How vulnerable is the smart grid?

resulting brown-outs throughout large areas would be an inconvenience, but worse would be the psychological effect on people once they learned that the grid has succumbed to a malicious attack.

>4. Having the smart-grid devices attack the grid itself. In theory, the dumb power grid as a whole is a closed network. Therefore, denial-of-service (DOS) attacks against the SCADA systems that control the power grid are not likely to be very successful. “Make the grid smart, though, by adding millions of smart-grid devices that are susceptible to worms and are each an access point to the entire grid, and the potential for launching distributed denial-of-service attacks grows tremendously,” Winkler writes. The actual effect on the power grid would depend on which SCADA systems are attacked.

There is the potential for terrorism-related DDOS attacks, but as with the Internet, extortion is even more likely. It has already happened in Brazil, where extortionist hackers exploited vulnerabilities in the power grid to cause large-scale outages (see “Cyber Attacks Caused Power Outages in Brazil,” 10 November 2009 HSNW). This sort of thing just becomes a lot easier when smart-grid devices are added to the mix.

<5. Getting free service. Once the grid becomes hackable, power pirates gain the means to manipulate devices so as to underreport electric usage.

6. Undermining confidence. A terrorist, or just someone with a grudge against someone, should be able to cause devices to over-report usage. Someone who targets a few specific users for this might go undetected, but anyone who wanted to sap public confidence in the power company or its smart grid could cause widespread over-reporting. This is a very real possibility, and in fact, Pacific Gas & Electric is slowing down its smart-grid implementation because of a class-action lawsuit claiming that smart grid devices cause overbilling

Winkler writes that these are just the most obvious attacks, and that he can think of many more that are conceivable, and a few that do not seem viable but still might be manageable by a really smart hacker.

There has already been a proof of concept for such attacks. “More importantly, the smart grid provides more than enough access for someone to launch large-scale attacks, and there will be tremendous resources put toward compromising the technology,” he writes. “Much like the early Internet, the technology is being rolled out much faster than the security issues have been reasonably studied and addressed.”