• 5
  •  
  •  
  •  
  •  
  •  
    5
    Shares
by K.T. Weaver, for Take Back Your Power

Cyber Attack ThreatUtilities and the smart grid industry tout only the hypothetical benefits of smart meters, never seriously discussing the tremendous risks and costs to our society.  On the subject of cyber security, they hardly discuss it at all.  For example, the industry group, so-called “Smart Grid Consumer Collaborative,” addresses the cyber security issue with basic uninformative “happy talk” as follows:

“The performance of security measures are tested and reviewed regularly to guard against unauthorized access to systems.  Moreover, utility companies are working with federal agencies, such as the Department of Homeland Security, the Department of Energy, and the National Institute of Standards and Technology (NIST), to strengthen privacy and security standards to provide even more safeguards for consumer protection.” [1]

The above propaganda type language reveals nothing of the catastrophic risks involved with the deployment of smart meters and smart grid systems.  Although you won’t receive meaningful cyber threat risk-related information from the smart grid industry, it is not hard to find elsewhere.  Just from one reference book [2] written by two cyber security specialists, you discover the following information which primarily addresses the “remote disconnect” feature of electric utility smart meters:

From a Chapter on “Smart Metering:  The First Security Challenge

“What if [smart] meters are told to disconnect by a worm or virus?  Among all the services AMI [Advanced Metering Infrastructure] offers, the disconnect function is the most controversial in information security circles as it is the only one that directly controls the flow of power to the home or business.  While DR [Demand Response] and ALC [Automatic Load Control] involve sending a signal to a meter that could result in switching off an appliance, the consumer is usually able to easily override such action.  However, absent some rewiring, there is no equivalent override for the disconnect switch.  In fact, one of the purposes of the disconnect switch is to ensure that customers who do not pay their bills are denied electricity until they do so.”

The greatest concern is that a successful attack could allow someone to gain control of customers all at once.  In addition to causing widespread blackouts, repeatedly switching the power off and on could create frequency imbalances and surges in the grid that could damage loads and destabilize the entire grid, potentially causing damage to generators, transformers, and other equipment in the path [including the smart meters themselves and major appliances in homes and other buildings].  Such a consequence would be much more severe than a simple power outage, resulting in damage to expensive equipment with replacement times of more than a year in some cases.   Effectively taking temporary control of a meter network could lead to widespread power outages lasting weeks or perhaps longer.”

“When the Internet started, there really were no viruses.  They were being written and they were infecting machines, but there was no real impact.  It was not until people realized that their identities were being stolen, as a result of these viruses, that anti-virus became a must. …  Once worms started taking down e-mail servers and business services, patches became extremely important and now businesses are more vigilant than ever in this regard. …  Today we are still fighting that battle, and at the same time a new battlefield is emerging.”

“Cyber security as related to the utility field is currently a place where ‘information can now be used to control physics,’ as Joe Weiss of Applied Control Solutions puts it.   The manipulation of data can be used to turn off electricity or to steal energyThere will be multiple impacts that can be realized as a result of cyber security risks and smart metering.  But the paradigm change is that the hackers can actually harm human life.”

The reference to a “paradigm change” above simply means that the effects of a cyber attack are no longer limited to information technology assets which may include customer retail account or bank record systems.  Cyber hackers can now attack “smart” Industrial Control Systems (ICSs) of our critical infrastructure, which includes smart meters for those who have them.

Cyber Attacks AheadWhen our critical infrastructure is literally “taken out” for days, weeks, or even months, bad things are going to happen, thus the reference to “harm human life.”  Initially, and for short widespread outages, the vulnerable members of our population would be most affected who need life-sustaining medical equipment.  Also, what if a power blackout is caused during a period of extreme cold or hot weather when people’s heating or cooling systems would not operate?  As the duration of a power blackout is extended, depending on the amount of damage caused during the cyber attack, societal breakdown will eventually occur with associated looting, havoc, and disorder typical of when people believe (rightly or wrongly) that their very survival is at stake.

It is also important to be aware of the warnings and recommendations from the U.S. Government Accountability Office in its report entitled, “Electricity Grid Modernization.” [3]

“Utilities are focusing on regulatory compliance instead of comprehensive security. … Consequently, without a comprehensive approach to security, utilities leave themselves open to unnecessary risk. …  There is a lack of security features being built into smart grid systems. …  For example, our experts told us that certain currently available smart meters have not been designed with a strong security architecture and lack important security features, including event logging and forensics capabilities which are needed to detect and analyze attacks.”

“Without securely designed smart grid systems, utilities will be at risk of not having the capacity to detect and analyze attacks, which increases the risk that attacks will succeed and utilities will be unable to prevent them from recurring.”

Until consumers are more informed about the benefits, costs, and risks of smart grid systems, utilities may not invest in, or get approval for, comprehensive security for smart grid systems, which may increase the risk of attacks succeeding.”

Hopefully it is clear from this article that our society is being placed at great risk by the smart grid industry in deploying unsafe and insecure systems and not properly informing consumers about the associated risks, in conflict with the GAO report recommendations.  Without greater public awareness, the necessary consumer and political pressures may never force the utilities to “do the right thing” in time to protect us all from disaster.

As stated by an expert respondent highlighted in a recent Pew Research Center report [4]:

“The ‘smart grid’ is the most substantial danger.  Cyber attacks that target a ‘smart grid’ will result in loss of power to large numbers of places simultaneously, causing infrastructure damages.  … No single instance will be ‘widespread harm,’ but all of these together will add up to that in only a short period of time.  Unless there is some unforeseen major new technological development …, the only way to prevent this will be to refrain from adopting ‘smart grid’ technologies.”

Citations

[1] Smart Grid Consumer Collaborative (SGCC) “Data Privacy and Smart Meters,” page 2.

[2] Smart Grid Security: An End-to-End View of Security in the New Electrical Grid, by Gilbert N. Sorebo (Author), Michael C. Echols (Author), Michael Assante (Foreword); Publisher: CRC Press; 1 edition (December 5, 2011).  Book available from amazon.com at
http://www.amazon.com/dp/1439855870/ref=wl_it_dp_o_pC_S_ttl?_encoding=UTF8&colid=JQVO0DK288NY&coliid=I3HT55J613FATM.

[3] U.S. Government Accountability Office, GAO Report #GAO-11-117, “Electricity Grid Modernization.”

[4] Pew Research Center, October 2014, “Cyber Attacks Likely to Increase”; Expert Opinion of Andrew Chen, Associate Professor Computer Science at Minnesota State University-Moorhead; report available at: http://www.pewInternet.org/2014/10/29/cyber-attacks-likely-to-increase/.
In this report, “widespread harm” was defined as “significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars.”

Take Back Your Power bolt - 100

About the Author

K.T. Weaver is a health physicist who was employed in the nuclear division of a leading electric utility for over 25 years.  He served in various positions, including Station Health Physicist, Senior Health Physicist, corporate Health Physics Supervisor, and corporate Senior Technical Expert for Radiobiological Effects.  K.T. has earned a B.S. in Engineering Physics and an M.S. in Nuclear Engineering with a specialty in radiation protection.  He also operates the “SkyVision Solutions” website at www.skyvisionsolutions.org.

 

K. T. Weaver

View all posts

7 comments

Your email address will not be published. Required fields are marked *

  • And we all know that the so-called “Smart” Meters will need upgrading. Who will pay for that? WE WILL! The older “smarter” analog/digital meters last at least twice as long. So, will the need for cyber security make the changing of the meters all the more urgent in the NEAR FUTURE?

    Greg Shea (Lake Cowichan, BC)

    • We will be moving to the Island shortly and I have been trying to follow this smart meter crap. Is there anything in any agreement that prevents a homeowner or building owner from charging the power company for the use of the building for meter installation? I think $10 / day would be fair for the use of my wall to support “my” meter. With all the fires in Canada, Europe and the USA, I would like to see the meters located more than 50 ft from my home and with a manual switch under my control in case their meter catches fire. Failing that I would insist that the meter be housed in a fireproof installation not attached to my home. If my house catches fire so will the CEO’s. Guaranteed.

      • Wow, I am not sure about the cost of having your meter away from the house, but I really appreciate your “enthusiasm”.

        I recently received yet another “anonymous” phone call (from BC Hydro) reminding me to pay my bill in full in the next 24 h or be disconnected. This has been going on since the Fall! The only amount I refuse to pay is the so-called “meter legacy charge”. The current hydro rates already include the cost of my meter (digital, not “smart”), its installation and its manual reading, so why should I pay?

        I will, however, be standing in front of Mr. Bennett’s home in the Kootenays with my signs should my power actually be “cut”.

        • Thanks for the quick response gadro. I really don’t give a damn about the cost of having the “smart meter” installed away from my house. I don’t care what it costs the power company, I simply don’t want a known fire hazard and ignition source within 50 feet of my home. I don’t pay for the installation on my house and I won’t pay for it away either. We don’t have to refuse the meters, but we can refuse the installation of a know fire and health hazard.

  • The meters are killing and maiming people. All these corporate executives need to be arrested and tried for manslaughter, fraud, racketeering, arson, extortion, and murder.
    The “judges” and courts are all for sale to the highest bidder. It’s obvious. All arrests and prosecutions need to come from the citizen public. To hell with the courts.
    The grid needs to be broken up into small community owned systems, and ALL DIGITAL TECHNOLOGY needs to be banned forever. You’re being snuffed. Grow up.

  • I am Mina Nadery student Master
    and I need some information about financial cost damage after attacks in smart meter system
    I am searching about formulation cost damage in smart meter and attacks
    Please can send me some pdf about that.