Photo via: d70focus
Lately, we just keep hearing more and more bad news about technology falling hopelessly under attack by dastardly bad-doers, otherwise known as cyber-hackers. With so much bad news finding its way into headlines, it makes some experts wonder just how safe a Smart Grid can ever be...
The World is Becoming a Hackers Paradise
For instance, Just this past week Canadian researchers reported on a vast Chinese electronic spy operation, dubbed "GhostNet". The operation was believed to have infiltrated a slew of government and business computers across the world, stealing documents and anything else they could get their grubby keyboard imprinted mitts on. In addition, it is believed the attackers were also able to monitor the owner of the infected computer through control of their webcam, etc.
Most recently for this April Fools Day (April 1st), reports of another scare have surfaced involving a cyber-Trojan, called the Conficker Worm. It is/was expected to either become one of the more dastardly criminal plots we've seen in awhile, or one of the more elaborate April Fools gags. The worm is believed to cause the infected computer to randomly connect to thousands of URLs, possibly stealing passwords, documents, bank information, etc. Thankfully, those with Apple systems or healthy, updated Microsoft systems are believed to be protected.
Scares like these are nothing new and they will continue to happen, we accept that. What is of greater concern, is the warnings being tossed around by security experts that say what can be accomplished through our personal computers can also effect much larger enterprise networks, such as a Smart Grid. Only a year ago it was reported by the CIA that a group of hackers had invaded the networks of several worldwide power authorities, creating mass power outages, and threatening extortion demands.
The Vulnerability of the Smart Grid
The security firm, IOActive, warns governments that the Smart Grid will be just as vulnerable to random attacks as any other computer in operation today. All that will be needed to successfully stage an attack will be knowledge, skill, a pair of brass cojones/ovaries, and about $500 worth of equipment and materials:
These vulnerabilities could result in attacks to the Smart Grid platform, causing utilities to lose momentary system control of their Advanced Metering Infrastructure (AMI) Smart Meter devices to unauthorized third parties. This would expose utility companies to possible fraud, extortion attempts, lawsuits or widespread system interruption. If security is not addressed in the design and implementation of these emerging technologies, it may prove cost prohibitive to address them once the devices are fully deployed. (IOActive Verifies Critical Flaws in Next Generation Energy Infrastructure)
IOActive President and CEO, Joshua Pennell, continued this statement by offering some feedback on what he felt was needed to secure the Smart Grid from the possibility of future attacks:
Based on our research and the ability to easily introduce serious threats, IOActive believes that the relative security immaturity of the Smart Grid and AMI markets warrants the adoption of proven industry best practices including the requirement of independent third-party security assessments of all Smart Grid technologies that are being proposed for deployment in the Nation's critical infrastructure. We are also recommending that the Smart Grid industry follow a proven formal Security Development Lifecycle, as exemplified by Microsoft's Trustworthy Computing initiative of 2001, to guide and govern the future development of Smart Grid technologies.
So while many parts of the country are in a big hurry to be the first on their block to set up their very own Smart Grid. The experts are warning them to slow down and make sure they have all their ducks in a row first. In other words, that each one of those ducks is strapped down with tungsten clamps, wrapped in barbed wire, and armed with C4 triggered booby traps (so to speak)!
What about you, Treehuggers. Do you have any concerns about the Smart Grid being set up in your own local area?