Ask HN: Can a smart meter be made to lie to the Grid?
Maybe some among here might be working in the Smart Grid ecosystem and could help answer this question:
As Smart Meters become ubiquitous, for the sake of argument Can someone maliciously (using whatever exploits applicable at the moment) gain control of a number of smart meters, and would it then be possible to make those smart meters lie about their power usage to the utility grids? Then, they could create a botnet of these compromised smart meters and in turn convince the grid to pump more power to them and in the process, trigger rolling blackouts at other locations? A Denial of Service of sorts.. Is that possible?
Maybe someone here can tell me it is, but improbable, or its not and will never happen.
13 comments
[ 2.8 ms ] story [ 40.7 ms ] threadWill the big, slow utility do this? Eventually.
http://rdist.root.org/2010/01/11/smart-meter-crypto-flaw-wor...
That said, I'm sure we'll here of some amazing hacks that we didn't imagine ahead of time. :)
EDIT: Ok, didn't think of this when I originally replied. Meters are being issued with a "Remote Disconnect" feature so utilities can disconnect non-paying customers. Seems like that will be hackable.
But yeah, the fast cycling would probably break something.
[1]: http://www.fpl.com/residential/energy_saving/programs/oncall...
I guess one could play havoc with that, make the utility think all the load guards are operating when they're not, or vice versa. Don't think it would be enough to whipsaw the grid into chaos unless everyone has it. Right now adoption is pretty low.
Link to a video: http://www.youtube.com/watch?v=nj64jVIvKQU
From the seminar abstract:
The smart grid will use automated meters, two-way digital communications technology, and advanced sensors to save energy, improve electricity efficiency and reliability. Use of these systems exposes the electrical grid to potential cyber security and privacy risks. For instance, there have been media reports of fears that a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously; or a hacker might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout.
As far as device control goes most of them only turn on and off simple switches. The only area that is of concern is running people's furnaces or air conditioning too much. Lots of vendors are moving away from directly controlling the temperature and just focusing on controlling energy usage.
Note that in certain deployments you might have meters operating as sensors (SCADA type setup), then some sort of central station running logic. So you of course can consider that an architecture for a hacker to exploit.
For a brief note, this describes what happens: http://www.smartgridnews.com/artman/publish/commentary/Why_Y...
You can find some information in relation to this here: http://blog.iec61850.com/ which is run by http://nettedautomation.com/.
Cybersecurity in the power industry is a rising wave. It's been growing, but Stuxnet really drew many eyes onto SCADA / power systems in the industry.