Nice Work if You Can Get It: Security Retrofit for 800 Million Smart Meters?
CNET News has published a comprehensive report on the state of smart grid security. In it, they detail the growing concerns among security experts that smart meter technology is being rapidly expanded around the world without the built-in security considerations necessary to protect the utility infrastructure -- and the people connected to it -- from serious cyber-crime.
According to the CNET report, the vulnerabilities in today's smart meters could allow for a number of malicious attacks, including the theft of private consumer data, the disruption of power to specific buildings, and even the targeted outage of entire utility grids. Many experts quoted in the article believe that US smart meter manufacturers and utility companies are treating security as an afterthought in order to quickly take advantage of Federal stimulus money.
There are about 250 active smart-metering projects worldwide, with about 49 million meters already installed and 800 million planned for installation.... Projects in the U.S. are being accelerated because of the $3.4 billion in stimulus funds set aside for smart-grid technologies. About 60 million smart meters will be deployed in the U.S. this year, covering about half of households.... Security appears to be a casualty of this haste....
"Since there is no federal mandate as to how much security to have in the meters, there aren't the right motivation factors for security to be a major factor...It's an afterthought."
According to one expert, "Prominently missing are signed and encrypted firmware, secure (smart card) chips for key storage, unique cryptographic keys, and physical tamper protection."
We've previously discussed the growing concern surrounding the security weaknesses in today's smart grid technology. In addition, we recently reported on the 60 Minutes investigation into the malicious hacks that have already hit the nation's critical infrastructures.