Author Topic: Smart-grid hackers could cause blackouts  (Read 802 times)

Offline mccoffee

  • Administrator Nut
  • Certifiable Nut
  • *****
  • Posts: 3938
Smart-grid hackers could cause blackouts
« on: March 23, 2009, 07:58:45 am »
Report: Smart-grid hackers could cause blackouts
by ZoŽ Slocum Font sizePrintE-mailShare11 comments .Deployments of smart grids should be slowed until security vulnerabilities are addressed, according to some cybersecurity experts, citing tests showing that a hacker can cause a major blackout after breaking into a smart-grid system.

 The idea behind smart grids, a burgeoning energy sector in which even Google is playing a role, is that automated meters and two-way power consumption data can be used to improve the efficiency and reliability of an electrical system's power distribution. A washing machine in a household hooked up to a smart meter, for instance, could be set up to run only at lower-cost, off-peak hours, and a home sporting solar panels could give power back to the grid.

Through the U.S. economic-stimulus package, the Department of Energy is set to invest $4.5 billion in smart-grid technology. And while many utilities are embracing the initiative by installing smart meters in millions of homes nationwide, security experts and others caution that the technology may not be ready for prime time. According to a CNN report published Friday evening:

Cybersecurity experts said some types of meters can be hacked, as can other points in the smart grid's communications systems. IOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials, and a background in electronics and software engineering, could "take command and control of the (advanced meter infrastructure), allowing for the en masse manipulation of service to homes and businesses."

Experts said that once in the system, a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously. A hacker also might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.

"Industry is working to make meters more secure. They have done a good job," said Joe Weiss, an expert on utility control systems.

Still, experts like Skoudis recommended that smart-grid deployment be slowed until security vulnerabilities are addressed. Otherwise, he said, smart-grid equipment deployed now may have to be replaced later.

"Before we go rushing headstrong into a Smart Grid concept, we have to make sure that we take care of business, in this case cybersecurity," he said.

Industry regulators and industry executives earlier this month echoed concerns to Congress about rapid smart-grid deployments, cautioning that a lack of industry standards for security, reliability, data sharing, and privacy could result in government money wasted on proprietary smart-grid technologies that are not interoperable with each other and that are destined to soon become obsolete.

"I don't think the sky is falling," William Sanders, principal investigator for the National Science Foundation Cyber Trust Center on Trustworthy Cyber Infrastructure for the Power Grid, told CNN. "I don't think we should stop deployment until we have it all worked out. But we have to be vigilant and address security issues in the smart grid early on."

. ZoŽ Slocum is copy chief of CNET News. She joined CNET in 2003, after two years at a travel start-up. Although she started in San Francisco, she now is based in the Boston bureau. E-mail ZoŽ. .
Topics:Vulnerabilities & attacks.Tags:IOActive,smart grids,security,standards,stimulus.Share:DiggDel.icio.usRedditYahoo! Buzz..
Recent posts from Security
HP offers free security tool for Flash developers
Report: Rogue antivirus software pays off for scammers
Report: Smart-grid hackers could cause blackouts
Mobile: The holy grail at security conference
Sniffing keystrokes via laser and keyboard power
Safari hole exploited in seconds at security conference
People are still the biggest security vulnerability
U.K. to monitor, store all social-network traffic?Related
In search of the Google of clean tech
GE wants you...if you live in Maui
Google crashes smart grid party
From around the web
IOActive Verifies Critical Flaws in Next... AOL News
Securing the Smart Power Grid from Hackers
More related postspowered by SphereAdd a Comment (Log in or register) 11 comments by H4MM3R March 21, 2009 2:38 PM PDT
7 years ago the PBS program Frontline covered this same story. Frontline: Cyber War!
Reply to this comment .by bob1xxxx March 21, 2009 3:46 PM PDT
This is old old old news and it wasnt cyber hackers that did this most effectively it was energy traders,remember the California blackouts caused by manipulating energy trades , remember ENRON? hmmmm, gods what next stories that the earth really isn't flat. Wow please blog something really news worthy or not at all, stories like this just makes Cnet looks dumber and dumber by the minute and the sale to cbs has only accelerated the process.
Reply to this comment .by Lerianis3 March 22, 2009 3:15 AM PDT
Yeah, it's more likely that blackouts will be caused by shenanigans on the market than by anything else, including someone hacking into power H4MM3R March 21, 2009 6:21 PM PDT
The Pros and Cons of the smart meter

Better security
Stronger Grid
More flexibility
Knowledge of usage
Remote control of usage

Allowing Utilities to have a surcharge to pay for the smart grid
decoupling= Higher cost per KWh.
Carbon tax
Green tax
Reply to this comment .by robertmacewan March 21, 2009 8:02 PM PDT
jesus not this freaking ghost chase again
Reply to this comment .by rafaluis March 21, 2009 9:44 PM PDT
this story is no doubt paid for by a consortium of utility companies and fossil fuel producers - its a joke - digital technology is good enough for telecommunications and even our banks but not the grid ... oh golly gee it probably gets especially vulnerable to mayhem if you connect the system to a wind farm
Reply to this comment .by Lerianis3 March 22, 2009 3:18 AM PDT
WEll, there are some people who have said that telecommunications equipment at the banks is insecure as well: look at all the **** that happened when people hacked into the banks on numerous occasions.
This kind of stuff needs to be bulletproof, with multiple layers of redundancy built into the system and multiple firewalls to get past if it is going to be used on the electric akiba_freak March 21, 2009 11:09 PM PDT
The original post came from Travis Goodspeed's blog on a side channel attack for 802.15.4. He has talked about vulnerabilities in wireless sensor networks. I've written up an a post that responds to this at .

FreakLabs Open Source Zigbee Project
Reply to this comment .by March 22, 2009 9:29 AM PDT
It may be a rehash of an old story, but we need not forget the 2003 blackout caused by the Microsoft worm. rafaluis: "Good enough" for banking, airlines, etc. is not a good comparison when without power nothing else matters.
Reply to this comment .by quackledork March 22, 2009 11:39 AM PDT
More FUD from IOActive. Whenever I see this company quoted for security, I know its going to be BS. I saw their wonderkid Kaminsky speak at SecureWorld a few months back. His presentation was insulting. Its no wonder IOActive wants us all to believe there is a big problem here - they are in a position to make big money from helping fix the problem. I am so sick and tire of 'consultants' like this. When it came time for a security audit at our firm, I made darn sure IOActive was NOT on our short list of vendors. I have no interest in their brand of FUD.
Reply to this comment .by TheGeekReview March 22, 2009 7:38 PM PDT
Yea and the Y2k bug will create havoc.

FUD you got to love it.
Reply to this comment .Add a comment
Log in or create an account to post a comment.
.Comment  SUBMIT      .
Click here to add another comment.
Popular discussions on CNET:
Report: Ballmer dishes on Apple

March 20, 2009 9:30 AM PDT

(269 recent comments)

Google designer leaves, blaming data-centrism

March 20, 2009 11:07 AM PDT

(68 recent comments)

Browser war centers on once-obscure JavaScript

March 20, 2009 4:00 AM PDT

(56 recent comments)

Report: Apple leaks 17-inch iMac for $899?

March 21, 2009 6:12 AM PDT

(55 recent comments)

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

Comment reply

      Submit Cancel
The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Report offensive content:
If you believe this comment is offensive or violates the CNET's Site Terms of Use, you can report it below (this will not automatically remove the comment). Once reported, our staff will be notified and the comment will be reviewed.

Select type of offense:

 Offensive: Sexually explicit or offensive language

 Spam: Advertisements or commercial links

 Disruptive posting: Flaming or offending other users

 Illegal activities: Promote cracked software, or other illegal content

Comments (optional):

      Report Cancel
E-mail this comment to a friend.
E-mail this to: (Separate multiple e-mail addresses with commas. Limited to 10 addresses.)

Your e-mail address:

 Send me a copy of this message
Note: Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipients's address will be used for any other purpose.