Hacker Vulnerability

The “Smart Meters” are an integral part of the new Smart Grid. They use what is called Advanced Metering Infrastructure (AMI) enabling the wireless sending and receiving of data about an individual homes usage. These “Smart Meters” also have the power to be remotely turned on and off, disabling power to your house. There is software built into them which says at what rate you are charged through a 24 hours period. This software can be easily tampered with to change the rate at which you are charged. There is also firmware, that is software which is burned into a chip, similar to what is in your cell phone. This firmware can also be updated changing how your “Smart” meter works.

It is a known fact that the security on AMI is extremely vulnerable. It relies on encryption. The security by design is very weak on wireless networks compared to wired networks. Let us be real simple about this. Can you name one bank in the entire world that uses wireless technology? NO. So why should we allow our homes to be so insecure? Major insurance companies do not trust the AMI technology. According to Eric Halper of McClatch News Service in an April 2014 article:
“The magnitude of the problem is underscored by insurance giant Lloyds of London, whose appraisers have been making visits lately to power companies seeking protection against the risk of cyberattack. Their take-away: Security at about half the companies they visit is too weak for Lloyds to offer a policy.” [1.]

In the same article mentioned above shows the easy vulnerability of AMI to cyberattacks:

“ When Crain, the owner of a small tech firm in Raleigh, N.C., shared the discovery with beleaguered utility security officials, the Homeland Security Department began sending alerts to power grid operators, advising them to upgrade their software.
The alerts haven’t stopped because Crain keeps finding new security holes he can exploit.” [1.]

These AMI systems are complex with many vulnerabilities. The title of an independent Swiss firm Compass’ paper committed to studying hacker vulnerability of AMI says it all:
“ 43 Security Weaknesses in Smart Meters—Swiss Study” [2.]
This paper is rather technical but the main point is contained in this diagram:



Figure 1: Advanced Metering Infrastructure Networks and Components
Several houses talk to one house which is designated as a relay station. This house sends info to the collector, similar to a mini cell phone tower. This is then sent along the Wide Area Network to a firewall and then through a Demilitarized Zone to the Utility company data center. The big vulnerability points are the collector and the individual houses, which are totally accessible by wireless hackers using a lap top.

Here is another quote from a british firm making use of the diagram above. Note the meter relay house.
“For example, smart meters contain a relay that can disconnect a household from the power supply. As explained by Nick Hunn, chief technology officer at WiFore, a U.K.-based wireless technology consultant: ‘This is controlled by the utility from a computer keyboard. Since the same code goes into all meters, it would take just one small piece of code inserted by a rogue programmer to disconnect the power from millions of meters and disable the remote connection to the utility.’ [3.]
The U.S. federal government is very aware of the vulnerabilities of AMI technology. No standards for encryption or cyberattack protection have been established:

“U.S. Inspector General Gregory H. Friedman found “shortcomings” in the cybersecurity plans of more than a third of the utility companies that got federal funding for “smart grid” projects — from incomplete strategies to prevent an attack to vague steps for stopping one if it started.” [4.]

Final conclusion:

We want our homes to be as secure as our bank accounts. Until this happens, we can not allow ourselves to be open to this new vulnerability.
1. Evan Halper, McClatchy News Service / April 16, 2014

2. 43 Security Weaknesses in Smart Meters—Swiss Study–Essential URL
Compass Security Smart Meter Controls White Paper from October 4, 2014

3. K. T. Weaver is a health physicist who was employed in the nuclear division of a leading electric utility for over 25 years..
Take Back Your Power News – July 8, 2014

4. Feb. 7, 2012 Washington Post by Lisa Rein
Power Grid Updates Left System Vulnerable to Cyberattacks