What if the Smart Grid has Stupid Security?

As I write this piece, the economic future of the Gulf coast region is dangling on a fragile thread over a fathomless abyss, as a volcanic eruption of oil threatens unprecedented and almost unimaginable consequences. Whether the cause of this tragedy is revealed to be human error, system failure, corporate malfeasance or terrorist attack, the event itself highlights the profound impact of infrastructure-related disaster.

1 2 Page 2
Page 2 of 2

Just as the Internet can be seen simply as a collection of technologies for the exchange of information, the Smart Grid can be viewed as merely a system for the movement of energy. However, just as the Internet has transformed the way information is produced and consumed, the Smart Grid may transform the way energy is generated, distributed, and used. As envisioned, the Smart Grid will enable realtime, market-based responses to energy supply and demand on a micro-level, down to individual appliances. New telemetry devices will monitor conditions across the grid in real-time, providing sub-second response time to disturbances. The ability to monitor and respond automatically will enable generating units and transmission facilities to operate with much smaller tolerances, improving efficiency.

These changes will increase dramatically the attack surface and will enable new and innovative ways to disrupt the flow of energy. In the past, the security of the grid was based on isolation and obscurity. In the future, the ubiquity of Smart Grid elements will make physical and electronic isolation impossible. Instead of needing to attack a control center or major transmission substation, it may be possible to create grid disturbances via mass compromise of Smart Meters or Smart Grid enabled appliances. The Smart Grid will also introduce new risks related to financial fraud, privacy, and even extortion.

Richard Power is a Distinguished Fellow at Carnegie Mellon CyLab and a frequent contributor to CSO Magazine. He writes, speaks and consults on security, risk and intelligence issues. He has conducted executive briefings and led professional training in forty countries. Power is the author of five books. Prior to joining Carnegie Mellon, Power served as Director of Security Management and Security Intelligence for the Global Security Office (GSO) of Deloitte Touche Tomatsu and Editorial Director of the Computer Security Institute.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Discover what your peers are reading. Sign up for our FREE email newsletters today!