Major concern over smart grid security

Newly allocated funds for the smart grid have resulted in new technologies being distributed across the U.S., but smart grid security remains a major area of concern for security experts.


The American economic stimulus package allocated $4.5 billion for an upgraded electricity delivery system. The funding for new smart grid technologies has resulted in several million networked meters being distributed in the United States.

The vision of the smart grid promises to combine the power of distributed computing with highly fault-tolerant data communications to deliver real-time distribution of power. Within this infrastructure, smart meters represent an important piece of the end-point distribution segment of the smart grid.

However, critics of the new system say that the new system presents major security problems. Mike Davis, a senior security consultant at IOActive-a research company based in Seattle-gave a presentation at the 2009 Black Hat Briefings on a proof-of-concept cyber attack that could potentially allow an attacker to shut off large numbers of meters remotely. Davis and a team of IOActive researchers developed proof-of-concept malicious code that self-propagated in a peer-to-peer fashion from one meter to the next.

Highlights from Davis' presentation are below:

A. Attacking Memory

To hack into a smart meter through hardware, an attacker first needs to determine the programming that runs it, says Travis Goodspeed, an independent security researcher who specializes in wireless sensor networks. If the meter hasn't been built with protective features, a hacker can use syringes to insert a needle into each side of the device's memory chip. The needle serves as a probe to intercept the electrical signals in the memory chip. By analyzing these signals, the hacker can deduce the device's programming. Even if the meter includes security features, he says, it may be possible to extract the information using customized tools.

B. Digital Radio

The smart meter's two-way radio chip allows the device to be read remotely and to receive commands over the network. The software in the chip contains security codes that an attacker who's cracked the meter's programming can use to get on the network and begin issuing commands. Goodspeed has shown that the codes can be extracted using syringes in a process similar to the attack on the memory.

C. Accessing the Meter

One way to hack into a smart meter is through its wireless networking device, says David Baker, IOActive's director of services. An attacker can use a software radio, which can be programmed to emulate a variety of communications devices, to listen in on wireless communications with the network and deduce over time how to communicate with the meters. Another method, Baker says, is to attack the hardware. An attacker could steal a meter from the side of a house and reverse-engineer it. This method, he says, while inexpensive, does require a good knowledge of integrated circuits.

D. Spreading Malware to the Network

With access to one smart meter's programming and codes, Baker says, someone can communicate with all the meters of the same brand that are connected to the network. To demonstrate his attack, Davis crafted a piece of malware that could self-replicate to other meters, allowing an attacker to shut them down remotely. In simulations, Davis showed that if his worm were released in an area where all the houses were equipped with the same brand of meter, the worm could spread to 15,000 homes in the space of 24 hours.

E. Measuring Electrical Usage


At the heart of a smart meter are the sensors that measure energy usage. Unscrupulous individuals have long tried to save money on their electric bills by interfering with a meter's ability to accurately report how much energy has been consumed. That type of fraud may still be possible on a smart meter, though many of the devices are designed to protect against the mechanical methods traditionally used.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Choosing controllers: PLCs, PACs, IPCs, DCS? What's best for your application?; Wireless trends; Design, integration; Manufacturing Day; Product Exclusive
Variable speed drives: Smooth, efficient, electrically quite motion control; Process control upgrades; Mobile intelligence; Product finalists: Vote now; Product Exclusives
Machine design tips: Pneumatic or electric; Software upgrades; Ethernet advantages; Additive manufacturing; Engineering Leaders; Product exclusives: PLC, HMI, IO
This article collection contains the 5 most referenced articles on improving the use of PID.
Learn how Industry 4.0 adds supply chain efficiency, optimizes pricing, improves quality, and more.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security