Smart Grid vulnerable to cyberattack

OK, next multibillion dollar opportunity for security consultants coming right up! The Smart Grid, a sort of energy-carrying Internet that will feature automated meters, two-way communication and advanced sensors (according to CNN), is ripe for the same kind of cyberattacks that Net users have become so accustomed to, security researchers say. Imagine cyberwar being not about sending spam or even accessing privileged government information but about bringing down the power grid! That's the sort of scenario that lines consultants' pockets. IOActive issued a report that someone with EE and software know-how and $500 in equipment could:

"take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses."

Indeed, Katie Fehrenbacher notes on GigaOM that last year National Journal reported that China had a hand in two blackouts of the U.S. power grid.

Tim Bennett, the former president of the Cyber Security Industry Alliance ... said that U.S. intelligence officials have told him that [China's People's Liberation Army] in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. ... “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Despite $4.5 billion ready to flow into smart-grid investment, the nation would be well advised to go slow, security advisers say.

"I think we are putting the cart before the horse here to get this stuff rolled out very fast," said Ed Skoudis, a co-founder of InGuardians.

"Before we go rushing headstrong into a Smart Grid concept, we have to make sure that we take care of business, in this case cybersecurity," said Garry Brown, chairman of New York's Public Service Commission.

Industry says they take the risks seriously and their smart-grid tech anticipates attacks.

"We are not going to manufacture this car without a seat belt," said Ed Legge, a spokesman for the Edison Electric Institute. ... Itron says they make their meters "unappealing and unrewarding if you do it. And it is very traceable."