I’ve written here before about some of the potential security problems posed by the implementation of “smart” meters by the electric utilities. The kernel of the problem lies in the fact that these meters, which like many products these days contain digital control processors, are designed to be remotely accessible, either via the Internet or via wireless data links.
The Technology Review has a new article discussing some of these risks, which were discussed at last week’s Black Hat security conference. Contributing to the potential for problems is the utilities’ rush to install the new equipment, in order to qualify for fund from the economic stimulus program. Since these devices are expected to last 15 to 20 years, and since they are (obviously) geographically dispersed, installing security patches after the fact would be a non-trivial problem. A further worry is that these meters may be connected to the utilities’ Supervisory Control and Data Acquisition [SCADA] systems, potentially providing a way to attack the entire electricity grid.
Probably the most worrying aspect of all of this is that the utilities are rushing ahead with a system that they are not used to managing or keeping secure. They have always been concerned about security, of course, but their traditional worry has been more like a kook putting a pile of dynamite under a transmission tower, rather than booby-trapped PDF files or wi-fi hacking.