Security experts suggest slowing down deployment until the risks are thoroughly evaluated

Mar 23, 2009 10:10 GMT  ·  By

According to CNN, security professionals claim that a smart power grid is a technological concept that raises significant problems. They stress that parts of the grid could be hijacked and serious blackouts could be triggered, if the security aspect is not carefully analyzed.

The delivery of electricity using digital technology in order to improve efficiency, save energy and cut down costs is something that many governments are thinking of adopting. A recent U.S. Congress bill has allocated $4.5 billion in stimulus for the development and implementation of such a "smart grid."

Smart grids make use of automated meters and advanced sensors in order to increase power distribution efficiency and reliability. The first deployment stage has already been started in the U.S., and the utility companies are installing millions of smart meters in houses across the nation.

However, security researchers warn that things are moving too fast and not all implications are being considered. "I think we are putting the cart before the horse here to get this stuff rolled out very fast," Ed Skoudis, co-founder of network security company InGuardians, commented for CNN.

His opinion is backed up by security experts from IOActive, an information-security consultancy firm, whose management board includes Dam Kaminsky, the researcher who has discovered the famous DNS cache poisoning vulnerability. According to the company, someone with a background in electronics and $500-worth of equipment could hack into some of the currently deployed meters.

From there, they could move up to compromise the entire meter infrastructure and control how energy is delivered to entire areas. Shutting down automated meters and messing with the load balance by increasing or decreasing the power flow is also possible. These actions can result in blackouts and it is very possible that such a localized incident would cause a cascade of disruptions in the grid, in such a network.

The main problem seems to be the lack of a unified standard that would tackle the issues of security and compatibility, which is another potential problem. Experts fear that government money could be wasted if certain types of meters later proved vulnerable or incompatible, and needed to be replaced.

Industry professionals do not express the same worries and give assurances that security is a serious aspect that is being considered. "I don't think the sky is falling," William Sanders, principal investigator for the National Science Foundation Cyber Trust Center on Trustworthy Cyber Infrastructure for the Power Grid, said. "I don't think we should stop deployment until we have it all worked out. But we have to be vigilant and address security issues in the Smart Grid early on," he concluded.

Matt Spaur, senior product marketing analyst at Itron, an automated meter manufacturer, noted that the company's products were designed to make hacking unrewarding and very easy to trace. However, he did agree that, in theory, any network was vulnerable, the "smart grid" making no exception to that.