The race to build a “smarter” electrical grid could have a dark side. Security experts are starting to show the dangers of equipping homes and businesses with new meters that enable two-way communication with utilities.
There are many benefits to upgrading the nation’s electricity networks, which is why a smart-grid movement was already revving up before the recent economic recovery package included $4.5 billion for the technology. Smarter grids could help conserve energy by giving utilities more control over and insight into how power flows.
But presentations at the Black Hat and DefCon security conferences here this week highlighted potential problems with moving too fast.
The risks are similar to what happens when computers are linked over the Internet. By exploiting weaknesses in the way computers talk to each other, hackers can seize control of innocent people’s machines.
In the case of the power grid, better communication between utilities and the meters at individual homes and businesses raises the possibility that someone could control the power supply for a single building, an entire neighborhood, or worse.
In one of the talks here, Mike Davis, a senior security consultant with Seattle-based IOActive Inc., demonstrated how a computer worm could hop between the meters at homes and businesses in a smart grid network. The worm could give miscreants remote control of the meters, which would let them take advantage of a utility’s ability to, for example, disconnect someone’s power for not paying his bill.
The key vulnerability was found in devices made by only one manufacturer, a company that Davis did not name. But he said the worm could have spread to other manufacturers’ products that used the same communications technologies and can be used to remotely disconnect people’s power.