Smart grid attack likely

Published 26 February 2010

The smart grid’s distributed approach exposes these networks and systems, especially in the early phases of deployment; the communication among these networks and systems will be predominantly wireless and it is assumed they will be sniffed, penetrated, hacked, and service will be denied

The Project Grey Goose Report on Critical Infrastructure says attacks against the power grid are expected to increase over the next year. GreyLogic CEO Jeffrey Carr, who wrote the report, says since 2001 there has been “at least 120 instances” where utilities have already been the target of cyber hackers. The report warns that number may increase as the transition from isolated, closed energy-generation and transmission networks to IP-based and wireless ones increases as more smart grid projects are undertaken.

The report also identifies the most likely threats will come from hackers in the Russia, Turkey, and China. “I perceive Russia as the most serious threat and China last,” Carr says. “That’s because hackers from China are more likely to hack for espionage purposes than to disrupt the grid.”

Smart Meters quotes Doug Preece, senior manager for smart energy services at Capgemini, says the transition is “window of opportunity for malicious intent…The penetration of these devices is going to dramatically increase in numbers in the next 12 months, and then it’s going to plateau.” He also calls the advance of the smart grid a “watershed event” because traditionally meters “have been separated from all other information networks, and lot of their security relied on isolation. A closed communications network was difficult to breach.”

Preece also noted that the smart grid’s distributed approach exposes these networks and systems, especially in the early phases of deployment. Once installed, however, the devices’ built-in security will offer better protection. “Their communications will be predominantly wireless and it’s assumed they will be sniffed, penetrated, hacked, and service will be denied,” Preece says. “So we’re designing mitigation techniques and security to address these things.”

Eric Knapp, vice president of technical marketing for NitroSecurity, says hackers will come in two distinct groups. The first are those customers who will try to hack the system to manipulate his electric bill. The more dangerous group are those whose intent is to “compromise the smart grid and then controlling the distribution of power.”

SmartMeters notes that part of the report’s purpose is to point out the potential risks of smart meters if appropriate security measures are not undertaken says Patricia Titus, chief information security officer for Unisys Federal Systems. “When you look at the architecture in the company, you see a cloud touching that SCADA network…to the corporate network so they can get emails on the same system as SCADA. You’ve just inherited vulnerabilities right there.

Capgemini’s Preece points out that the smart grid won’t make the power grid more vulnerable; just more open to vulnerabilities.

The [traditional] power grid today is extremely vulnerable. I could turn off the lights in a major metropolitan area, and they would not come back on for a very long time. You don’t need a computer — just something you could buy at your local hardware store…. Putting a smart meter on everyone’s home doesn’t make the grid more vulnerable. It just opens up another [potential hacking] window that requires a higher level of sophistication.