This article was contributed to OUT-LAW.COM by Joshua Pennell of IOActive.
So what exactly is the Smart Grid? The Smart Grid provides a much-needed update to our electric grid by connecting local power distribution with the national infrastructure, effectively changing the way electricity is delivered.
The Smart Grid’s energy delivery network is best described as a two-way flow of electricity and information that is capable of monitoring everything from power plants to customers’ individual appliances. The Smart Grid leverages the benefits of distributed computing and fault-tolerant communication to deliver real-time information and enable the near-instantaneous balance of supply and demand at the device level.
A critical part of the Smart Grid is the Advanced Metering Infrastructure (AMI), or smart meter network, which acts as both a distribution and endpoint for communication and sensor nodes. Smart meters include a wireless network interface and mesh networking software, which allow utility companies to update the software running the devices automatically and allows them to shut off a customer’s electricity over the network, known in the industry as 'remote disconnect'.
Smart meters are the most common component in the Smart Grid and are designed to give utilities and end-users more control over electricity distribution, generation, and usage, as well as greater savings and more efficient, reliable services. The benefits are undisputed; however, it is critical to examine the security of these smart meter devices, which are appearing rapidly on homes across the globe.
In 2008, IOActive researchers evaluated the security of a series of smart meter devices and uncovered several security vulnerabilities. In addition to being vulnerable to common attack vectors, IOActive achieved proof-of-concept, 'worm-able' code execution on standard smart meters. Since the smart meter’s radio communication chipset is publicly sourced and the communication protocols lacked authentication and authorization, IOActive researchers were able to leverage these weaknesses – among others – to produce a proof-of-concept worm. If an attacker were to install a malicious program on one meter, the internal firmware could be made to issue commands that would flash adjacent meters until all devices within an area were infected with the malicious firmware.
Theoretically, once the worm spreads to meters, the attacker gains several abilities including connecting and disconnecting customers at predetermined times; changing metering data and calibration constants; changing the meter's communication frequency; and rendering the meter non-functional.
While IOActive’s findings are serious and warrant immediate attention, it is certainly not too late to secure the Smart Grid. So, how is that done, exactly? Just like remediating any serious security vulnerability, securing the Smart Grid is a joint effort that requires the support of utility companies, smart meter vendors, the government, and leading privacy and security experts.
Utility companies are in a powerful position to secure the Smart Grid because they can apply pressure to meter vendors so that they produce more secure devices. By continuing to conduct security reviews that test the meters' security, quality, and reliability for the entire duration of the product lifecycle, utilities can ensure that meter vendors continually improve their security protocols.
To help meter vendors develop more secure products, IOActive advocates the adoption of leading security methodologies including Microsoft’s Secure Development Lifecycle (SDL). Taking a proactive stance, the SDL implements security and privacy measures during each stage of a product's development, requires third-party auditing, and conducts a final review before software is released. The SDL also makes business sense, as it is a proven tool to save money – studies indicate that overall project costs are 60 times higher when gaps in information security controls are addressed late in the development phase.
Following an SDL will help meter vendors resolve many of the design flaws discovered in their devices including the lack of layered defences. Multiple layers of defence provide the best security, using the theory that if one mechanism fails you have several others to prevent a breach. It is especially important for smart meters to have a layered defence because they are installed on the outside of homes with minimal physical protection. Without a layered defence in place, someone with a basic understanding of electronics could easily steal a meter, reverse engineer it, and potentially uncover exploitable vulnerabilities.
Contributing to the lack of layered defences, IOActive discovered that strong encryption, authentication, and authorisations were often poorly implemented in smart meter devices. IOActive found that many devices do not use encryption or implement any authentication before carrying out sensitive functions like executing software updates and performing disconnect operations. Even when meters had encryption algorithms in place, it was found that functionality was unmanageable, and that the keys were often exposed, extremely weak, and could be recovered through simple hardware hacking techniques.
Just like the invention and implementation of any new technology, the Smart Grid promises many benefits, but it also displays many weaknesses. A lot of work needs to be done to secure this critical infrastructure and it is fortunate that this effort currently is taking place. With the help of the government and security experts, utilities are taking strides to improve the security of the Smart Grid and all of its components. As a result of improving security protocols, both consumers and utilities will thrive from the vast benefits of the Smart Grid, while ensuring the present and future safety of the world’s critical infrastructure.
By Joshua Pennell of IOActive. The company is exhibiting at Infosecurity Europe 2010 on 27th – 29th April at Earl’s Court, London.
