Smart Grids and Security


Smart grid technology offers tremendous financial and environmental benefits. There is a problem, however: It may not be secure.

The Washington Post's Brian Krebs writes that smart meters-the elements of the smart grid that are installed in homes and businesses to manage power consumption with intelligence-are thought to have significant security problems. Says Krebs:


...[S]ecurity researchers have found that these devices often are the weakest link in the smart-grid chainMany such systems require little authentication to carry out key functions, such as disconnecting customers from the power grid.

The potential problems are drawing attention because smart grids will be significant beneficiaries of funding from the broadband element of the stimulus bill. At the BlackHat security conference two weeks ago in Las Vegas, Tony Flick, the principal of FYRM Associates, delivered a presentation that suggested that the government shouldn't use the same process as it did when it created the Payment Card Industry Data Security Standard (PCI DSS). These rules, he says, are too vague and mistakenly allow the industry to police itself.

earth2tech's Katie Fehrenbacher discusss a second BlackHat presentation that, apparently, was more of a hands-on demonstration than Flick's assessment of the evolution of security rules. IOActive, a penetration testing firm, discussed a proof-of-concept it has written for a worm capable of infiltrating smart meters. The piece says that the IOActive folks-who are offering a podcast on the subject at the end of the month -- scoff at the level of security of current smart meters. The obstacle to fixing the problem before it explodes is cost, as it so often is. It simply is more expensive to build a secure smart meter. Not doing so, according to the piece, is penny wise and pound foolish, according to Fehrenbacher:


Studies show that overall project costs are 60 times higher when gaps in information security controls are addressed late in the development cycle, as opposed to projects where security is implemented in the design phase.


The industry must confront these concerns sooner rather than later, since smart grid/smart meter rollouts are accelerating. The Washington Post story cites numbers from the Edison Foundation's Institute for Electric Efficiency that say that there are 8 million smart meters in use today, but that the number will increase by more than a factor of six to 50 million in just 24 states in two years.


Thus, the announcement today that Echelon Corp. has said that it signed an agreement to provide gear to Duke Energy Corp. is not surprising. The initial order, which sets deliveries to start at the end of the quarter, is for $15.8 million. The total value of the deal could reach $150 million, Reuters says.