Wireless networks exposed as electricity grid weakest link

December 31, 2013 by Nic White
Wireless networks exposed as electricity grid weakest link
The technology also helps make the grid more efficient and protect it from blackouts as power companies can plan ahead to optimise their use of extra generators and shut down power-hungry devices that the meter allows them to directly communicate with. Credit: Ian Britton

Smarter, more efficient electricity meters aim to revolutionise energy distribution but WA researchers fear hackers could easily exploit numerous security flaws and wreck havoc on power grids.

Smart meters measure a customer's every half hour, including which devices are turned on and how much energy they draw from the grid, and send it to the power company.

Not only does this eliminate the need for human meter readers, it allows energy providers to monitor how the network is functioning, detect faults, and remotely manage connections.

The technology also helps make the grid more efficient and protect it from blackouts as power companies can plan ahead to optimise their use of extra generators and shut down power-hungry devices that the meter allows them to directly communicate with.

However, ECU Security Research Institute director Professor Craig Valli says because the smart grid system relies on inherently insecure wireless networks to transmit information through parts of the system, there are significant vulnerabilities for determined cyber criminals to attack.

"There's a lot of economic benefit to this but the security around it sucks," he says.

"A lot of it is poor implementation, there's an unwillingness to put in a lot of the available controls.

"[Using full security features] is not going to be popular but do you want electricity coming down that cable or do you want a free-for-all for cyber criminals to cause havoc?"

Prof Valli says even with all controls enabled it "would be the difference between stealing a car with broken lock verses a car with a good alarm system".

In an experiment he and a team of ECU researchers were able to intercept communications between devices using eavesdropping software.

Prof Valli says while they were unable to find the key to decrypt it someone with more time and resources could, and that in a few years it would be possible with freely available programs.

Once they had the key, could shut off a building's power to infiltrate it, or cause mayhem by knocking out entire suburbs or potentially cities.

Verve Energy chief engineer Andy Wearmouth says an entire blackout of Perth would take several hours to restore.

However it could take much longer if hackers were able to corrupt meters that would have to be manually reset, he says.

"That would be a really ugly scenario, if someone was able to get in and effectively turn the power supply off to everyone's house," he says.

Explore further: Smart Grid Technology: Vulnerable To Hackers

Related Stories

Smart Grid Technology: Vulnerable To Hackers

March 23, 2009

(PhysOrg.com) -- Smart Grids are digitally based electricity distribution and transmission systems and test have shown that a hacker can break into the system resulting in a massive blackout.

Report: 'Smart' meters have security holes

March 26, 2010

(AP) -- Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.

'Smart grid' would save energy, cut costs for US consumers

January 5, 2011

Momentum is building for a new energy "smart grid" that would overhaul the U.S.'s 100-year-old electrical power network. The impact would be huge –– from installation of a new web of electrical transmission lines ...

Florida electric utility completes smartgrid installations

May 5, 2013

(Phys.org) —Florida Power & Lighting has completed its $800 million smart grid upgrade, with installations of 4.5 million smart meters. Smart meters are digital devices that use radio frequencies to communicate with automated ...

Cybersecurity: Plugging smart grid weaknesses

June 5, 2013

Power companies are increasingly upgrading to smart grids—national or state-based intelligent computer systems that collect information from consumers and suppliers in order to automatically improve the grid's efficiency ...

Improving energy conversion processes

December 3, 2013

(Phys.org) —Renewable energy sources such as wind-powered generators can be more reliable and efficient by better controlling the process of getting electricity onto the power grid, according to a United States patent based ...

Recommended for you

Netherlands bank customers can get vocal on payments

August 1, 2015

Are some people fed up with remembering and using passwords and PINs to make it though the day? Those who have had enough would prefer to do without them. For mobile tasks that involve banking, though, it is obvious that ...

Power grid forecasting tool reduces costly errors

July 30, 2015

Accurately forecasting future electricity needs is tricky, with sudden weather changes and other variables impacting projections minute by minute. Errors can have grave repercussions, from blackouts to high market costs. ...

Microsoft describes hard-to-mimic authentication gesture

August 1, 2015

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting ...


Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (1) Dec 31, 2013
The hackers are probably more involved at the moment with exploiting security flaws in the NSA archives and the ACA databases. There's more money to be made there than from electric bills.
1 / 5 (1) Jan 01, 2014
As technology becomes more advanced it often becomes easier to disrupt.

How hard is it, really, to pay a meter guy? The existing meters are lower tech, therefore more durable and also most likely easier for the homeowner to keep their own records, if they want, to ensure against a walking meter, or ensure the meter reader hasn't made a mistake.

It makes no sense to try to automate literally everything, because then you are dealing with things like limited channels and limited bandwidth, more hacker access as mentioned in the article, and so on.

If it isn't broken, don't fix it. Maybe you want to make a smart grid at a perhaps town or city block level, but it doesn't seem at all necessary for every home in a state or in the country to have a digital meter with a wireless network connection.

It's absurd.

I can also see th charges on the energy bill:

Plus $10/month for the digital meter
Plus $10/month for security measures.
Plus $250 installation fee.
and still charge to "read" it.
not rated yet Jan 01, 2014
There's more money to be made there than from electric bills.

They're not after the electric bills. Wireless smartmeters can be read from afar. Just read out whether someone hasn't used any water/electricity in the past few days and you know they're not home. Then go clean out the house. (With a 30 minute updated profile you can even check at which hours that home is usually empty)

I've got a friend who worked on the software of a smartmeter system for a large energy/water provider. He says basically the same thing as the article above: All his (and others') doubts about the inherent lack of safety and weak encryption were brushed aside as being too costly to implement.
Now these meters are out and the weak standards are in the firmware - an upgrade would be extremely costly (it would be almost cheaper to replace the smartmeter altogether).

This means these security flaws will be here to stay and thieves will have so much fun in the meantime.
not rated yet Jan 02, 2014
So the issue is the security of the wireless networks, but not the...

* Ability to remotely tap into your home and see "...which devices are turned on and how much energy they draw from the grid, and send it to the power company."

* Remotely "...shut down...devices that the meter allows them to directly communicate with."


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.