The Smart Grid promises to make our energy (and also water and sewage systems) more efficient, robust, and responsive by building a paired parallel information and control network onto the existing distribution networks. Doing so will enable near real-time response to current conditions of supply and demand, allowing the network to operate more efficiently, as well as to respond to local problems as they develop. It will also prevent the kind of cascading failures that can rapidly spread across the existing grid…at least in theory. However hooking up the grid’s multitude of component units to a network also opens up the potential for the grid to be hacked — in much the same way anything that is exposed to the internet can be hacked.
Want to read more about the Smart Grid? See our post? The Green Economy Will Need a Smart Grid…and Building it will be Big Business
The Utility Systems Themselves are Vulnerable to Being Hacked
There are two distinct potential attack surfaces that malicious hackers could exploit. The first vulnerability is within the various grid infrastructures themselves, including the electric grid as well as the gas, water and sewage networks. Each of these systems has many vital parts that are tied together to form the working networked whole. For example water, gas and sewage networks have pumping stations, control valves, various sensors, storage, treatment and production facilities and so forth, while the electric grid has base load and peak power plants, switches, sub-stations, power storage nodes and so on. If a hacker can gain access to a critical sub-system on this network of systems they could bring an entire system down or degrade its performance, by issuing malicious commands into the sub-system that they have gained access to.
Last year, at a New Orleans security conference, Tom Donahue a senior CIA analyst confirmed that at least one blackout has already been caused by hackers disrupting the grid. As remote control is extended across the various grids, (our water, gas, sewage and electric systems) an increasing number of potential attack surfaces are being opened up that hackers can and will exploit. Our various utility infrastructures are rapidly being tied together by utility webs. While this does increase the efficiency of these systems, they are also becoming increasingly vulnerable to being hacked. This is a very serious and under reported problem. If better security is not incorporated into these utility-webs, a much more expensive, after the fact security upgrade will eventually be required after a few catastrophic failures make it clear how important it is to protect these vital information networks.
As Smart Meters and Smart Appliances Connect Consumers Home Systems to the Web They will Become Vulnerable
The second way the Smart Grid is becoming vulnerable is through all of the smart meters that are being hooked up to its consumer end points. Over the next few years, an additional 100 million smart meters will be added to the existing base of 40 million units worldwide. The Obama administration has called for 40 million of these meters to be installed in the US over the next three years. If a hacker could hack into and gain control of many thousands or more of these units, they could potentially disrupt power to whole neighborhoods, or even cities, and cause sudden and harmful drops and surges in demand that could bring the entire grid down. In addition, as smart appliances proliferate, and are hooked up to networked home systems, and as more and more homes become wired up to home control systems, these appliances and home energy control systems themselves could be controlled in a malicious manner.
It is Much Better to Build Security into the Software Rather than Try to Protect or Re-factor Unsecure Code
It will be much less expensive to incorporate security infrastructure into these systems right from the start, rather than being bolted onto them after the fact. If the software that controls these systems is designed, built, reviewed and tested in a manner that exposes and reduces the potential attack surfaces right from the start, the overall end cost will be much lower than the alternative of doing nothing right now and reacting later after a series of serious events exposes the system vulnerabilities. If code that is riddled with potential exploits a hacker could use in order to gain control of the system is released and widely distributed, as is currently in fact happening, some hacker somewhere will eventually discover the exploits and use them. Once an exploit becomes known in the hacker community, it rapidly proliferates and all too soon is used by many other copycat hackers.
Re-factoring a very large base of widely dispersed legacy code is very expensive and time consuming. It will cost far more than it will to do it right in the first place. Additionally, for the period of time that a more secure replacement system is being rolled out, critical systems will remain vulnerable to malicious agents at great cost to society. The problem of trying to address poorly designed software that is widely distributed across millions of widely dispersed places — in smart meters as well as smart appliances can easily become a truly massive headache.
Ignoring this hardware and software security problem will not make it go away. The problem is guaranteed to snowball if it is not addressed up front right now. Every problem is also an opportunity. In this case, it is an opportunity for security consultants, software architects, engineers and testers to build secure code for the smart grid – code that will present as small an attack surface as is feasible, and that will limit the severity of potential exploits to lower level types.
Update: According to a report from the Wall Street Journal the US electric grid has been penetrated by cyberspies. They left behind software that could allow them to disrupt US infrastructure such as the electric grid, but not limited to that. This espionage appears to have penetrated our national infrastructure networks across the US with the goal of mapping our grids and leaving behind software that would allow them to take control of and to disrupt the networks. The officials quoted in this news report have said that the malicious software left behind has been removed, but that begs the question — have all the hacking tools been found? or are hidden software tools lurking undiscovered inside the vast number of nodes that comprise and participate in the US electric, gas, oil, water, telephone, cell phone, sewage and other infrastructure networks.
Computer security firms are raising the alarm. For example IOActivea leading provider of smart grid security services cautions against wider adoption of Smart Grid technology until security risks are mitigated and industry adopts a Security Development Lifecycle.
In a presentation to the Committee of Homeland Security and DHS on March 16, 2009, Joshua Pennell, President and CEO of IOActive stated: “The Smart Grid infrastructure promises to deliver significant benefits for many generations, but first we need toaddress its inherent security flaws. Based on our research and the ability to easily introduce serious threats, IOActive believes that the relative security immaturity of the Smart Grid and AMI markets warrants the adoption of proven industry best practices
including the requirement of independent third-party security assessments of all Smart Grid technologies that are being proposed for deployment in the Nation’s critical infrastructure. We are also recommending that the Smart Grid industry follow a proven
formal Security Development Lifecycle, as exemplified by Microsoft’s Trustworthy Computing initiative of 2001, to guide and govern the future development of Smart Grid technologies.”
© 2009, Chris de Morsella. All rights reserved. Do not republish.