Major concern over smart grid security

Newly allocated funds for the smart grid have resulted in new technologies being distributed across the U.S., but smart grid security remains a major area of concern for security experts.

09/10/2009


The American economic stimulus package allocated $4.5 billion for an upgraded electricity delivery system. The funding for new smart grid technologies has resulted in several million networked meters being distributed in the United States.

The vision of the smart grid promises to combine the power of distributed computing with highly fault-tolerant data communications to deliver real-time distribution of power. Within this infrastructure, smart meters represent an important piece of the end-point distribution segment of the smart grid.

However, critics of the new system say that the new system presents major security problems. Mike Davis, a senior security consultant at IOActive-a research company based in Seattle-gave a presentation at the 2009 Black Hat Briefings on a proof-of-concept cyber attack that could potentially allow an attacker to shut off large numbers of meters remotely. Davis and a team of IOActive researchers developed proof-of-concept malicious code that self-propagated in a peer-to-peer fashion from one meter to the next.

Highlights from Davis' presentation are below:

A. Attacking Memory

To hack into a smart meter through hardware, an attacker first needs to determine the programming that runs it, says Travis Goodspeed, an independent security researcher who specializes in wireless sensor networks. If the meter hasn't been built with protective features, a hacker can use syringes to insert a needle into each side of the device's memory chip. The needle serves as a probe to intercept the electrical signals in the memory chip. By analyzing these signals, the hacker can deduce the device's programming. Even if the meter includes security features, he says, it may be possible to extract the information using customized tools.

B. Digital Radio

The smart meter's two-way radio chip allows the device to be read remotely and to receive commands over the network. The software in the chip contains security codes that an attacker who's cracked the meter's programming can use to get on the network and begin issuing commands. Goodspeed has shown that the codes can be extracted using syringes in a process similar to the attack on the memory.

C. Accessing the Meter

One way to hack into a smart meter is through its wireless networking device, says David Baker, IOActive's director of services. An attacker can use a software radio, which can be programmed to emulate a variety of communications devices, to listen in on wireless communications with the network and deduce over time how to communicate with the meters. Another method, Baker says, is to attack the hardware. An attacker could steal a meter from the side of a house and reverse-engineer it. This method, he says, while inexpensive, does require a good knowledge of integrated circuits.

D. Spreading Malware to the Network

With access to one smart meter's programming and codes, Baker says, someone can communicate with all the meters of the same brand that are connected to the network. To demonstrate his attack, Davis crafted a piece of malware that could self-replicate to other meters, allowing an attacker to shut them down remotely. In simulations, Davis showed that if his worm were released in an area where all the houses were equipped with the same brand of meter, the worm could spread to 15,000 homes in the space of 24 hours.

E. Measuring Electrical Usage

 

At the heart of a smart meter are the sensors that measure energy usage. Unscrupulous individuals have long tried to save money on their electric bills by interfering with a meter's ability to accurately report how much energy has been consumed. That type of fraud may still be possible on a smart meter, though many of the devices are designed to protect against the mechanical methods traditionally used.



No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
2017 Lubrication Guide; Software tools; Microgrids and energy strategies; Use robots effectively
Prescriptive maintenance; Hannover Messe 2017 recap; Reduce welding errors
Safety standards and electrical test instruments; Product of the Year winners; Easy and safe electrical design
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Diagnostic functions for system safety; Specifying industrial enclosures; Effective decision support for a crisis
Transformers; Electrical system design; Selecting and sizing transformers; Grounded and ungrounded system design, Paralleling generator systems
Natural gas for tomorrow's fleets; Colleges and universities moving to CHP; Power and steam and frozen foods

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
The maintenance journey has been a long, slow trek for most manufacturers and has gone from preventive maintenance to predictive maintenance.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Maintenance Manager; California Oils Corp.
Associate, Electrical Engineering; Wood Harbinger
Control Systems Engineer; Robert Bosch Corp.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me