Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Why the power grid is becoming more dangerous as it gets smarter

A whole new world of cyber attack vectors

Article comments

The US is rapidly moving forward on its smart grid initiative. At the Grid Modernisation event earlier this week, Energy Secretary Steven Chu touted how smart meters will provide utility companies with greater information about energy flows in their service areas, and give consumers access to timely data about their own power usage.

"To compete in the global economy, we need a modern electricity grid," said Chu. "An upgraded electricity grid will give consumers choices and promote energy savings, increase energy efficiency and foster the growth of renewable energy resources."

Few doubt the potential benefits. But at what cost to new risks and shenanigans caused by hackers, pranksters, attacks on power distribution by adversarial nation-states or terrorists that wish to unleash havoc on the system?

Essentially, as hundreds of millions of smart meters and devices get connected to the power grid, it introduces entirely new risks to the system. "You are increasing the attack surface with every new device connected to the grid," says Eric Knapp, director of critical infrastructure markets for NitroSecurity.

In the fact sheet, The President's Plan for a 21st Century Electric Grid, the bullet point referencing security was last on the list behind cost savings, innovation and consumer benefits.

A fitting metaphor for when security is often taken into consideration.

To keep the grid secured, the administration says it will provide grid operators with actionable threat information, support research and development for enhanced security, and work closely with the private sector to meet security standards.

There's much work that needs to be done, says one security researcher who has conducted security assessments at a number of utilities. "There is significant potential for problems, but a lot that people can't talk about. Everybody's under gag orders about specific technology and specific utility security issues," he says, asking not to be named. "The vendors who make these devices are used to operating in relative obscurity, and they're not used to the scrutiny. It can get adversarial at times."

Last month, the industry got a taste of that friction between SCADA vendors and security researchers when a security talk was nixed at the last minute, due to the vendor's inability to patch the flaw as quickly as expected.

However, as the grid becomes more automated and "intelligent" the threats will move much more swiftly.

"When you move to instrumenting all of the power distribution, you're now trusting the network protocol to tell you what's going on. So instead of somebody physically coming out and doing a meter read, the utility is trusting the data that comes back over the network. That changes the landscape from theft of service to now interfering with the monitoring and interfering with the collection of data, and can also open us to all types of mischief, including denial-of-service attacks," the researcher says.

That's especially true as the power grid continues to look a lot like traditional corporate networks. Which means it will be, for good or bad, secured much in the same way, including intrusion detection systems and security event monitoring. Earlier this week, NitroSecurity released an enhanced version of its NitroView SIEM that monitors both business and SCADA networks.

A number of the enhancements, the company says, include additional support for the specific devices, protocols and applications in intelligent distribution and metering, and expanded capabilities to collect and analyse the extreme breadth and volume of Smart Grid data.

"Utilities are going to need to continuously be looking for anomalous behavior," says Brad Bauch, energy and utilities and power generation principal at advisory firm PricewaterhouseCoopers LLP. "The smart grid is a vulnerability multiplier, and the attack surface expands exponentially as these devices get deployed," says Knapp. "They're gaining in complexity, and will require much more monitoring across many additional attack points," he says.


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *