Smart Meters are a ‘time bomb’ for utilities — insurance and security experts cited on industry website

Smart Grid News is no longer the cheerful cheerleader of Smart Grid technologies. Below are three recent examples from its website, with excerpts.

Each of these articles has startling and important admissions. Increasingly, members of the industry are coming to see what many of us have been saying all along – these meters are dangerous, and they have serious problems.

The cracks are definitely showing in the gleaming façade of Smart Meter hype.

Smart meters are a “time bomb” for utilities, warns insurance expert. July 23, 2014

As an industry, we’ve done a lot of thinking about the smart meter cost/benefit equation. But I wonder if we’ve adequately considered what would happen if smart meters made insurance rates go up? Two recent articles in the Insurance Journal suggest that the insurance industry is waking up to this new concern. – Jesse Berst

Cyber attacks on infrastructure have become a major worry for utilities, warns a recent article in the Insurance Journal. Traditionally, energy utilities have kept the grid safe by keeping it separate from the open Internet. But that is rapidly changing as smart meters connect customers to their utilities through the web.

Energy Firms Unprotected for Major Cyber Events” warns another article from the same publication. It quotes reinsurance broker Willis, likening the threat to a “time bomb” that could cost the industry billions of dollars.

“A major energy catastrophe – on the same scale as … Exxon Valdez or Deepwater Horizon – could be caused by a cyber attack,” the insurance broker said. But that’s not the worst part. “Cover for such a loss is generally not currently provided by the energy insurance market.”

[Shocking but more shocking still is the thinking that shutting down power to hospitals, emergency personnel, water supplies, nuclear power plants, and homes is less important or catastrophic than financial losses. That’s the difference between industry think and everyday person reality]

How to attack a smart meter (Utilities: better find out before the criminals do), Aug 5, 2014

At their heart, smart meters are simply… computers.

With that in mind, we have to consider the possible threats – what could happen if a smart meter is compromised? Similarly, what are the problems that could result if the connectivity of a smart meter is disrupted? Let us see.

Meter tampering Perhaps the most obvious risk is simple: meter tampering. If a smart meter can be hacked, inaccurate information can be sent back to the utility, allowing an attacker to adjust the reading and resulting in an inflated bill. Let’s say, for example, that you have an argument with your neighbor. In revenge, if he can access your smart meter, you might see a rather large electric bill.

A “please rob me” sign. Let’s say that a vulnerability made it easy for somebody other than the homeowner or the utility to see what the power usage was. (It could be as easy as a poorly-designed API, mobile app, or website.) The smart meter would then essentially become a giant “please rob me” sign for properly equipped thieves.

Extortion. Alternately, if that smart meter can be controlled remotely, you now have an excellent way to carry out extortion. Such a nice house you have there, it’d be shame if anything bad happened to its power…

Hacking the home network. Alternately, the smart meter may use the same Internet connection as the home. This represents a potential risk: if somebody was able to hack the smart meter from the outside, then that attacker would have access to the house’s internal network.

Why utilities need to worry about the 10 most vulnerable consumer devices, Aug 12, 2014

[Quora Security Engineer Sai Ramanan] calls [these devices] an “alluring target for threat actors” because of the tons of data stored.

Ramanan thinks they are dangerous primarily because they can be vectors to reach smart meter data. Be sure to review the prevention steps he recommends.

The four risks these devices introduce:
1.     Privacy
2.     Unmanned (unauthorized) devices joining the network
3.     Unpatched devices
4.     Burglary or homicide (by using smart meter data to  know whether the premises are occupied)

Ramanan says hackers are most likely to target devices that can lead them to extremely critical data… and he puts utility SCADA systems and smart grids at the top of the list.

These are very big problems.

The biggest fools are the ones that can’t admit they made a mistake.

This entry was posted in Uncategorized. Bookmark the permalink.