Smart gridHow vulnerable is the smart grid?

Published 3 December 2009

The smart grid is a theoretically closed network, but one with an access point at every home, business, and other electrical power user where a smart-grid device is installed; those devices, which essentially put the smarts into the grid, are computers with access to the network; in the same way attackers have found vulnerabilities in every other computer and software system, they will find vulnerabilities in smart-grid devices

The Obama administration has awarded some $4 billion to companies engaged in developing a smart electrical grid for the United States. How safe, though, will the smart grid be? Ira Winkler, president of Internet Security Advisors Group and author of the book Spies Among Us, writes that given the level of denial within power companies that are gearing up for the smart grid, he would say the United States can expect a lot of harm as a result of the deployment of the new grid.

Hackers certainly have the means, and they do not lack for motivation — terrorism, extortion, piracy, or just sheer orneriness — to inflict such harm.

In theory, potential attacks are limited only by the functions of the devices. Essentially, the devices can be turned against themselves and the entire power grid. Winkler highlights some of the things he foresees as quite within the realm of possibility:

1. Cutting electricity to all homes and businesses. A custom worm could shut down the power grid. Smart-grid devices generally track the electricity flowing into a building, but they can also be programmed to stop the flow of electricity into a building. A hacker could exploit that capability to interrupt the flow of electricity or implement a service cancellation message, and could even design a worm that would seek out other systems to infect. Before you know it, no one on the network would be able to receive power.

2. Overburdening the grid. A critical function of the smart grid is to better manage the flow of electricity through the system. This is supposed to provide for load balancing. Smart-grid devices are designed to detect when more power is needed so that power can be generated and delivered. Devices that are tricked into indicating that more power is needed when it isn’t could overburden the system, cause power shortages in some areas and create worse problems for areas being fed too much power.

3. Causing brown-outs. The devices could be directed to do the opposite, so that they tell the system that less electricity is needed. The