Smart meters vulnerable to false data injection, experts say
SUBNET Solutions Inc | Tuesday, April 10, 2012
The results of a new survey conducted by nCircle, a leader in information risk and security performance management, have been released, which show energy security pros believe smart grid technologies like smart meters may be exposed to a high risk of false data injection.
The survey was co-sponsored by EnergySec through a Department of Energy-funded partnership that works to develop greater cyber security within North America power infrastructure. The survey was conducted in March.
The survey found that 61 percent of respondents did not believe that smart meter installations currently have sufficient security controls to protect against false data injection.
The surveyors noted that in power grids, electricity producers and consumers are connected through extensive transmission and distribution networks, in which system monitoring is crucial for reliable operations. Routinely, utilities analyze smart meter measurements and power system models that indicate the state of the power grid.
If false data were to be injected into the system, they would attack the configuration of power grids by introducing arbitrary errors into the system, skirting existing procedures for poor measurement detection.
"Smart meters vary widely in capability and many older meters were not designed to adequately protect against false data injection," said Patrick Miller, founder and president of EnergySec. "It doesn’t help that some communication protocols used by the smart meter infrastructure don’t offer much protection against false data injection either. Together, these facts highlight a much larger potential problem with data integrity across the smart grid infrastructure."
Miller added that because America relies on smart grid capabilities to deliver ample and reliable power, it will be imperative to ensure all systems that process usage data, especially those that make autonomous, self-correcting or self-healing decisions, keep data integrity strong.
Elizabeth Ireland, vice president of marketing for nCircle, stated that the injection of false data is a strong example of technology progressing at a swifter rate than security controls.
"Installing technology without sufficient security controls presents serious risks to our power infrastructure and to every power user in the U.S.," she said.
The North American Electric Reliability Corporation (NERC) is helping to mitigate the risks posed by cyber threats, but complying with such standards can result in costly and time-consuming projects. SUBNET helps utilities comply with NERC CIP requirements by leveraging a utility's existing assets and using established corporate IT policies, keeping costs and installation time low.
Substation Cyber Security