Wireless networks exposed as electricity grid weakest link

Dec 31, 2013 by Nic White
Wireless networks exposed as electricity grid weakest link
The technology also helps make the grid more efficient and protect it from blackouts as power companies can plan ahead to optimise their use of extra generators and shut down power-hungry devices that the meter allows them to directly communicate with. Credit: Ian Britton

Smarter, more efficient electricity meters aim to revolutionise energy distribution but WA researchers fear hackers could easily exploit numerous security flaws and wreck havoc on power grids.

Smart meters measure a customer's every half hour, including which devices are turned on and how much energy they draw from the grid, and send it to the power company.

Not only does this eliminate the need for human meter readers, it allows energy providers to monitor how the network is functioning, detect faults, and remotely manage connections.

The technology also helps make the grid more efficient and protect it from blackouts as power companies can plan ahead to optimise their use of extra generators and shut down power-hungry devices that the meter allows them to directly communicate with.

However, ECU Security Research Institute director Professor Craig Valli says because the smart grid system relies on inherently insecure wireless networks to transmit information through parts of the system, there are significant vulnerabilities for determined cyber criminals to attack.

"There's a lot of economic benefit to this but the security around it sucks," he says.

"A lot of it is poor implementation, there's an unwillingness to put in a lot of the available controls.

"[Using full security features] is not going to be popular but do you want electricity coming down that cable or do you want a free-for-all for cyber criminals to cause havoc?"

Prof Valli says even with all controls enabled it "would be the difference between stealing a car with broken lock verses a car with a good alarm system".

In an experiment he and a team of ECU researchers were able to intercept communications between devices using eavesdropping software.

Prof Valli says while they were unable to find the key to decrypt it someone with more time and resources could, and that in a few years it would be possible with freely available programs.

Once they had the key, could shut off a building's power to infiltrate it, or cause mayhem by knocking out entire suburbs or potentially cities.

Verve Energy chief engineer Andy Wearmouth says an entire blackout of Perth would take several hours to restore.

However it could take much longer if hackers were able to corrupt meters that would have to be manually reset, he says.

"That would be a really ugly scenario, if someone was able to get in and effectively turn the power supply off to everyone's house," he says.

Explore further: US probe links NKorea to Sony hacking

Related Stories

Cybersecurity: Plugging smart grid weaknesses

Jun 05, 2013

Power companies are increasingly upgrading to smart grids—national or state-based intelligent computer systems that collect information from consumers and suppliers in order to automatically improve the ...

Smart Grid Technology: Vulnerable To Hackers

Mar 23, 2009

(PhysOrg.com) -- Smart Grids are digitally based electricity distribution and transmission systems and test have shown that a hacker can break into the system resulting in a massive blackout.

Florida electric utility completes smartgrid installations

May 05, 2013

(Phys.org) —Florida Power & Lighting has completed its $800 million smart grid upgrade, with installations of 4.5 million smart meters. Smart meters are digital devices that use radio frequencies to communicate ...

Report: 'Smart' meters have security holes

Mar 26, 2010

(AP) -- Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously ...

'Smart grid' would save energy, cut costs for US consumers

Jan 05, 2011

Momentum is building for a new energy "smart grid" that would overhaul the U.S.'s 100-year-old electrical power network. The impact would be huge –– from installation of a new web of electrical transmission lines ...

Improving energy conversion processes

Dec 03, 2013

(Phys.org) —Renewable energy sources such as wind-powered generators can be more reliable and efficient by better controlling the process of getting electricity onto the power grid, according to a United ...

Recommended for you

Sony emails show a studio ripe for hacking

10 hours ago

In the weeks before hackers broke into Sony Pictures Entertainment, the studio suffered significant technology outages it blamed on software flaws and incompetent technical staffers who weren't paying attention, ...

North Korea linked to Sony hacking (Update)

20 hours ago

Federal investigators have now connected the hacking of Sony Pictures Entertainment Inc. to North Korea, a U.S. official said Wednesday, though it remained unclear how the federal government would respond ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

tadchem
3 / 5 (1) Dec 31, 2013
The hackers are probably more involved at the moment with exploiting security flaws in the NSA archives and the ACA databases. There's more money to be made there than from electric bills.
Returners
1 / 5 (1) Jan 01, 2014
As technology becomes more advanced it often becomes easier to disrupt.

How hard is it, really, to pay a meter guy? The existing meters are lower tech, therefore more durable and also most likely easier for the homeowner to keep their own records, if they want, to ensure against a walking meter, or ensure the meter reader hasn't made a mistake.

It makes no sense to try to automate literally everything, because then you are dealing with things like limited channels and limited bandwidth, more hacker access as mentioned in the article, and so on.

If it isn't broken, don't fix it. Maybe you want to make a smart grid at a perhaps town or city block level, but it doesn't seem at all necessary for every home in a state or in the country to have a digital meter with a wireless network connection.

It's absurd.

I can also see th charges on the energy bill:

Plus $10/month for the digital meter
Plus $10/month for security measures.
Plus $250 installation fee.
and still charge to "read" it.
antialias_physorg
not rated yet Jan 01, 2014
There's more money to be made there than from electric bills.

They're not after the electric bills. Wireless smartmeters can be read from afar. Just read out whether someone hasn't used any water/electricity in the past few days and you know they're not home. Then go clean out the house. (With a 30 minute updated profile you can even check at which hours that home is usually empty)

I've got a friend who worked on the software of a smartmeter system for a large energy/water provider. He says basically the same thing as the article above: All his (and others') doubts about the inherent lack of safety and weak encryption were brushed aside as being too costly to implement.
Now these meters are out and the weak standards are in the firmware - an upgrade would be extremely costly (it would be almost cheaper to replace the smartmeter altogether).

This means these security flaws will be here to stay and thieves will have so much fun in the meantime.
daave
not rated yet Jan 02, 2014
So the issue is the security of the wireless networks, but not the...

* Ability to remotely tap into your home and see "...which devices are turned on and how much energy they draw from the grid, and send it to the power company."

* Remotely "...shut down...devices that the meter allows them to directly communicate with."

???

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.