Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Smart-grid devices also connect back to the older control equipment–known as Supervisory Control and Data Acquisition (SCADA) systems–used at utility companies. “SCADA systems are far less secure than enterprise IT systems,” Pollet says. He explains that they are often connected to the Internet, but don’t have security features such as firewalls and antivirus protection.

Nathan Keltner, a consultant on FishNet Security’s assessment team, has been analyzing smart-grid technology for clients. He said the smart grid amounts to “old-school SCADA that’s been bolted into some sort of a newer technology.”

It may be particularly hard to protect the smart grid because would-be attackers will have physical access to components connected to the network. Pollet says that all it takes is for one determined attacker to find a way in–information about how to hack a device is then quickly shared online. “Those who have the intent and motivation can do this stuff,” he says.

Shawn Moyer, who is the principal consultant on FishNet Security’s assessment team, says he’s concerned that utilities don’t have expertise in network security. For example, he says, many advertise that they offer encryption in their smart-grid products, but on further inspection, there are problems with how that encryption is implemented.

Moyer and Keltner revealed a proof-of-concept smart-grid attack at Black Hat. They used a customizable piece of radio equipment and some freely available software to find smart meters on a network and circumvent the encryption used to protect them. If an attacker were to do the same, they say, it would be possible to issue commands that could misreport data to the utility or shut off power to some users.

Moyer notes that utilities have battled meddling for a long time, but the smart grid adds another dimension to the problem. “Theft of service isn’t new, tampering isn’t new–only the scale of what’s possible,” he says.

10 comments. Share your thoughts »

Credit: Mike Davis

Tagged: Computing, energy, security, hackers, smart grid, networking

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me