RESEARCH TRIANGLE PARK, N.C. – and metering giant unveiled a partnership Friday for “smart grids” around the globe, but a security consultant is urging caution about the rapidly growing technology for utility firms.
Mike Davis, who works at IOActive in Seattle demonstrated at the in Las Vegas could hobble a smart grid network.
In the case of the power grid, better communication between utilities and the meters at individual homes and businesses raises the possibility that someone could control the power supply for a single building, an entire neighborhood, or worse.
Davis compared the security of the nascent smart grids to the early days of the personal computer
"Every time we redesign a new technology like this, we’re doomed to relive the ’80s and ’90s all over again and the same vulnerabilities," he said.
Davis demonstrated how a computer worm could hop between the meters at homes and businesses in a smart grid network. The worm could give miscreants remote control of the meters, which would let them take advantage of a utility’s ability to, for example, disconnect someone’s power for not paying his bill.
The key vulnerability was found in devices made by only one manufacturer, a company that Davis did not name. But he said the worm could have spread to other manufacturers’ products that used the same communications technologies and can be used to remotely disconnect people’s power.
To get the computer worm going, a hacker might have to get physical access to one of the meters in order to program it with malicious code. That could start a chain reaction in which the worm spreads meter to meter over the grid’s communication network. This hack might also be done remotely, Davis said, if the traffic on the network isn’t encrypted, which means it’s not cloaked in special computer coding so outsiders can’t read it.
Davis compared the security of the nascent smart grids to the early days of the personal computer.
The race to build a "smarter" electrical grid could have a dark side. Security experts are starting to show the dangers of equipping homes and businesses with new meters that enable two-way communication with utilities.
There are many benefits to upgrading the nation’s electricity networks, which is why a smart-grid movement was already revving up before the recent economic recovery package included $4.5 billion for the technology. Smarter grids could help conserve energy by giving utilities more control over and insight into how power flows.
Other presentations at the Black Hat and DefCon security conferences this week also highlighted potential problems with moving too fast.
The risks are similar to what happens when computers are linked over the Internet. By exploiting weaknesses in the way computers talk to each other, hackers can seize control of innocent people’s machines.
Cisco, meanwhile, and Landis+Gyr, which is based in Switzerland, said they would deliver “standards-based solutions for the energy industry and facilitate the integration of existing capabilities with renewable power sources, plug-in vehicles and distribution automation functionality.”
Landis+Gyr and Cisco didn’t disclose financial terms of their partnership.
"As the largest global player in electricity metering with one of the broadest portfolios of products and services, we believe that working with Cisco to establish an interoperable infrastructure will empower utilities and consumers to improve their energy efficiency, reduce their energy costs and thus contribute to a sustainable use of resources." said Andreas Umbach, president and chief operating officer of Landis+Gyr. "I believe this agreement is key for both companies. Together we have the opportunity to shape, in a meaningful way, the evolving smart grid."