Smart Security on the Grid

10 June 2010 (Last Updated June 10th, 2010 18:30)

A security breach could easily gridlock the smart grid. But with careful thought, such risks can just as easily averted. By Phil Thane.

Smart Security on the Grid

‘Smart grid’ is a convenient phrase that covers a wide range of convergent technology: smart meters that will give consumers much more information about their energy use, and enable them to earn money from feed-in-tariffs for microgeneration; remote meter reading and online billing that will do away with manual meter reading and estimated bills; differential pricing for peak periods; smart load shedding, which will allow energy providers to cut off certain types of appliance when loads are high while preserving essential services; and distributed storage using, for example, consumers’ electric vehicles to boost the grid at certain times.

In Germany all new houses are already required to have some sort of microgeneration system built-in, and suppliers have to be able to deal with that. Similar schemes are now spreading across the EU.

The communication, the ‘smartness’ of the grid, will be handled in these using internet protocols (IP), either by fitting ethernet and/or Wi-Fi systems into meters and appliances so they can connect to a household’s normal internet connection, or more radically by merging smart grid technology with broadband over powerline (BPL) technology. The latter has the obvious benefit of being wholly under the control of the grid operator and can be applied even to households that do not have an ADSL or a fibre-optic internet connection.

This is the bases of the ‘super grid’, which refers to continental scale grids that will enable current to be shifted from coast-to-coast across the US or from Portugal to Poland across the EU as demand varies. Super grids will use high-voltage DC to avoid the capacitative losses associated with AC transmission and they will potentially also create a security nightmare.

Attacking the grid

“Today, attacks on computer networks range from trivial to serious and possibly deadly.”

Today, attacks on computer networks range from trivial to serious and possibly deadly. Scarcely a week goes by without some red-faced company having to admit its website has been defaced or their system has been compromised and important user details stolen – a situation commonplace around the world.

With this in mind, what risk is posed to a smart grid reliant on the internet?

At one end of the scale, the threat will exist with the user. The temptation to reduce consumption to boost feed-in-tariffs will have an obvious appeal to the dishonest. Not so amusing is the idea of a terrorist group or unfriendly foreign power taking control of a super smart grid. Why take on the might of NATO when a handful of hackers on the other side of the world can disrupt EU and US life?

The Wall Street Journal reported last year that “cyberspies” have already penetrated the US electrical grid, leaving behind software programs that could be used to disrupt the system. So just how big is the security risk for a smart grid?

The real smart grid threat

For IT vendors, security not only holds a challenge but a business opportunity when it comes to the smart grid. US network specialist Cisco announced a plan last year to bring its expertise to the smart grid market. It is not alone. IBM has launched a range of embedded software applications for the grid that will communicate through the internet, and General Electric and various start-up firms are also bidding to capture a slice of the smart grid market.

“There are steps that can and should be taken to avoid such security risks.”

Cisco’s system, being designed now, is different from many other systems in that it will send IP data down the power lines rather than using the internet. This provides an added layer of security, but doesn’t make the system infallible. A skilled hardware hacker could still target a smart meter somewhere on the grid. At a Black Hat (hackers) conference last year security consultant Mike Davis from IOActive presented proof-of-concept code for a worm that spread from smart meter to smart meter.

IOActive’s Joshua Pennell says smart meters lack the security protections that are standard on modern computers and networks. He says IOActive’s tests uncovered a range of vulnerabilities and programming errors that could be used to create malicious software. IOActive demonstrated that if an attacker installed a malicious program on one meter, that meter would communicate with adjacent meters, spreading the worm until all devices in the area are infected. The attacker could then disconnect customers, change calibration constants, customer data or render the meters non-functional.

At the very least the meters would then need a firmware update, but it is quite likely that an attack will disable the update mechanisms, making it impossible to do a remote repair. If the meters supported remote disconnect functionality the attacker would probably instruct them to disconnect service to individual customers or an entire service area. If that happens the supplier will need time to develop a ‘patch’ and deploy it manually – or replace the meters if they can not be salvaged.

Ensuring smart grid scurity

IOActive says it believes there are steps that can and should be taken to avoid such security risks. In the US the American Recovery and Reinvestment Act of 2009 stipulates that to receive stimulus money each utility must present its plan for cybersecurity. It is to be hoped that European energy ministers currently working for the building of an EU-wide grid will put something similar in place.

IOActive says vendors should adopt a secure development lifecycle (SDL) to guide and govern the release of products that are better able to withstand malicious attacks under guidelines that should be set for security. This could actually save the manufacturers money if done now. Studies show that project costs are 60 times higher when information security control gaps are addressed late in development. Using an SDL process, vendors could treat security as an integral feature rather than an afterthought. An SDL could also help meter vendors correct design flaws and employ the most basic rule of security: layer your defences. Current designs often ignore basic security practices, such as authentication and encryption.

The good news is there is still time. Utility companies are gradually rolling out smart meters and other smart grid technology. So far there isn’t much to see or much to worry about. By increasing the focus on necessary security and privacy protocols, utilities and customers will benefit, however, from the smart grid of the future, while still maintaining the safety and integrity of the critical infrastructure.