This image shows the interior of a smart grid meter tested by Mike Davis of IOActive. Credit: Mike Davis and Technology Review.
The Smart Grid is the intelligent electricity grid: a 2-way-data-communication flow that can provide different kinds of services and utilities and make a best use of distributed energy generation. Comparing the Smart Grid to the one we are used to, we can perceive one big benefit and one big problem, both related to security.
The current grid has few centralized electricity generation systems. So, in order to destroy or significantly damage it, one has to strike out few points in the network: the big electricity generation centres. It may be difficult, for example, due to the security of the airspace of the area to be attacked, because, to make that, it is necessary to destroy physically part of the network, but still it requires targeting just a few targets.
What if it were a massively distributed electricity generation system? At first sight such a system should be more robust.
However, since you have more than one possible electric flow in the grid (remember that, int the smart grid, we have a distributed energy generation system with the big generators and many microproducers), you need a way of choosing a supplier. This requires introducing a communication channel and, therefore, a new problem: when the electricity grid becomes an electricity system with a 2-way-data-communication flow, it faces the some kind of security issues of the Internet.
Thus, regarding an electric grid, we have, at least, two kinds of vulnerabilities: a physical and a cyber attack. On the one hand, the older grid is easy to damage through a physical attack, because it doesn’t have many distributed information sources. Information, as how much and where do the customers consume energy, is harder to reach, since it is on a private network, not on the Internet. There is an electrical meter at each point of delivery, and to bill one has to go there and read it, or, in the best case, the meter sends to a central office the information.
On the other hand we have the smart grid, that is, an electric grid with 2-way-data-communication flow and intelligent management of a distributed source system. Here, there are lots of energy sources and it can be very difficult to stop all of them. However, we have a lot of public information (as how the energy is consuming) in this kind of grid – and if information and communication are placed together… there’s a potential for a cyber attack! The smart grid is a big network built by so many nodes of smart meters frequently put in vulnerable places and we don’t have secure information on every node’s status, e.g. if it was not attacked and turned into a malicious network node. If we have malicious smart meters in the grid, we don’t have assurance for its information and a lot of problems could arise, like customer data mess, wrong data analysis, suggestions of eletrical consumption behaviour changes of the costumers, etc. That is: a big confusion! Or, perhaps, something even worse, like a black-out.
According to an MIT article, the hurried deployment of smart-grid technology could lead to critical infrastructure and private homes vulnerabilities, and both smart-grid hardware and software lack the necessary safeguards to protect against meddling. The funding from the U.S. government’s 2009 stimulus package is encouraging utilities to install smart-grid network-connected devices to help intelligent monitoring and power usage manage. Customers might, for example, agree to let a utility remotely turn off their air conditioners at times of peak use in exchange for a discount. And the possibility that somebody remotely controls devices means that another one could make the same. Imagine that can be a new kind of terrorist attack!
Then, to minimize probabilities that such problems occur, a recent report from Pike Research forecasts that global investment in smart meter security will be in total $1.6 billion during the period from 2010 to 2015. In other recent article in Pike Research, senior analyst Bob Lockhart explains:
“It would be naïve to think that smart meters will not be successfully attacked. They will be. In fact, smart meters represent a worst-case scenario in terms of security: the devices lack sufficient power to execute strong security software; they are placed in physically non-secure locations; and they are installed in volumes large enough that one or two may not be missed. Therefore, the only valid cyber security approach for smart metering is to assume from the outset that some devices will be successfully attacked and create sufficient resiliency to allow the remainder of the network to survive.”
We can imagine several different kinds of attacks, from simply turning off your air conditioning to complicate ones, such as a big blackout. So, the key question is how the network will be able to react to an attack and what types of attacks we could face. The network has to be prepared to these situations.