Smart meter tampering in Puerto Rico that may have cost a local utility hundreds of millions of dollars is an example of how technology alone cannot deliver ironclad security.
In 2009, criminals with password access to doctored meters lowered recorded power consumption, costing the unnamed utility as much as $400 million annually, according to an FBI cyber-intelligence bulletin obtained by the blog Krebs On Security. The theft was the first report of criminals breaking into the high-tech meters.
Smart meters are in constant communication with a utility's computer system, transmitting data on power outages, electricity consumption and quality. By replacing old fashioned meters that are read manually with the high-tech models, utilities reduce costs and make their operations more efficient.
In the Puerto Rican breach, utility workers and former employees of the meter manufacturer were paid as much as $3,000 to reprogram commercial and residential meters, according to the FBI report. This allowed criminals to use a laptop and low-cost software to plug into the meters and change the information transmitted.
The case shows how technology without proper monitoring of the workplace adds up to weak security. "It's like putting the ultimate deadbolt on your house and then not bothering to lock the door," Michael Garrison Stuber, a lead architect of smart meters manufactured by Liberty Lake, Wash.-based Itron, said Tuesday.
Utilities are using smart meters for monitoring water and natural gas use, as well as electricity. As the devices become more prevalent, the payoff for breaking into them will increase, which will attract cunning criminals.
For utilities, meter tampering is not new, so all that has changed is the way criminals try to beat the system, Stuber said. Crooks have been findings ways for years to change readings in low-tech, mechanical meters to pay less.
"This is just a more sophisticated approach to the ongoing problem that utilities face," Stuber said. "A fraction of a percent of their customers feels that if they can get away with stealing electricity, it's fine and they'll try."