I’ve written here a couple of times previously about the potential security problems associated with the introduction of “smart” electricity meters that can be controlled remotely. According to a blog post by Ross Anderson at the Security Research group at the Computer Laboratory, University of Cambridge, there is a plan afoot in the UK to replace some 47 million existing electricity meters with “smart meters”. The motivation appears to be primarily economic:
The energy companies are demanding this facility so that customers who don’t pay their bills can be switched to prepayment tariffs without the hassle of getting court orders against them. If the Government buys this argument – and I’m not convinced it should – then the off switch had better be closely guarded.
Ross and his colleagues have a new paper [PDF] on the potential impact of this strategic vulnerability. From the abstract:
The off switch creates information security problems of a kind, and on a scale, that the energy companies have not had to face before. From the viewpoint of a cyber attacker — whether a hostile government agency, a terrorist organisation or even a militant environmental group — the ideal attack on a target country is to interrupt its citizens’ electricity supply. This is the cyber equivalent of a nuclear strike; when electricity stops, then pretty soon everything else does too.
Apart from the details of potential vulnerabilities, this makes a very important point: installation of these meters, and their supporting infrastructure, creates a very large-scale vulnerability where none existed before.
Trying to think of an analogy is difficult — but suppose the FAA were suddenly to decide that all air-traffic control information would be housed “in the cloud” and distributed via the public Internet. Communications with aircraft would be via VoIP telephone service. Such a system might well save money, but would have the potential to be incredibly dangerous.
Generally, when we design systems to be robust and reliable, we try to eliminate “single points of failure”, parts of the system on which everything else depends. Deliberately building them in seems a bit imprudent, to say the least.