Cyber Hackers Can Now “Harm Human Life” Through Smart Meters

Cyber Attack Threat..AUtilities and the smart grid industry tout only the hypothetical benefits of smart meters, never seriously discussing the tremendous risks and costs to our society.  On the subject of cyber security, they hardly discuss it at all.  For example, the industry group, so-called  “Smart Grid Consumer Collaborative,” addresses the cyber security issue with basic uninformative “happy talk” as follows:

“The performance of security measures are tested and reviewed regularly to guard against unauthorized access to systems.  Moreover, utility companies are working with federal agencies, such as the Department of Homeland Security, the Department of Energy, and the National Institute of Standards and Technology (NIST), to strengthen privacy and security standards to provide even more safeguards for consumer protection.” [1]

The above propaganda type language reveals nothing of the catastrophic risks involved with the deployment of smart meters and smart grid systems.  Although you won’t receive meaningful cyber threat risk-related information from the smart grid industry, it is not hard to find elsewhere.  Just from one reference book [2] written by two cyber security specialists, you discover the following information which primarily addresses the “remote disconnect” feature of electric utility smart meters:

From a Chapter on “Smart Metering:  The First Security Challenge

“What if [smart] meters are told to disconnect by a worm or virus?  Among all the services AMI [Advanced Metering Infrastructure] offers, the disconnect function is the most controversial in information security circles as it is the only one that directly controls the flow of power to the home or business.  While DR [Demand Response] and ALC [Automatic Load Control] involve sending a signal to a meter that could result in switching off an appliance, the consumer is usually able to easily override such action.  However, absent some rewiring, there is no equivalent override for the disconnect switch.  In fact, one of the purposes of the disconnect switch is to ensure that customers who do not pay their bills are denied electricity until they do so.”

The greatest concern is that a successful attack could allow someone to gain control of customers all at once.  In addition to causing widespread blackouts, repeatedly switching the power off and on could create frequency imbalances and surges in the grid that could damage loads and destabilize the entire grid, potentially causing damage to generators, transformers, and other equipment in the path [including the smart meters themselves and major appliances in homes and other buildings].  Such a consequence would be much more severe than a simple power outage, resulting in damage to expensive equipment with replacement times of more than a year in some cases.   Effectively taking temporary control of a meter network could lead to widespread power outages lasting weeks or perhaps longer.”

“When the Internet started, there really were no viruses.  They were being written and they were infecting machines, but there was no real impact.  It was not until people realized that their identities were being stolen, as a result of these viruses, that anti-virus became a must. …  Once worms started taking down e-mail servers and business services, patches became extremely important and now businesses are more vigilant than ever in this regard. …  Today we are still fighting that battle, and at the same time a new battlefield is emerging.”

“Cyber security as related to the utility field is currently a place where ‘information can now be used to control physics,’ as Joe Weiss of Applied Control Solutions puts it.   The manipulation of data can be used to turn off electricity or to steal energyThere will be multiple impacts that can be realized as a result of cyber security risks and smart metering.  But the paradigm change is that the hackers can actually harm human life.”

The reference to a “paradigm change” above simply means that the effects of a cyber attack are no longer limited to information technology assets which may include customer retail account or bank record systems.  Cyber hackers can now attack “smart” Industrial Control Systems (ICSs) of our critical infrastructure, which includes smart meters for those who have them.

When our critical infrastructure is literally “taken out” for days, weeks, or even months, bad things are going to happen, thus the reference to “harm human life.”  Initially, and for short widespread outages, the vulnerable members of our population would be most affected who need life-sustaining medical equipment.  Also, what if a power blackout is caused during a period of extreme cold or hot weather when people’s heating or cooling systems would not operate?  As the duration of a power blackout is extended, depending on the amount of damage caused during the cyber attack, societal breakdown will eventually occur with associated looting, havoc, and disorder typical of  when people believe (rightly or wrongly) that their very survival is at stake.

It is also important to be aware of the warnings and recommendations from the U.S. Government Accountability Office in its report entitled, “Electricity Grid Modernization.” [3]

Cyber Attacks Ahead“Utilities are focusing on regulatory compliance instead of comprehensive security. … Consequently, without a comprehensive approach to security, utilities leave themselves open to unnecessary risk. …  There is a lack of security features being built into smart grid systems. …  For example, our experts told us that certain currently available smart meters have not been designed with a strong security architecture and lack important security features, including event logging and forensics capabilities which are needed to detect and analyze attacks.”

“Without securely designed smart grid systems, utilities will be at risk of not having the capacity to detect and analyze attacks, which increases the risk that attacks will succeed and utilities will be unable to prevent them from recurring.”

Until consumers are more informed about the benefits, costs, and risks of smart grid systems, utilities may not invest in, or get approval for, comprehensive security for smart grid systems, which may increase the risk of attacks succeeding.”

Hopefully it is clear from this article that our society is being placed at great risk by the smart grid industry in deploying unsafe and insecure systems and not properly informing consumers about the associated risks, in conflict with the GAO report recommendations.  Without greater public awareness, the necessary consumer and political pressures may never force the utilities to “do the right thing” in time to protect us all from disaster.

As stated by an expert respondent highlighted in a recent Pew Research Center report [4]:

“The ‘smart grid’ is the most substantial danger.  Cyber attacks that target a ‘smart grid’ will result in loss of power to large numbers of places simultaneously, causing infrastructure damages.  … No single instance will be ‘widespread harm,’ but all of these together will add up to that in only a short period of time.  Unless there is some unforeseen major new technological development …, the only way to prevent this will be to refrain from adopting ‘smart grid’ technologies.”

To gain an even better appreciation of the cyber threats posed by smart meters and the smart grid, SkyVision Solutions has prepared a special video which is just over five minutes in duration.

[The above video contains material used pursuant to the Fair Use Doctrine under 17 U.S.C. 107 and is presented in the public’s interest for non-commercial purposes.]

Related Articles

Article Citations

[1] Smart Grid Consumer Collaborative (SGCC) “Data Privacy and Smart Meters,” page 2.

[2] Smart Grid Security: An End-to-End View of Security in the New Electrical Grid, by Gilbert N. Sorebo (Author), Michael C. Echols (Author), Michael Assante (Foreword); Publisher: CRC Press; 1 edition (December 5, 2011).  Book available from amazon.com at http://www.amazon.com/dp/1439855870/ref=wl_it_dp_o_pC_S_ttl?_encoding=UTF8&colid=JQVO0DK288NY&coliid=I3HT55J613FATM.

[3] U.S. Government Accountability Office, GAO Report #GAO-11-117, “Electricity Grid Modernization.”

[4] Pew Research Center, October 2014, “Cyber Attacks Likely to Increase”; Expert Opinion of Andrew Chen, Associate Professor Computer Science at Minnesota State University-Moorhead; report available at: http://www.pewInternet.org/2014/10/29/cyber-attacks-likely-to-increase/.
In this report, “widespread harm” was defined as “significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars.”

Video Credit Citations

National Geographic Channel, “American Blackout,” October 2013; refer to http://channel.nationalgeographic.com/channel/american-blackout/

C-SPAN, November 20, 2014, “Cybersecurity Threats,” at http://www.c-span.org/video/?322853-1/hearing-cybersecurity-threats#ftag=YHFb1d24ec

WKYC TV in Cleveland, Ohio; “Investigator: Cyber attack bigger threat than Sandy,” at http://archive.wkyc.com/news/article/267320/45/Investigator-Cyber-attack-bigger-threat-than-Sandy

Former CIA Director James Woolsey at http://vimeo.com/27770029.

About SkyVision Solutions

Raising public awareness and finding solutions for smart grid issues related to invasions of privacy, data security, cyber threats, health and societal impacts, as well as hazards related to radiofrequency (RF) radiation emissions from all wireless devices, including smart meters.
This entry was posted in Smart Grid, Smart Meters, and RF Emissions and tagged , , , , . Bookmark the permalink.

3 Responses to Cyber Hackers Can Now “Harm Human Life” Through Smart Meters

  1. Pingback: Dear Smart Grid, We Want a Divorce | Stop Smart Meters!

  2. Sonia R. says:

    The radiation over long-term of the Smart Meters breaks the double DNA strand resulting in future generational mutations. And it’s not just interruption of medical equipment that can occur. Those with symptomatic diseases or disorders, especially those neurological in nature will be experiencing a possible increase in intensity of symptoms. Children are the most at risk, since their smaller bodies absorb at an increased intensity, and the ample fluid in the cranium due to the not fully developed brain acts as a conduit to the vulnerable tissues of the brain of the radioactive emissions of the SM. The impact on the disabled is also not taken into account. The federal agencies that utilities are working with mentioned above fail to mention the NSA which has repeatedly warned the White House that terrorist attacks via the Smart Grid are imminent. Ignoring NSA warnings is the height of idiocy.

    By the way, there have been deaths linked to SM house fires that happen many times the day after SM installation. Fire Marshall’s typically don’t investigate fires unless arson is suspected, and they conveniently overlook that most utilities come and confiscate the evidence as soon as power is interrupted at the address. Some Canadian Provinces have now removed at least 180,000 SM due to the fire hazards. At least they care about their citizens. The SM are also being removed at the expense of the utilities. Way to go Canada!

  3. Warren says:

    I have been waiting to read about the first “death by hacking” for some time now. Impatient heir hacks into granny’s “smart” meter and turns it off along with her life support.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s