Experts: 'Smart-grid' system vulnerable to
hackers
Mar 30 - Heath Urie, Daily Camera, Boulder, Colo.
Determined hackers with as little as $500 worth of equipment and some
computer know-how could cripple the smart-grid technology being piloted in
Boulder and rolled out nationwide, security experts say.
Seattle-based IOActive, a computer security-assessment firm, says a yearlong
independent test of smart-grid technology and infrastructure plans found
that the systems are vulnerable to the same types of attacks as most any
computer system.
But unlike the common PC, the power industry hasn't spent decades combating
cyber crime, experts say.
"The people who are rolling out this technology haven't crossed that bridge
before," said Josh Pennell, founder of IOActive. "People are talking about
what is theoretically possible."
Pennell's company went to work testing those theories about smart grid
vulnerabilities, and determined the threat from hackers is very real.
Attacks on the computer networks running the power distribution systems
could expose utility companies to "fraud, extortion attempts, lawsuits or
widespread system interruption," according to the study.
Other experts have suggested that, in a worst-case scenario, intrusions into
the smart grid could lead to massive power failures across huge swaths of
the country -- among other unknown consequences.
Pennell testified earlier this month before a U.S. Department of Homeland
Security committee in Washington, in which he urged federal authorities to
take a closer look at security within the smart-grid plans now -- before the
system becomes too large to go back and fix.
"The time to do this and do it right is now," Pennell said. "Nobody wants to
go back and remediate a few billion of these devices later."
Pennell said utility companies should begin by adopting standard security
measures for the entire national system that's planned.
"If the industry so chooses to adopt standards ... we can start baking the
security into the product before we have the technology deployed from the
East to West coasts," he said.
In Boulder, slated to become the nation's first smart-grid city, equipment
is already being handed out.
Xcel Energy, which is spearheading the effort, has installed about 15,000
"smart meters" -- which allow for detailed energy monitoring and two-way
communication with power stations -- in Boulder homes, and is piloting other
new technology in the city.
Tom Henley, an Xcel Energy spokesman, said company rules prevent him from
discussing security issues.
He declined to answer questions about whether measures are being taken to
protect the technology being used within the Boulder system, or whether it's
vulnerable, saying only that "maintaining the reliability and security of
the computers, control systems and other cyber assets ... is a top priority
within the company."
Kara Mertz, assistant to the Boulder city manager and the liaison to the
smart-grid project, said the city has not had any discussions with Xcel
about security -- because it hasn't come up.
"Certainly we will look into it," Mertz said. "It wouldn't be acceptable to
us if our residents' and business' energy is somehow compromised."
According to current estimates, there are more than 2 million so-called
"smart meters" already being used across the United States.
About 73 utility companies have ordered a total of 17 million more of the
devices -- thanks in part to a promised $11 billion investment in the
technology as part of President Barack Obama's economic recovery plan.
Moira Mack, a White House spokeswoman, said there are several federal
agencies looking into the issue of smart-grid security. The Department of
Energy, for example, is required to submit to Congress by the end of the
year a study on the system's security that was chartered in 2007.
"This work will help accelerate the development of cyber security
requirements for other smart grid technologies," she said.
The Trustworthy Cyber Infrastructure for the Power Grid, a consortium of
university researchers backed by the Department of Homeland Security and the
National Science Foundation, is already developing improvements for devices
installed in homes.
The group's goals include making at-home equipment, such as smart meters,
able to detect attacks and resist unauthorized access. According to the
consortium, the current systems are "at serious risk from both malicious
cyber attacks and accidental failures."
"These risks may come from cyber hackers who gain access to control networks
or create denial-of-service attacks on the networks themselves, or from
accidental causes, such as natural disasters or operator errors," according
to the group's Web site.
To subscribe or visit go to:
www.dailycamera.com
|