“When you introduce computers everywhere in the grid — in the generation, transmission, distribution, and metering in homes — then you also introduce security risks. Unfortunately, it is very common that when new infrastructure is introduced, security is more of an afterthought”, Lindqvist explained.
He told Infosecurity that smart metering is one area where hackers who could take control of millions of meters could wreak havoc on the system. “If there are vulnerabilities that allow these attacks to be sustained over time, that could be costly and even extremely dangerous.”
Smart meters are attached to houses or buildings and continually communicate energy consumption data to the utility for monitoring and billing purposes.
While the collection of data by smart meters improves the efficiency of the electric grid, it also poses privacy and information security challenges. “For example, If someone knows that your energy consumption is extremely low for a couple of days, that probably means that nobody is home…and someone might want to break into your house”, Lindqvist said. “We need to be cautious about how data is collected and stored.”
In addition, control systems are vulnerable to cyber attack, as demonstrated by the recent emergence of the Stuxnet worm. The worm, which some security experts speculate was developed by Israel and the US, attacked the control systems at an Iranian nuclear power plant.
The malware exploited zero-day vulnerabilities in Microsoft software and valid security certificates to target Siemens supervisory control and data acquisition systems used by the plant.
“The Stuxnet attack was a real eye-opener for many, the first real cyber weapon that specifically targeted control systems. That was really a big deal. I’m afraid that there might be more to come, copycats, etc.”, Lindqvist noted.