Original Source

Nick Hunn [1]  is a wireless technology expert who is quite skeptical of the purported benefits of smart meters and the current level of smart grid system security.  He recently  wrote an article entitled, “When Smart Meters Get Hacked” (June 8, 2014).  What follows are some selected quotations from his article dealing primarily with the smart meter “feature” of remote disconnect:

“There‘s a lot of talk about grid security and data privacy in the energy industry, but very little about the consequences of what happens if smart meters go wrong.  By going wrong, I don‘t just mean people attempting to hack their meters to reduce their bills.  That will probably happen.  I‘m more interested in the nightmare scenario when several million electricity meters suddenly disconnect. [emphasis added]

Whenever I’ve asked a utility about what they’d do if a million meters disconnected, the only response I’ve had is a puzzled look and the reply that ‘that can’t happen’.  It probably won’t, but it could.  If it does, the economic effect on the country would be disastrous.  It’s probably the most effective terrorist attack available. …

In theory only the utility has access to the relay in your meter and they claim to have a secure system.  But that’s not strictly true.  There is a threat where a rogue programmer working for the meter manufacturer could insert some additional code which would disconnect the meter at a specified day in the future.  That threat is very low but maybe not as low as it should be.  If this happens, the consequences are catastrophic. …

All they need to do is to insert a few lines of code into the firmware for a smart meter which will disconnect the meter at some specific time in the future.  For best effect, they’d set that to be during a peak time, …  The code needs to disconnect the power at that point and also disable the remote connection back to the utility, so that they can’t communicate with the meter to try and restart it.  A competent programmer should be able to write that in about ten minutes.  As the same code goes into all millions of meters from each supplier, millions would turn off together.

Bringing power back after one of these events is difficult.  If enough power stations have shut down, the grid needs to perform what’s called a black start. …

Which brings us back to the underlying issue.  Has anyone ever looked at the balance of risk between the convenience of being able to remotely disconnect a meter, and the potential of that being misused to destroy the entire national grid? …  It’s time somebody stood back and asked ‘What if?’”

For the complete article, refer to: http://www.nickhunn.com/when-smart-meters-get-hacked/

Nick Hunn has also written a Creative Commons work, entitled, “Smart Metering is FCUKED.”  Here are a few of quotes from this document:

“Even when smart meters are deployed, there is no evidence that any utility will use the resulting data to transform their business, rather than persecute the consumer.  At a recent US conference a senior executive for a US utility which had deployed smart meters, stated that their main benefit was ‘to give them more evidence to blame the customer’.  That’s a good description of the attitude displayed by our utilities. … [emphasis added]

There is an obsession to make ‘smart’ meters do things which are far better done over other channels, such as demand response and consumer engagement.  But because the industry is so technically backward, it’s picked an architecture that is several decades out of date and which cannot deliver the information in the way which customers want.  Today consumers have smartphones.  They want the same sort of smart experience from their utility.  Instead they’re going to get a retro ‘70’s technology experience, whilst paying twenty-first century prices for it.  It’s a back to front world, where utilities are leading the Government down a path that it and consumers will regret. …

The real risk comes when every meter is capable of disconnecting the user.  Simply reading meters generates privacy and billing issues, but the damage is likely to be restricted to a number of individuals.  When you allow remote disconnections, the risk moves to another dimension.  The paper ‘Who controls the off switch’ [17] highlights the risk of a hacker or disgruntled employee turning off a large number of meters. That sudden change would cause immense damage to the grid and components within it, as well as removing power from millions of users.  The resultant cost would be immense.  As the paper explains, ‘this is the cyber equivalent of a nuclear strike; when electricity stops, then pretty much everything else does too.’” [emphasis added]

[17] “Who Controls the Off Switch,” by Ross Anderson & Shailendra Fukoria, Cambridge University, http://www.cl.cam.ac.uk/~rja14/Papers/meters-offswitch.pdf

To more fully quote the paper referenced by [17] above:

“From the viewpoint of a cyber attacker – whether a hostile government agency, a terrorist organisation or even a militant environmental group – the ideal attack on a target country is to interrupt its citizens’ electricity supply. … Until now, the only plausible ways to do that involved attacks on critical generation, transmission and distribution assets, which are increasingly well defended.  Smart meters change the game.”

“Electricity and gas supplies might be disrupted on a massive scale by failures of smart meters, whether as a result of cyberattack or simply from software errors.  The introduction of hundreds of millions of these meters in North America and Europe over the next ten years, each containing a remotely commanded off switch, remote software upgrade and complex functionality, creates a shocking vulnerability.  An attacker who takes over the control facility or who takes over the meters directly could create widespread blackouts; a software bug could do the same.”

Lack of forethought and misguided objectives in deploying smart meters could very well result in the nightmare scenario described above in the not too distant future.  There may still be time to turn back and avoid catastrophic outcomes, but the government, utilities, and the smart grid industry do not yet appear willing to protect us or themselves against catastrophic events.

[1]  Nick Hunn has over twenty years experience in the area of mobile and wireless communications and ten additional years in product design.  Although Mr. Hunn  possesses considerable experience in the field of wireless connectivity, his writings do not appear to express any particular knowledge or concern regarding potential health risks related to the use of wireless technology as frequently discussed elsewhere on this website.

For other relevant blog articles on the topic of smart grid cyber threats, refer to:

comments powered by Disqus