Smart meters, not-so-smart security

Smart meters, not-so-smart security

John C. Tanner  |   March 09, 2010
telecomasia.net
Thumbnail: 
With all the recent talk of smart grids of smart meters as a key M2M app for operators that can also help countries combat climate change through more efficient energy usage, it’s worth passing on this piece from Wired’s Threat Level blog that raises a key question: just how secure are IP-based smart grids?
 
Not very, according to a panel at last week’s RSA Security Conference in San Francisco.
 
Matthew Carpenter, a senior security analyst at InGuardian who has done penetration testing on smart-meter systems, said the most common vulnerability is susceptibility to “cross-site request forgery” on control systems, in which an attacker hijack an authentication cookie stored in a web browser used to (in this case) authenticate a user to access a utility control system.
 
Another potential weak spot is the remote shut-off capability in smart meters. And yet another is the aggregation points that receive the data from large groups of meters:
 
“In some circumstances they’re simply going to give you a denial-of-service if you tamper with them because the crypto is done appropriately from the head-end control system down to the meters and the aggregation point really can’t tinker much with it,” Carpenter said. “But in other [cases] there’s a great deal of control that that aggregation point has, and they’re sitting on the top of a [utility] pole — not in a brick building [with] guard dogs and razor wire … and [they have] an ethernet cable.”
 
None of this should be surprising, of course. If it can be connected to a public network, it can potentially be hacked, given enough resources and time.
 
What’s less clear from the article – and something I’d be interested in finding out – is whether these vulnerabilities could lead to a something serious like a major infrastructure shutdown, or something less catastrophic like tricking the power company into underbilling customers.
 
Also, if I’m reading this right, it seems they’re talking about utility companies building out their own smart grids using the public internet for connectivity. If that’s the case, surely there’s an opportunity here for operators to step forward with smart-meter networking solutions with value-added security guarantees at the top of the sales pitch.
Source: 
telecomasia.net
John C. Tanner
Tags
;smart grids   Smart meters   smart security

Similar

Related Articles

Add comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

Recent popular content

Most Read

News Today Title Only

THE DAILY

Frontpage Content by Category

BLOGS

Thai chatbot opens defamation debate

Don Sambandaraksa
Was government right to crack down on smartphone app?

EC data protection rules are like a cat chasing its tail

Tony Poulos
Behemoth struggles to keep pace with rate of Web change
COMMENTARY
FEATURES
WHITE PAPERS
INDUSTRY VIEW
TELECOM CAREER

Frontpage Content by Category with Image

A LIGHTER SIDE

TNZ pilot walks from helicopter crash

Accident at Christmas tree hanging