Just this week our electric company installed a new ‘Smart Meter’ at our home. For those who are unfamiliar with the Smart Grid technology, the system is essentially designed to allow electric companies two-way communication with the meter, expanding the range of services and control that was offerred with the ‘dumb’ technologies of the 20th century:
Smart grids use digital meters and control mechanisms that allow utility companies to better control the flow of electricity remotely and promise to save energy and reduce utility costs. Smart meters installed in homes and businesses allow utility companies to remotely communicate with the devices to read usage levels and control the delivery of services.
Our initial reaction was one of surprise, as we had no idea that the electric company was installing the new technology until we happened to walk by the side of the house and noticed it. Our surprise was quickly followed by concern for a variety of reasons. For one, smart meters are known to emit high levels of radiation, despite what major power companies have stated about their safety.
“The reality is that ‘smart’ meters emit radiation of a power and frequency that has been linked with DNA disruption, pathological leakage of the blood-brain barrier (which can lead to neuron death), and many other health impacts.
Joshua Hart, Director of Stop Smart Meters
And while the serious health impacts of smart meter technology have yet to be studied in any extensive capacity, an equally alarming threat is the security issues faced by the new systems, which for all intents and purposes are now plugged in to the internet.
We’ve previously pointed out that there are Staggering Security Holes In Our Power, Water, and Oil Grid – all of which are critical infrastructure systems. By opening these systems up to direct two-way communication, we also open ourselves up to massive cyber attacks that could literally cripple our way of life.
Before you dismiss the threat these new systems pose as hype, consider that high level security systems like those of the Pentagon and other intelligence organizations are constantly under cyber attack from foreign nations and rogue elements. It has been admitted time and again that tens of thousands of pages of top secret information has already been compromised from government institutions that deal specifically with computer related intelligence gathering. These same institutions spend billions of dollars on network security and can’t prevent these attacks.
That being said, how susceptible is the new smart grid to such attacks?
Utilities such as water supplies and the power grid face a rising number of cyber break-ins by attackers using sophisticated attacks.
Acting DHS Deputy Undersecretary Greg Schaffer said that industries are increasingly vulnerable to hackers and foreign agents due to ‘connected’ equipment…
Earlier this month, security researchers demonstrated that it was even possible to remotely ‘open’ jail cell doors if they were controlled using ‘programmable logic controllers’ – common automated controls.
‘We are connecting equipment that has never been connected before to global networks,’ Schaffer said. Hackers and perhaps foreign governments ‘are knocking on the doors of these systems – there have been intrusions.’
U.S. officials and others long have feared that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.
In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.
Before the test, he said, the notion of cyber warfare ‘was mainly smoke and mirrors. But the Aurora tests showed that, you know what? We have a new kind of weapon.’
We’re not suggesting that such an attack would be easy. Far from it. But we can be certain that foreign governments, especially China and Russia, have an interest in identifying holes in our critical infrastructure. If it were to ever come to it, they wouldn’t even need bombs. Because the majority of these smart technologies are deployed in major population centers, a coordinated cyber attack against the grid wouldn’t take long to take down the entire country – about 15 minutes according to Richard Clark:
In his warning, Mr Clarke paints a doomsday scenario in which the problems start with the collapse of one of Pentagon’s computer networks.
Soon internet service providers are in meltdown. Reports come in of large refinery fires and explosions in Philadelphia and Houston. Chemical plants malfunction, releasing lethal clouds of chlorine.
Air traffic controllers report several mid-air collisions, while subway trains crash in New York, Washington and Los Angeles. More than 150 cities are suddenly blacked out. Tens of thousands of Americans die in an attack comparable to a nuclear bomb in its devastation.
Yet it would take no more than 15 minutes and involve not a single terrorist or soldier setting foot in the United States.
It may sound like a ‘smart’ idea to implement these types of command and control networks around the country, but given the health risks, privacy concerns and gaping security issues, perhaps they’re too smart for their own good.
UPDATE October 7, 2011; 16:20
Shortly after publishing this article we learned that the US Drone Fleet, also an interconnected system operating in essentially the same fashion as Smart Grids and other multi-node networks, was hit by what’s being described as a virus or malware:
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread.
This latest attempt against sensitive military network components further highlights the seriousness of the problem.