Report: National Smart Grid Vulnerable To Attacks
But according to network security researchers and product specialists alike, the Smart Grid may also be a breeding ground for the types of cyberattacks that could leave it not only hacked, but blacked out entirely.
If fully realized, a Smart Grid—which refers to a network of switches, computer chips and sensors implemented everywhere from power plants to electricity meters—would mean a fully automated electricity distribution system nationwide. About $4.5 billion in stimulus funds from the American Recovery and Reinvestment Act has been set aside specifically for Smart Grid technology upgrades.
But IOActive, a provider of application and smart grid security services, stated in a Monday release that it has verified "significant security issues within multiple Smart Grid platforms"—the very same platforms that are already being pressed into action at various U.S. utilities as the first phase of Smart Grid technology rollout begins.
According to IOActive, there are more than 2 million Smart Meters used in the country already, and an estimated 73 utilities nationwide have ordered 17 million more of them.
But "research conducted throughout the industry has independently concluded these technologies are susceptible to common security vulnerabilities such as protocol tampering, buffer overflows, persistent and nonpersistent rootkits, and code propagation," read a statement attributed to Seattle-based IOActive.
"The Smart Grid infrastructure promises to deliver significant benefits for many generations, but first we need to address its inherent security flaws," said IOACtive President and CEO Joshua Pennell in printed remarks from a presentation to the Department of Homeland Security on March 16. "Based on our research and the ability to easily introduce serious threats, IOActive believes the relative security immaturity of the Smart Grid and AMI [advanced metering infrastructure] markets warrants the adoption of proven industry best practices including the requirement of third-party security assessments of all Smart Grid technologies that are being proposed for deployment in the nation's critical infrastructure."
The shaky security in Smart Grids was a hot topic on the Web over the weekend, as various network security experts confirmed fears of easily hacked Smart Grids to CNN.com and other news outlets.
"I think we are putting the cart before the horse here to get this stuff rolled out very fast," said InGuardians co-founder Ed Skoudis to CNN.com.
"Before we go rushing headstrong into a Smart Grid concept, we have to make sure that we take care of business, in this case cybersecurity," added Garry Brown, chairman of New York's Public Service Commission, to CNN.
Cybersecurity was also a concern at the recent FOSE conference in Washington, D.C. Former FBI Director Louis Freeh said government IT security was too siloed. Freeh suggested that a "three-legged stool" that combined private sector, government cooperation and innovation from both would be the only way to avoid playing cybersecurity catch-up in the future—whether with Smart Grids or federal infrastructure.
Telecommunications vendors are also readying for Smart Grid implementation. Among them, AT&T last week launched a new suite of service plans designed specifically for smart grid technology.