Quick Take: It’s a war out there — literally. Hackers from hostile countries target the U.S. power grid every day. That’s why I wanted to run this adaptation of a recent blog post from Trend Micro, an IT security company. I previously shared their view of the ways to attack a smart meter. This article explains how those attacks could extend to the entire grid.
Trend Micro is an IT company and views smart meters as computers that happen to be attached to the grid. As a result, their list of dangers isn’t complete. But it is a good reminder of the IT vectors that could bring problems to utilities. As before, you can also view a quick video overview. – Jesse Berst
Smart grids pertain to an electric grid with digital information/communication capabilities for recording information on both consumers and suppliers. What differentiates an attack on a smart grid from an attack on a smart meter? Simply put, scale: an attack on a smart grid affects many more users than an attack on an individual meter. The potential for damage is proportionately much more significant.
However, this also means that the attack surface is different. Not only can the smart meters be attacked, but the servers at the utility that controls the smart meters can also serve as an attack vector. However, these servers can also be defended with tools used to defend against targeted attacks.
Extortion. Perhaps the most obvious smart grid attack scenario would be extortion. An attacker would take control of the smart grid in order to disrupt the provided services. The attacker might even choose to “update” the firmware on the devices if they choose to, making the attack more difficult to completely mitigate. Either way, the goal of the attacker would be to cause disruption in the service in order to get money out of the local utility company or government. Alternately, the chaos itself may be the goal, either for political reasons or to distract local law enforcement from other crimes going on at the same time.
Denial of service attack. One slightly more subtle attack against the smart grid would be a denial of service attack. How would the smart grid cope with corrupt data? This data can either be completely corrupt (incorrect format and content), or perhaps the corrupted data could have the correct format, but incorrect or corrupt data. Either way vulnerabilities in servers may also pose a risk to the grid as a whole.
Meter tampering. An attack with less dire consequences would be meter tampering. It is verypossible for smart meters to be tampered with – in fact, it has already happened in Puerto Rico and in Malta. As all the reading is “electronic”, it’s trivially easy to modify the readings of the meters. Modify the reading too much and the discrepancy becomes too obvious, but a small modification might not raise eyebrows much.
We raise these scenarios not because we want to frighten people, but to raise awareness against them. It is possible to defend against these attacks – by designing the systems with security in mind, by ensuring that the appropriate custom defense solutions are in place, etcetera. However, these can only be put in place if people recognize that the threat does exist.
For more information on the security risks and how to secure smart devices, visit Trend Micro’s Internet of Everything hub.
Jesse Berst is the founder and Chief Analyst of SGN and Chairman of the Smart Cities Council, an industry coalition.
