I was pretty much forced to write about this article after I read it.
In an utter disregard for buzzwords, CNN Homeland Security Correspondent Jeanne Meserve has drunk heavily from the fountain of cyberdouchery. The article entitled “Smart Grid May Be Vulnerable to Hackers” briefly discusses the United States and its respective power companies anxiously deploying a high-tech power grid while simultaneously abusing the words “cyber” and “smart”.
Power companies are installing new automated meters at an astonishing rate which seems to be the first step in the roll out. The eventual goal is to improve electricity efficiency and reliability using sensors on your home meters that talk back to the power grid. President Obama is on board dishing out $4.5 billion towards all this.
So where does the problem lie?
Well some interesting quotes throughout the article define the issue very clearly. One of our friends at InGuardians, Ed Skoudis chimed in stating,
“I think we are putting the cart before the horse here to get this stuff rolled out very fast.”
Also, Matt Spaur, a product marketing analyst added my favorite tidbit,
“Any network can be hacked.”
All in all, this is obviously a huge security issue and if you even remotely (no pun intended) glanced at Live Free or Die Hard you’d get the picture. Electric grids are all ready “hackable” you just have to not be afraid of heights and be a huge fan of rubber. The automation wouldn’t necessarily create many new vulnerabilities, it would most definitely increase the risk by increasing the likelihood and severity of exploitation.
With this system in place there really is no room for “roll it out and patch it later.” We can all hope that the money makers take their time on this one and do it right.
Note from James – When Matt submitted this story, I was pleased to see that it’s not just the bitter old timers like Dave and I who find this stuff beyond the pale. What is important to remember though is that there is room to make all of these things happen, but it needs to start with everyone, including Smart-Ass Security Youngsters like me, dropping the ego at the door and coming back with solutions rather than just pointless bitching and moaning. There’s an opportunity to be awesome here, we should all, collectively, take it.
UPDATE: Businessweek gets in on the action… watch out, you’ve managed to get your Wall Street all over my Critical Infrastructure.
[tags]cyberdouchery, cnn, smart grid[/tags]
For those readers who are in the process of evaluating meters for deployment, have a look at the AMI-SEC Task Force for some secure deployment/architecture guidance:
http://osgug.ucaiug.org/utilisec/amisec/default.aspx