Saturday, February 20, 2010

Gee, I can't wait to get my SmartMeter™ from Pacific Gas & Electric. After all, What Could Possibly Go Wrong?

According to PG&E, the "SmartMeter™ system will be rolled out to all PG&E customers by mid-2012", whether customers want it or not. The system resembles nothing so much as a Big Brother arm of the government, monitoring your power usage in real-time. There are reports that the price you will be charged for power -- at least in some locations -- will vary based upon time of day, demand and other factors.

And the system purportedly "keeps your information secure" using "secure wireless technology" (an oxymoron, to be sure) in beaming the details of your usage to PG&E.

But the fact is that cyber attacks against the "SmartGrid" are all but certain over the next twelve months as programs like PG&E's roll out.

Attacks against the power grid are likely to rise and intensify during the next 12 months as smart grid research and pilot projects advance, according to utility security experts and a recently published report that analyzes threats to critical infrastructure...

The so-called Project Grey Goose Report on Critical Infrastructure points to state and/or non-state sponsored hackers from the Russian Federation of Independent States, Turkey, and China as the main threats to targeting and hacking into energy providers and other critical infrastructure networks.

...utility security experts agree that utility security administrators will have their hands full during the next year, as the transition from isolated, closed energy-generation and transmission networks to IP-based and wireless ones begins to take shape in the form of pilot smart grid projects... Doug Preece, senior manager for smart energy services at Capgemini, says he expects an uptick in hacking of smart grid devices during the next 12 months as more smart-grid pilot projects are launched at energy firms. "The penetration of these devices is going to dramatically increase in numbers in the next 12 months, and then it's going to plateau," Preece says. "There's a window of opportunity for malicious intent."

...The smart grid's distributed approach exposes these networks and systems, he notes, and they will be most vulnerable in the early phases as they get up and running... "The worst-case scenario would be an attacker compromising [the smart grid] and then controlling the distribution of power," he says.

The worry is that smart grid vendors and energy firms are rushing to deploy the new technologies without properly securing them... The Grey Goose report calls out Russia, Turkish hackers, and China as the top threats to the power grid.

Given the sophistication of APT malware these days -- and especially state-sponsored attacks -- it's not even clear that, say, China pwning these idiotic SmartMeters would even be detected.

These petty bureaucrats are more interested in controlling every aspect of your lives than tapping the plentiful energy sources that are scattered throughout the United States. Since they don't care about securing new sources of real energy for the U.S., they're probably just as unconcerned about securing these new networks.

1 comment:

Joseph Somsel said...

When the remote-controlled thermostats were first proposed in California a couple of years ago, the technical specification made the claim that the linkages were designed with "moderate levels of security."

The PG&E project manager made a statement to the NYT that hacking was "impossible."


Early tests with SmartMeters have produced public protests when the bills, especially for FAMILIES with stay-at-home mothers, have shot up.

The idea is to impose a new market structure on electric service. No longer will citizen demand be the driving force. Now, the customers must serve the needs of the utility and its governmental overlords.

That's backasswards