that to be during a peak time, … The code needs to disconnect the power at that point and also disable the remote connection back to the utility, so that they can’t communicate with the meter to try and restart it. A competent programmer should be able to write that in about ten minutes. As the same code goes into all millions of meters from each supplier, millions would turn off together.
Bringing power back after one of these events is difficult. If enough power stations have shut down, the grid needs to perform what’s called a black start. …
Which brings us back to the underlying issue. Has anyone ever looked at the balance of risk between the convenience of being able to remotely disconnect a meter, and the potential of that being misused to destroy the entire national grid? … It’s time somebody stood back and asked ‘What if?’”

For the complete article, refer to: www.nickhunn.com/when-smart-meters-get-hacked

Nick Hunn has also written a Creative Commons work, entitled, “Smart Metering is FUCKED.” Here are a few of quotes from this document:

“Even when smart meters are deployed, there is no evidence that any utility will use the resulting data to transform their business, rather than persecute the consumer. At a recent US conference a senior executive for a US utility which had deployed smart meters, stated that their main benefit was ‘to give them more evidence to blame the customer’. That’s a good description of the attitude displayed by our utilities. …

There is an obsession to make ‘smart’ meters do things which are far better done over other channels, such as demand response and consumer engagement. But because the industry is so technically backward, it’s picked an architecture that is several decades out of date and which cannot deliver the information in the way which customers want. Today consumers have smartphones. They want the same sort of smart experience from their utility. Instead they’re going to get a retro ‘70’s technology experience, whilst paying twenty-first century prices for it. It’s a back to front world, where utilities are leading the Government down a path that it and consumers will regret. …

The real risk comes when every meter is capable of disconnecting the user. Simply reading meters generates privacy and billing issues, but the damage is likely to be restricted to a number of individuals. When you allow remote disconnections, the risk moves to another dimension. The paper ‘Who controls the off switch’ 17 highlights the risk of a hacker or disgruntled employee turning off a large number of meters. That sudden change would cause immense damage to the grid and components within it, as well as removing power from millions of users. The resultant cost would be immense. As the paper explains, ‘this is the cyber equivalent of a nuclear strike; when electricity stops, then pretty much everything else does too.’”

17 “Who Controls the Off Switch,” by Ross Anderson & Shailendra Fukoria, Cambridge University, www.cl.cam.ac.uk/~rja14/Papers/meters-offswitch.pdf .

To more fully quote the paper referenced by 17 above:

“From the viewpoint of a cyber attacker – whether a hostile government agency, a terrorist organisation or even a militant environmental group – the ideal attack on a target country is to interrupt its citizens’ electricity supply. … Until now, the only plausible ways to do that involved attacks on critical generation, transmission and distribution assets, which are increasingly well defended. Smart meters change the game.”

“Electricity and gas supplies might be disrupted on a massive scale by failures of smart meters, whether as a result of cyberattack or simply from software errors. The introduction of hundreds of millions of these meters in North America and Europe over the next ten years, each containing a remotely commanded off switch, remote software upgrade and complex functionality, creates a shocking vulnerability. An attacker who takes over the control facility or who takes over the meters directly could create widespread blackouts; a software bug could do the same.”

Lack of forethought and misguided objectives in deploying smart meters could very well result in the nightmare scenario described above in the not too distant future. There may still be time to turn back and avoid catastrophic outcomes, but the government, utilities, and the smart grid industry do not yet appear willing to protect us or themselves against catastrophic events.

It is still up to us to help others make decisions and implement Solutions to avoid the calamities that remain ahead.

Also see these blog posts from K.T. Weaver on the topic of smart grid cyber threats:

- Smart Grid Cyber Security in a State of Chaos and Deteriorating
smartgridawareness.org/2013/09/29/smart-grid-cyber-security-in-state-of-chaos/ .

- Cyber Threat To Get Much Bigger With Smart Grid
smartgridawareness.org/2013/05/06/cyber-threat-to-get-much-bigger-with-smart-grids/ .

- Overall Smart Grid Vulnerability
smartgridawareness.org/privacy-and-data-security/smart-grid-vulnerability/ .

About the Author
K. T. Weaver is a health physicist who was employed in the nuclear division of a leading electric utility for over 25 years. He served in various positions, including Station Health Physicist, Senior Health Physicist, corporate Health Physics Supervisor, and corporate Senior Technical Expert for Radiobiological Effects. K.T. Weaver has earned a B.S. in Engineering Physics and an M.S. in Nuclear Engineering with a specialty in radiation protection.

Lees verder in de categorie Berichten Internationaal | Terug naar homepage | Lees de introductie