TechOpsGuys.com Diggin' technology every day

28Mar/10Off

Vulnerable Smart Grid

TechOps Guy: Nate

As some of you who know me may know, I have been against the whole concept of a "smart grid" for a few years now. The main reason behind this is security. The more intelligence you put into something especially with regards to computer technology the more complex it becomes, the more complex it becomes the harder it is to protect.

Well it seems the main stream media has picked up on this with an article from the AP -

SAN FRANCISCO – Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.

Kind of reminds me of the RFID-based identification schemes that have been coming online in the past few years, just as prone to security issues. In the case of the smart grid, my understanding of it is that the goal is to improve energy efficiency by allowing the power company to intelligently inform downtream customers of power conditions so that things like heavy appliances can be proactively turned off in the event of a surge in usage to prevent brown and blackouts.

Sounds nice in theory, like many things, but as someone who has worked with technology for about 20 years now I see the quality of stuff that comes out of companies, and I just have no confidence that such technonlogy can be made "secure" at the same time it can be made "cost effective". At least not at our current level of technological sophistication, I mean from an evolutionary standpoint "technology" is still a baby, we're still figuring stuff out, it's brand new stuff. I don't mean to knock any company or organization in particular, they are not directly at fault, I just don't believe - in general technology is ready for such a role, not in a society such as ours.

Today in many cases you can't get a proper education in modern technology because the industries are moving too fast for the schools to keep up. Don't get me started on organizations like OLPC and others trying to pitch laptop computers to schools in an attempt to make education better.

If you want to be green, in my opinion, get rid of the coal fired power plants. I mean 21st century and we still have coal has generating roughly half(or more) of our electricity ? Hasn't anyone played Sim City?

Of course this concept doesn't just apply to the smart grid, it applies to everything as our civilization tries to put technology to work to improve our lives. Whether it's wifi, rfid, or online banking, all of these(and many others) expose us to significant security threats, when not deployed properly, and in my experience, from what I have seen, the numbers of implimentations that are not secure outnumber the ones that are by probably 1000:1. So we have a real significant trend of this in action(technology being deployed then being actively exploited). I'm sure you agree that our power grid is a fairly important resource, it was declared the most important engineering achievement of the 20th century.

While I don't believe it is possible yet, we are moving down the road where scenes like those portrayed in the movie Eagle Eye (saw it recently had it on my mind), will be achievable, especially now that many nations have spun up formal hacker teams to fight future cyber wars, and you have to admit, we are a pretty tempting target.

There will be a very real cost to this continued penetration of technology into our lives. In the end I think the cost will be too high, but time will tell I guess.

You could say I long for the earlier days of technology where for the most part security "threats" were just people that wanted to poke around in systems, or compromise a host to "share" it's bandwidth and disk space to host pirated software. Rarely was there any real malice behind any of it, not true anymore.

And for those that are wondering - the answer is no. I have never, ever had a wireless access point hooked to my home  network, and I do my online banking from Linux.

Filed under: News, Security Comments Off