by K.T. Weaver, SkyVision Solutions

I have written numerous articles over the past couple of years describing how smart meters make the electric grid inherently less safe from a cybersecurity perspective.  In fact, in one article I recently stated that: “The most dangerous ‘feature’ included in the majority of smart meters deployed today is the remote disconnect option.” [1]

On May 3, 2016, Nick Hunn of WiFore Consulting Ltd presented testimony at the UK House of Commons’ Science and Technology’s “evidence check” and inquiry into the country’s smart metering initiative. [2] [3]  Mr. Hunn presented evidence consistent with the information contained in my prior articles.  Here is a partial excerpt from the oral evidence dealing with grid security on the subject of the smart meter remote disconnect:

Question: “I want to ask a few questions about security.  Mr Hunn, earlier you said that you do not feel that the current regime maximises the information that would benefit the grid.  Do you feel that there is a security risk to the grid from the current regime of smart meters?”

Nick Hunn: “The concern I have is that every smart meter has an isolation switch so it can be remotely connected from the supply. … If somebody could hack into that or just by mistake turn off very large numbers of meters, that sudden shock of taking them off the grid, and even worse be able to turn back on at the same time, would cause significant damage.  And to me that’s an unnecessary risk.”

Below is a 3-minute video that includes the above exchange.

Nick Hunn also wrote a paper in April 2016 that provides a more detailed explanation of his concerns with the smart meter remote disconnect feature and his apparent frustration that the risks are not being fully acknowledged by the government or utility companies [4].  Here are a few excerpts:

Excerpts from “Squirrels, Grid Security and a Stuffed Rudd” by Nick Hunn [4]:

“So what have squirrels got to do with grid security?  There is a lot of talk going on about energy security in the UK, but it has little to do with the security of our national infrastructure, as opposed to the simple maths of making sure that we have enough generating capacity to meet demand.  When the subject of cybersecurity is raised there is little informed debate.  Earlier this year, the media, along with a number of grid ‘experts’ had great fun with the report that squirrels cause more power outages than hackers.  There’s even a cybersquirrel website where you can track the incidents.   As a result, the cute little rodents have now entered the popular culture of the industry, such that real security issues get dismissed with trite squirrel references. …

As I said in my previous article, it’s easy to imagine a rogue programmer working for a meter manufacturers being able to insert malicious code which would turn millions of meters off at the same point in the future.  That’s possible, because all of the smart meters being installed in Britain allow the utility to remotely disconnect your electricity and gas at the flip of a switch.  If hackers turned off a million electricity meters in one go, that would cause serious damage to the grid.  Turning them all on again a few days later would do even more damage, as restoring power when demand is unknown is particularly problematic and can burn out equipment on the grid, which gives a rogue programmer lots of scope to bring large parts of the country to its knees. …

I don’t actually think this is complacency – I suspect it is mostly naivety.  Our electricity companies are not high tech.  They care passionately about reducing outages, but it’s a largely manual concern – it’s about sending people out to cut down foliage, repair power lines and clear up after the occasional unlucky fried squirrel.  It’s why they like the squirrel analogy – they understand squirrels, whereas they don‘t really understand hackers.  Utilities have a very physical mindset, not a technical or intellectual one and probably don’t realise the firmware risks.  Their concept of smart meter security is about people fiddling their meter readings, not terrorists bringing down the entire grid. …

We need to question whether the benefit to utilities of having a remote disconnect has been weighed up against the risk of hacking and major grid disruption?  We need to question whether firmware is being written as safety critical software?  My experience is that in this industry it is not.  And we need to understand whether there is enough expertise within DECC and our utilities to manage and assess the security requirements of the deployment.  If the answer to any of these questions is no, we should stop the programme.”

Summary and Conclusion

A network of actors continues to push for the deployment of smart meters.  This network of actors, representing a combination of policy makers, utility personnel, and meter manufacturers, does not acknowledge the tremendous risks and costs associated with the technology.  One of the most obvious risks relates to the remote disconnect feature which has the capability to be used by hackers as a means to inflict significant damage upon the electric grid.  As inferred by Nick Hunn above, the current smart meter deployments should be halted due to the unaddressed risks.

Nick Hunn attributes the lack of action in dealing with the remote disconnect issue as one of naivety rather than complacency.  I think it is also a matter of arrogance and/or greed for those who continue to tout dubious smart meter benefits as if they were indisputable facts and at the same time publicly dismiss those people citing the risks as “stirring up fear among the public.” [5]  Until this dangerous mindset changes, the public good will not be served, and public resistance and opposition to smart grid technology is fully justified.

References for this Article

[1] “Investigation: US power grid and ‘smart’ meters vulnerable to hacks,” SkyVision Solutions Blog Article, December 2015, at https://smartgridawareness.org/2015/12/21/us-power-grid-vulnerable-to-hacks/

[2] UK Science and Technology Committee Oral evidence: Smart meters, HC 993; Tuesday, May 3, 2016; available at https://skyvisionsolutions.files.wordpress.com/2016/05/oral-evidence-on-uk-smart-meters-03-may-2016.pdf

[3] UK Parliamentlive.tv, Science and Technology Committee, May 3, 2016, at http://parliamentlive.tv/Event/Index/79ce41f8-6a7a-40ce-8216-3c1a19591250

[4] “Squirrels, Grid Security and a Stuffed Rudd,” by Nick Hunn, April 2016; available at https://skyvisionsolutions.files.wordpress.com/2016/05/hunn-april-2016-squirrels-and-cybersecurity.pdf

[5] “Smart energy meters letting hackers in through ‘back door’, Labour Minister says,” May 12, 2016, at https://www.energyvoice.com/other-news/109377/smart-energy-meters-letting-hackers-back-door-labour-minister-says/.  Also see http://web.archive.org/web/20160513150322/http://eandt.theiet.org/news/2016/may/smart-meter-hacking.cfm for archived location.  Quoting:

A Labour minister has accused the Government of allowing hackers “in through the back door” by rolling out insecure smart energy meters.

Energy Secretary Amber Rudd hit back at the MP for stirring up fear among the public.  “You should be careful not to put fear in to the hearts of people where none should exist.”

Copyright Notice © SkyVision Solutions and Smart Grid Awareness, 2013 – 2015.  Unauthorized use and/or duplication of original material from this site without express and written permission from this site’s author and/or owner is strictly prohibited.  Excerpts and links may be used, provided that full and clear credit is given to SkyVision Solutions and Smart Grid Awareness with appropriate and specific direction to the original content.

Material presented in this article is presented in the public’s interest for non-commercial purposes.  SkyVision Solutions does not imply any exclusive right to preexisting material contained in published works highlighted in this article.