Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The hurried deployment of smart-grid technology could leave critical infrastructure and private homes vulnerable to hackers. Security experts at the Black Hat conference in Las Vegas last week warned that smart-grid hardware and software lacks the necessary safeguards to protect against meddling.

Utilities are being encouraged to install this smart-grid technology–network-connected devices to help intelligently monitor and manage power usage–through funding from the U.S. government’s 2009 stimulus package. The smart systems could save energy and automatically adjust usage within homes and businesses. Customers might, for example, agree to let a utility remotely turn off their air conditioners at times of peak use in exchange for a discount.

But to receive the stimulus money, utilities will have to install new devices across their entire customer base quickly. Security experts say that this could lead to problems down the road–as-yet-unknown vulnerabilities in hardware and software could open up new ways for attackers to manipulate equipment and take control of the energy supply.

Smart-grid deployments involve installing smart meters in homes and businesses across a utility’s coverage area. These meters can communicate with the utility and with other networked devices–usually via a wireless network of some type. Some ways to hijack this type of equipment have already been revealed. Last year, Mike Davis, a senior security consultant at IOActive, created a piece of software that could spread automatically between smart grid hardware in different homes. The software would then be capable of shutting equipment down.

The security of the smart grid was a major topic at Black Hat. The conference brings together researchers from academia, industry, government, and the hacking underground.

Jonathan Pollet, founder and principal consultant at Red Tiger Security, a firm that analyzes the security of critical infrastructure, says the smart grid could be vulnerable to a range of attacks. Customers might simply figure out, for example, how to lower their electricity bills by manipulating how much energy their meters say they’re using. But he says large-scale attacks may also be possible. A serious vulnerability might make it possible to shut down the power supply to an entire city.

The devices being deployed by utilities are meant to last for 15 to 20 years. It may be difficult and costly to apply security patches to these distributed systems, especially because they can’t easily be taken out of commission for routine maintenance.

10 comments. Share your thoughts »

Credit: Mike Davis

Tagged: Computing, energy, security, hackers, smart grid, networking

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me