in Up Front
print the content item

Over the last few years, the smart grid has created both real concerns and dramatized fears about cybersecurity weaknesses and the risk of potential attacks.

Cybersecurity is a complex challenge for any system, and the smart grid is a gigantic, geographically dispersed, distributed system where security issues are especially complex.

Nevertheless, there are a few guiding principles that can help in the analysis of these potential attacks and even prevent them.

Guiding principle #1:
Assume that any security system can be breached, and plan ahead for breaches, in order to ensure that a successful attack is detected, localized and compartmentalized. Following this principle lowers the value and likelihood of an attack.

Guiding principle #2: Understand and manage the attack surface, which is the virtual avenue of attack. Some attacks are relatively simple and require minimal training to mount. The system must anticipate and counter these simple attacks.

Other attacks require expert cryptologists and super computers, so the number of people with the resources and financial capabilities to execute an attack of this kind is small. If the reward of a successful attack at this surface does not yield a proportionate benefit, the likelihood of this attack is reduced.

Guiding principle #3: Use standard security protocols and best practices that have been applied in IT systems that have been - and continue to be - attacked. Although it may seem less secure to use publicly known access control, authentication and encryption techniques, if certain systems have been attacked (and revised when an attack was successful), it makes them generally stronger than a proprietary technique that has not been subjected to relentless attacks.

Smart meter attacks
There have been cases where smart meters have come under cyber attack and in which these three guiding principles would have applied.

In 2009, an attack on one meter within a radio-frequency mesh metering system allowed code to be deployed to all the meters across the network.

A study later showed that in that instance, a worm was propagated in one meter and then infected neighboring homes, eventually spreading to over 22,000 meters. Clearly, a better system design would not have allowed a single infected meter access to the other meters.

Another incident occurred in Puerto Rico in 2009. The FBI was called to do an investigation on electrical theft, in which employees were illegally accessing meters using the optical-port interface in order to lower consumers' bills, resulting in an estimated loss of $400 million for Puerto Rican utilities.

Further underscoring the security issues with meter optical ports, another instance involved an open-source toolkit that was released in July that allows commands to be sent to the optical port of a meter in order to test its security.

Although this tool kit - which conforms to the American National Standards Institute standard - seems useful on the surface, it would not have hindered the utility’s employees in Puerto Rico, as they presumably already had the passwords of the meters in order to access them over the optical port.

In most cases, meter access is password protected, and if passwords are strong and unique to each meter, then optical-port access is not valuable to a cyber criminal.

Simple measures, such as unique passwords per meter, can control the size of the attack surface. Furthermore, ensuring that passwords are strong and not sharing passwords can go a long way toward preventing attacks such as the one that occurred in Puerto Rico.

Although unfortunate, these attacks have helped the industry realize that systems need to be hardened and that more attention needs to be paid to lower-level, simple attacks - rather than to complex cryptographic attacks - as there are more people qualified to mount them.

The aforementioned cases required knowledge of both the computer and the system, some special hardware and/or a corrupt employee, and weak access control policies.

However, there are even easier ways to steal energy. Energy theft can be accomplished in the following ways:

  • wiring around meters;
  • installing switches that bypass the meter when a large electrical load is running;
  • putting strong magnets around meters to cause them to under-report usage; and
  • reversing the wiring to the meter in the hope of running it backwards.

None of these types of attacks can easily be detected with a non-intelligent, non-communicating meter. But with the advent of smart meters, these conditions can be detected and reported, thereby eliminating some of the easiest attacks.

If the industry follows the three aforementioned guiding principles, smart meters can provide a more reliable, theft-resistant and attack-resistant grid than what is currently in place. In fact, that is one of the reasons to use new grid technology in the first place.

Robert Dolin is vice president and chief technology officer at Echelon Corp. He is co-inventor of 14 Echelon patents and one of the designers of the LonWorks protocol, the network development system environment, the Neuron C programming model and LonWorks network management.

Hse SandyHook
Latest Top Stories

Sensus Smart Meters Tied To More Overheating Incidents And Fires

SaskPower is investigating two new meter failures, and Portland General Electric is working to replace 70,000 Sensus units amid fire concerns.

SaskPower Halts Smart Meter Installations Following Fires

The Canadian utility has suspended its smart meter deployment as it investigates half a dozen fires associated with the meters.

New Study Underscores Value Of Customer Engagement, Ranks Most-Trusted U.S. Utilities

According to the report, which analyzes 125 utilities across the country, earning a customer's trust can lead to monetary gains.

Washington State Doles Out Cash For Utility Energy Storage Projects

Three utilities have been awarded millions of dollars in grants to explore energy storage technology that could help integrate renewable and improve the power grid.

Utilities Reveal Just How Much Customers Are Saving With Energy Efficiency Programs

Two U.S. utility companies have issued progress reports and solid numbers regarding their respective initiatives.

S&C Electric_id176