FBI says smart grid can be hacked with surprising ease
SUBNET Solutions Inc | Wednesday, April 11, 2012
For utilities operating in some countries, introducing smart grid technologies into existing power infrastructure has brought an end to an era of detrimental electricity theft. However, in other areas hacking into the smart grid - particularly smart meters - could cost utilities hundreds of millions of dollars, according to the Federal Bureau of Investigation.
Greentech Media reports that the internet blog Krebs on Security obtained a May 2010 cyber intelligence bulletin that discussed an incident in Puerto Rico in which criminals allegedly hacked into smart meters, marking the first known report of such an attack. Although utilities greatly benefit from the two-way communication the smart grid offers, and often have few security issues, the breach, the FBI says, shows that cyber vulnerabilities will always exist.
The FBI bulletin noted that in 2009, a utility in Puerto Rico asked the agency to investigate a loss of power that was occurring as smart meters were deployed. The FBI determined the most likely scenario was that former employees were altering the meter's readings by thousands of dollars, resulting in an approximate $400 million in extra costs, the media outlet stated.
Further investigation revealed the thieves may have used infrared lights to hack the meter and change its software settings, causing them to stop measuring usage.
"From what we’ve seen, tampering with meters has been a longstanding problem for utilities. What is unique in this case is that the attackers used the optical ports to tamper with the meter's internal software," said Jacob Kitchel, senior manager of security and compliance for a North American grid security company. "Moving forward, it will be harder to detect malicious modification of meter software when vendor-approved methods and mechanisms, such as optical ports, are being used."
At the recent Networked Grid Conference in Durham, North Carolina, San Diego Gas and Electric employee Lee Krevat said that some of the utility's vendor contracts did not have enough security to meet its needs. He said it has become crucial for utilities to be proactive about security requirements in today's electric grid.
SUBNET has developed a number of solutions and products that help utilities install cyber security into their systems in a timely and efficient manner. By using SUBNET's products, utilities can ensure they are compliant with strict NERC CIP requirements that have been developed to protect national power infrastructure.
Substation Cyber Security