The Washington Post
‘Smart Grid’ Raises Security Concerns
By Brian Krebs
Updated: Tuesday, July 28, 2009
Electric utilities vying for $3.9 billion in new federal “smart grid” grants will need to prove that they are taking steps to prevent cyberattacks as they move to link nearly all elements of the U.S. power grid to the public Internet.
The requirements from the Energy Department come amid mounting concern from security experts that many existing smart-grid efforts do not have sufficient built-in protections against computer hacking, such as new “smart meters” that put information about consumers’ power use onto the Internet, grid-management software and other equipment.
The smart-grid spending in the federal stimulus package is intended to create jobs and improve the efficiency and reliability of the electricity grid by lowering peak demand, reducing energy consumption, integrating more renewable energy sources and easing the pressure to build new coal-fired power plants.
Many of those efficiency gains will be made possible by new technology being built on top of the existing power grid, such as smart meters, which provide real-time feedback on power consumption patterns and levels. An estimated 8 million smart meters are used in the United States today, and more than 50 million more could be installed in at least two dozen states over the next five years, according to the Edison Foundation’s Institute for Electric Efficiency.
Yet security researchers have found that these devices often are the weakest link in the smart-grid chain. Smart meters give consumers direct access to information about their power usage and the ability to manage that usage over the Web, but that two-way communication also opens up the possibility that the grid could be attacked from the outside. Many such systems require little authentication to carry out key functions, such as disconnecting customers from the power grid.
Indeed, at this week’s Black Hat, the world’s largest cybersecurity conference held annually in Las Vegas, researchers from IOActive of Seattle are slated to demonstrate a computer worm that spreads by taking advantage of the software update feature built into a prevalent brand of smart meters (IOActive is not disclosing which). The worm could in theory give the attackers who launched it the ability to very quickly sever tens of thousands of homes from the smart grid.
Joshua J. Pennell, IOActive president and chief executive, said he hopes the presentation will serve as a wake-up call for smart-grid technology vendors and the companies purchasing the products.
Federal grants for smaller smart-grid projects range from $300,000 to $20 million, while the federal share of funds for larger projects could be as much as $200 million. The Energy Department says it can reject any grant application that does not demonstrate that ensuring cybersecurity will be a top priority.
“We haven’t described how to address the requirements, because we’re trying to leave the door to innovation open,” said Hank Kenchington, a senior manager with the Energy Department’s Office of Electric Delivery and Energy Reliability. “But we do say — even if an award scored ‘A’ grades on all aspects but doesn’t address cyber — we reserve right to not go forward with that grant. We realize you need to ask for the security up front and have it built-in up front, or you’re going to end up paying for it later.”
Photo: By David Zalubowski — Associated Press
© 1996-2009 The Washington Post Company
Powered by Crisp Wireless, Inc.
My Letter to the Editor:
The July 28th article on the security concerns of the proposed Smart Grid system raised legitimate issues regarding the feasibility of allowing remote control of our power grid. However there are additional potential problems with the smart grid system.
Some of these are:
Today’s meters use very little energy and are inexpensive. The new meters have a substantially higher cost and use more energy to run. In addition, the best way to reduce energy use is to simply switch off appliances when not in use. We can already install programmable timers on our appliances. Do we really need to have another appliance to assist us with this?
Who is paying for this added infrastructure? The stimulus funds come directly from the taxpayers. So we pay to install the system and then what? Do we then pay even higher rates to maintain this more expensive system? The maintenance of the meters, the greatly expanded data storage needs and the energy used by the new meters will all add to the cost of our energy system.
And finally, the increased wireless radiation from the new meters as well as from sending the signals over the power grid will cause an overall increase of radio frequency radiation (RFR) in our environment. Sending broadband over power lines effectively turns the power lines into RFR antennas which causes interference with electronic devices and radio communications and with our electrobiological bodies.
I, and millions of other electrosensitive people, have to go to great lengths to minimize our exposure to RFR just to keep functioning. If I am forced to have a wireless meter in my home and to live near power lines that radiate RFR, I will have no safe refuge. Many of us have already been forced to move from homes that had high levels of RFR due to neighboring communications antennas and/or WiFi and DECT phone RFR emissions. While it is estimated that 3% of the population is electrosensitive these numbers are predicted to grow as the levels of RFR exposure increase. Will the installation of the smart grid lead to an even higher population of people who are disabled due to RFR exposure?
These issues must be addressed before the wide-scale installation of the Smart Grid begins.
Wireless Radiation Alert Network