Hacking the Smart Grid

Imagine if the damage caused by Internet viruses and worms — such as downed web sites and snatched credit card info — were unleashed on the critical infrastructure of the power grid. The results could include targeted blackouts, tampering with power generation (nuclear!), or using energy consumption data for malicious intent. While a smart power grid, which leverages information technology to add more intelligence to the electricity network, will give consumers and utilities more control over energy consumption, along with that transformation from analog to digital will come a threat that already plagues the Internet: hacking.

According to a report in The National Journal last year, Chinese hackers may have already used what little infotech intelligence there is on the current power grid to cause two major blackouts. So, with a smart grid moving closer to becoming a reality, utilities and federal regulators alike are trying to ready themselves for the potential dangers that it will bring. As representatives from the Federal Energy Regulatory Commission said at a smart grid policy meeting last week, maintaining security is of the highest priority.

Why is a smarter power grid so vulnerable? Joe Fagan, an attorney for Pillsbury Winthrop Shaw Pittman who has spent his career representing the energy industry (including working extensively with FERC), explained that transforming a largely one-way distribution network like the power grid into a two-way system delivers that many more points of contact with the network. And if the power grid will be run by networks based on Internet Protocol, well, hackers have already spent years developing the tools needed to take such networks down.

In addition, Ben Schuman, an analyst with Pacific Crest Securities, notes that the smart meters being installed in homes are largely basic, low-cost — around $100 — consumer electronics that a hacker could easily purchase, take apart, and use to learn about the accompanying communication network.

The good news is that there are several steps that can be taken to build security into the smart grid from the ground up, and the stimulus package is allocating some $11 billion for smart grid-related technology. Fagan estimates that utilities would need to spend on the order of millions of dollars each to implement security controls.

Crucial to the maintenance of security will be the establishment of industry standards. At the smart grid policy meeting held last week, FERC Acting Chairman Jon Wellinghoff issued a statement calling for the development of “standards to ensure the reliability and security, both physical and cyber, of the electric system.” While FERC doesn’t itself develop standards, the agency will be asking for input from standards bodies that work on security in the Internet, engineering, and electronics industries. Over the next month and a half, companies and the public can offer their thoughts as to the direction such the standards will take.

The second factor necessary to securing the smart grid will be the use of an open platform. Yeah, we know, that sounds counterintuitive, but as Pacific Crest’s Schuman explains, the most robust security systems out there are largely based on already-established open standards. In order for third-party developers to be able to contribute their best solutions to a smart power grid, it needs to be based on an open platform as well.

Ultimately, the hurdles to securing the smart grid shouldn’t stand in the way of implementing it. The benefits of offering consumers and utilities more control over energy consumption, which can lead to a reduction in energy use and carbon reduction, far outweighs the security concerns.

This article also appeared on BusinessWeek.com.

loading

Comments have been disabled for this post