"Hacking" a smart meter or an entire grid requires no physical access -- just access to the same Internet connections used to manage the network. Reprinted with permission of MuniWireless.

With all due respect to the power companies, why should they even know how to spell IP? Their history in communications was to build stand-alone power facilities and substations connected with point-to-point microwave communication links (many times upgraded to their own dark fiber point-to-points). With this kind of money and private network capabilities, why would you ever worry about security? You lived on you own island with your own power and communications grid and everything was just fine.

Then came the smart grid. By definition, the smart grid requires a two-way digital technology to control appliances at consumers' homes to save energy, reduce cost and increase reliability and transparency. A big change for power companies and admittedly a whole new learning curve with many power companies like PG&E setting up their own test labs to begin learning this. (See Inside PGE's Smart Grid Lab -- Chris Knudsen, director of the technology innovation center at PG&E, shows what they're tinkering with).

Utility Meter

It didn't take long for problems to occur. Again, you need to understand that even smart meters were just dusted off 20-year-old designs that were lying around waiting for someone to push the power companies into the 21st century. These designs were never meant to securely send and store data real time. It wasn't long before serious security issues were found and were reported by respected security firms like InGuardian and IOactive. And we are not talking about someone hacking your PC. When it comes to the power grid, the costs of remote hack attacks are potentially more dramatic. "The cost factor here is what's turned on its head. We lose control of our grid, that's far worse than a botnet taking over my home PC," said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco. So now with little knowledge of the Internet and security the power companies have billions of dollars of grants in hand with one big problem. The grants mandate an iron-clad security platform.

View Full Story
Larry Karisny  | 

Larry Karisny is the director of Project Safety.org, an advisor, consultant, speaker and writer supporting advanced cybersecurity technologies in both the public and private sectors.