Wireless networks exposed as electricity grid weakest link

December 31, 2013 by Nic White
Wireless networks exposed as electricity grid weakest link
The technology also helps make the grid more efficient and protect it from blackouts as power companies can plan ahead to optimise their use of extra generators and shut down power-hungry devices that the meter allows them to directly communicate with. Credit: Ian Britton

Smarter, more efficient electricity meters aim to revolutionise energy distribution but WA researchers fear hackers could easily exploit numerous security flaws and wreck havoc on power grids.

Smart meters measure a customer's every half hour, including which devices are turned on and how much energy they draw from the grid, and send it to the power company.

Not only does this eliminate the need for human meter readers, it allows energy providers to monitor how the network is functioning, detect faults, and remotely manage connections.

The technology also helps make the grid more efficient and protect it from blackouts as power companies can plan ahead to optimise their use of extra generators and shut down power-hungry devices that the meter allows them to directly communicate with.

However, ECU Security Research Institute director Professor Craig Valli says because the smart grid system relies on inherently insecure wireless networks to transmit information through parts of the system, there are significant vulnerabilities for determined cyber criminals to attack.

"There's a lot of economic benefit to this but the security around it sucks," he says.

"A lot of it is poor implementation, there's an unwillingness to put in a lot of the available controls.

"[Using full security features] is not going to be popular but do you want electricity coming down that cable or do you want a free-for-all for cyber criminals to cause havoc?"

Prof Valli says even with all controls enabled it "would be the difference between stealing a car with broken lock verses a car with a good alarm system".

In an experiment he and a team of ECU researchers were able to intercept communications between devices using eavesdropping software.

Prof Valli says while they were unable to find the key to decrypt it someone with more time and resources could, and that in a few years it would be possible with freely available programs.

Once they had the key, could shut off a building's power to infiltrate it, or cause mayhem by knocking out entire suburbs or potentially cities.

Verve Energy chief engineer Andy Wearmouth says an entire blackout of Perth would take several hours to restore.

However it could take much longer if hackers were able to corrupt meters that would have to be manually reset, he says.

"That would be a really ugly scenario, if someone was able to get in and effectively turn the power supply off to everyone's house," he says.

Explore further: Cybersecurity: Plugging smart grid weaknesses

Related Stories

Cybersecurity: Plugging smart grid weaknesses

June 5, 2013

Power companies are increasingly upgrading to smart grids—national or state-based intelligent computer systems that collect information from consumers and suppliers in order to automatically improve the grid's efficiency ...

Smart Grid Technology: Vulnerable To Hackers

March 23, 2009

(PhysOrg.com) -- Smart Grids are digitally based electricity distribution and transmission systems and test have shown that a hacker can break into the system resulting in a massive blackout.

Florida electric utility completes smartgrid installations

May 5, 2013

(Phys.org) —Florida Power & Lighting has completed its $800 million smart grid upgrade, with installations of 4.5 million smart meters. Smart meters are digital devices that use radio frequencies to communicate with automated ...

Report: 'Smart' meters have security holes

March 26, 2010

(AP) -- Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.

'Smart grid' would save energy, cut costs for US consumers

January 5, 2011

Momentum is building for a new energy "smart grid" that would overhaul the U.S.'s 100-year-old electrical power network. The impact would be huge –– from installation of a new web of electrical transmission lines ...

Improving energy conversion processes

December 3, 2013

(Phys.org) —Renewable energy sources such as wind-powered generators can be more reliable and efficient by better controlling the process of getting electricity onto the power grid, according to a United States patent based ...

Recommended for you

Google, EU dig in for long war

July 20, 2017

Google and the EU are gearing up for a battle that could last years, with the Silicon Valley behemoth facing a relentless challenge to its ambition to expand beyond search results.

Strengthening 3-D printed parts for real-world use

July 20, 2017

From aerospace and defense to digital dentistry and medical devices, 3-D printed parts are used in a variety of industries. Currently, 3-D printed parts are very fragile and only used in the prototyping phase of materials ...

Swimming robot probes Fukushima reactor to find melted fuel

July 19, 2017

An underwater robot entered a badly damaged reactor at Japan's crippled Fukushima nuclear plant Wednesday, capturing images of the harsh impact of its meltdown, including key structures that were torn and knocked out of place.

4 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

tadchem
3 / 5 (1) Dec 31, 2013
The hackers are probably more involved at the moment with exploiting security flaws in the NSA archives and the ACA databases. There's more money to be made there than from electric bills.
Returners
1 / 5 (1) Jan 01, 2014
As technology becomes more advanced it often becomes easier to disrupt.

How hard is it, really, to pay a meter guy? The existing meters are lower tech, therefore more durable and also most likely easier for the homeowner to keep their own records, if they want, to ensure against a walking meter, or ensure the meter reader hasn't made a mistake.

It makes no sense to try to automate literally everything, because then you are dealing with things like limited channels and limited bandwidth, more hacker access as mentioned in the article, and so on.

If it isn't broken, don't fix it. Maybe you want to make a smart grid at a perhaps town or city block level, but it doesn't seem at all necessary for every home in a state or in the country to have a digital meter with a wireless network connection.

It's absurd.

I can also see th charges on the energy bill:

Plus $10/month for the digital meter
Plus $10/month for security measures.
Plus $250 installation fee.
and still charge to "read" it.
antialias_physorg
not rated yet Jan 01, 2014
There's more money to be made there than from electric bills.

They're not after the electric bills. Wireless smartmeters can be read from afar. Just read out whether someone hasn't used any water/electricity in the past few days and you know they're not home. Then go clean out the house. (With a 30 minute updated profile you can even check at which hours that home is usually empty)

I've got a friend who worked on the software of a smartmeter system for a large energy/water provider. He says basically the same thing as the article above: All his (and others') doubts about the inherent lack of safety and weak encryption were brushed aside as being too costly to implement.
Now these meters are out and the weak standards are in the firmware - an upgrade would be extremely costly (it would be almost cheaper to replace the smartmeter altogether).

This means these security flaws will be here to stay and thieves will have so much fun in the meantime.
daave
not rated yet Jan 02, 2014
So the issue is the security of the wireless networks, but not the...

* Ability to remotely tap into your home and see "...which devices are turned on and how much energy they draw from the grid, and send it to the power company."

* Remotely "...shut down...devices that the meter allows them to directly communicate with."

???

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.