How Smart Meters Make Our Power Grid Vulnerable to Cyber Attacks

Earlier this year, Jennifer Stahl was arrested in Naperville, Illinois for refusing to allow utilities workers to install a smart meter on her property. The police were called to her home and the sergeant tried to convince Stahl to allow the worker onto her property, stating that they had authorization to enter.

Doug Kreiger, city manager said: “The city has always had and maintains the right to access our equipment, and today we were simply exercising that right.”

The Naperville Smart Grid Initiative (NSGI) explains that residents can opt in with a smart meter complete with a wireless chip or opt out which means having a smart meter without the chip installed.

In the US water utilities corporations are expected to spend $2 billion in infrastructure upgrades by 2020. This includes $2.4 billion on smart meters.

In Canada, BC Hydro is preparing for a class action lawsuit brought by residents standing against the monitoring devices being attached to their homes.

In one instance, Deborah Stutters refused to have a smart meter installed in her home. She told BC Hydro that she was concerned about her health and privacy. The meter was installed anyway.

When she had a privately hired electrician remove the smart meter, BC Hydro cut off her power.

Stutters is not the first resident to have been treated like this from BC Hydro.

A poll taken in the UK concerning smart meters revealed that out of the participants in the questionnaire:

• 612 believe they will encourage customers to use less electricity
• 347 believe that utilities corporations will retain the data collected from smart meters indefinitely
• 585 do not think the smart meter will require stronger security concerning personal information about customers
• 734 believe that the customer should retain control over data collected by smart meters

Dr. Frank Umbach believes that extortion will hold utilities corporations at the mercy of cyber criminals. This could result in a disruption “or shut down [of] all public and private services, including public finance, town halls, hospitals, public transport and others.”

Umbach explains that: “If networks are to be protected, a broad range of comprehensive management and embedded protection solutions in new security models will need to address the specific challenges of industrial control systems.”

Digital Assurance warned that smart meters open the electrical grid to the vulnerability of a cyber attack via wireless hacking through transmissions carried over Software Defined radio (SDR).

As smart meters are integrated online in the future, the risk becomes even greater. An estimated 53 million smart meters will be added between 2014 and 2019 which would cause massive panic to residents and businesses should a hacker attack “with network-wide access to field devices, control stations, generating stations and transmission facilities.”

Greg Jones, director of Digital Assurance said: “Wireless assaults on critical infrastructure will grow exponentially over the next few years, in line with the rollout of smart grid networks, and SDR provides the hacker with an opportunity to jump onto parts of this network. To date, critical systems have relied upon their relative obscurity to protect them but that will have to change. The only way of protecting a wireless device from an SDR attack at present is to ensure that it has been designed, configured and deployed to resist over-the-air attacks. Very few vendors of such equipment will give this type of assurance so independent testing is currently the only option until the industry applies itself to developing a solution. Understanding exactly what radio systems have been deployed and ensuring adequate risk assessments have been conducted is an essential first step.”

General Keith Alexander, director of the National Security Agency (NSA) said in 2012 that the nameless, faceless hacker group Anonymous would take down the entire US electrical grid. Keith warned that the “determination of hacker groups to expose institutional corruption” should result in ever-increasing security for the US government’s digital infrastructure.

While Anonymous reacted to Keith’s assertions by saying: “Anonymous attracted the attention of the National Security Agency. In private meetings at the White House, NSA director General Keith Alexander warned that in a year or two the group could attack the energy grid and shut off power for millions. Ridiculous! Why should Anonymous shut off power grid? Makes no sense! They just want to make you feel afraid.”

Ironically and simultaneously, Anonymous launched Operation Global Blackout which was a scheme to bring down the entire internet on March 31st of last year. Considering that Anonymous continuously creates chaos on the internet which results in the furtherance of Big Brother controls, Keith’s statements would not be fear-mongering.

The National Academies (NA) report of 2007 that was declassified as Hurricane Sandy victims were left in the dark, warned of widespread power outages, stated that cyber-attacks, unlike natural disasters, probably could not cause lengthy blackouts.

The Department of Homeland Security (DHS) confirmed that hackers posed an increasing risk to electrical utilities because some control systems may be connected to the internet.

The NA report pointed out that “cyber-attacks are unlikely to cause extended outages, but if well-coordinated they could magnify the damage of a physical attack.”

A hacker attack on the power system “could deny large regions of the country access to bulk system power for weeks or even months,” which would generate “turmoil, widespread public fear and an image of helplessness that would play directly into the hands of the terrorists.”