Smart Meter Remote Disconnect: An ‘Unnecessary Risk’ for Significant Damage to the Grid

by K.T. Weaver, SkyVision Solutions

Hacker with Smart Meter Interface to Remote DisconnectI have written numerous articles over the past couple of years describing how smart meters make the electric grid inherently less safe from a cybersecurity perspective.  In fact, in one article I recently stated that: “The most dangerous ‘feature’ included in the majority of smart meters deployed today is the remote disconnect option.” [1]

On May 3, 2016, Nick Hunn of WiFore Consulting Ltd presented testimony at the UK House of Commons’ Science and Technology’s “evidence check” and inquiry into the country’s smart metering initiative. [2] [3]  Mr. Hunn presented evidence consistent with the information contained in my prior articles.  Here is a partial excerpt from the oral evidence dealing with grid security on the subject of the smart meter remote disconnect:

Question: “I want to ask a few questions about security.  Mr Hunn, earlier you said that you do not feel that the current regime maximises the information that would benefit the grid.  Do you feel that there is a security risk to the grid from the current regime of smart meters?”

Nick Hunn: “The concern I have is that every smart meter has an isolation switch so it can be remotely connected from the supply. … If somebody could hack into that or just by mistake turn off very large numbers of meters, that sudden shock of taking them off the grid, and even worse be able to turn back on at the same time, would cause significant damage.  And to me that’s an unnecessary risk.”

Below is a 3-minute video that includes the above exchange.

Nick Hunn also wrote a paper in April 2016 that provides a more detailed explanation of his concerns with the smart meter remote disconnect feature and his apparent frustration that the risks are not being fully acknowledged by the government or utility companies [4].  Here are a few excerpts:

Excerpts from “Squirrels, Grid Security and a Stuffed Rudd” by Nick Hunn [4]:

“So what have squirrels got to do with grid security?  There is a lot of talk going on about energy security in the UK, but it has little to do with the security of our national infrastructure, as opposed to the simple maths of making sure that we have enough generating capacity to meet demand.  When the subject of cybersecurity is raised there is little informed debate.  Earlier this year, the media, along with a number of grid ‘experts’ had great fun with the report that squirrels cause more power outages than hackers.  There’s even a cybersquirrel website where you can track the incidents.   As a result, the cute little rodents have now entered the popular culture of the industry, such that real security issues get dismissed with trite squirrel references. …

Squirrel by Nick Hunn

As I said in my previous article, it’s easy to imagine a rogue programmer working for a meter manufacturers being able to insert malicious code which would turn millions of meters off at the same point in the future.  That’s possible, because all of the smart meters being installed in Britain allow the utility to remotely disconnect your electricity and gas at the flip of a switch.  If hackers turned off a million electricity meters in one go, that would cause serious damage to the grid.  Turning them all on again a few days later would do even more damage, as restoring power when demand is unknown is particularly problematic and can burn out equipment on the grid, which gives a rogue programmer lots of scope to bring large parts of the country to its knees. …

I don’t actually think this is complacency – I suspect it is mostly naivety.  Our electricity companies are not high tech.  They care passionately about reducing outages, but it’s a largely manual concern – it’s about sending people out to cut down foliage, repair power lines and clear up after the occasional unlucky fried squirrel.  It’s why they like the squirrel analogy – they understand squirrels, whereas they don‘t really understand hackers.  Utilities have a very physical mindset, not a technical or intellectual one and probably don’t realise the firmware risks.  Their concept of smart meter security is about people fiddling their meter readings, not terrorists bringing down the entire grid. …

We need to question whether the benefit to utilities of having a remote disconnect has been weighed up against the risk of hacking and major grid disruption?  We need to question whether firmware is being written as safety critical software?  My experience is that in this industry it is not.  And we need to understand whether there is enough expertise within DECC and our utilities to manage and assess the security requirements of the deployment.  If the answer to any of these questions is no, we should stop the programme.”

Summary and Conclusion

A network of actors continues to push for the deployment of smart meters.  This network of actors, representing a combination of policy makers, utility personnel, and meter manufacturers, does not acknowledge the tremendous risks and costs associated with the technology.  One of the most obvious risks relates to the remote disconnect feature which has the capability to be used by hackers as a means to inflict significant damage upon the electric grid.  As inferred by Nick Hunn above, the current smart meter deployments should be halted due to the unaddressed risks.

Nick Hunn attributes the lack of action in dealing with the remote disconnect issue as one of naivety rather than complacency.  I think it is also a matter of arrogance and/or greed for those who continue to tout dubious smart meter benefits as if they were indisputable facts and at the same time publicly dismiss those people citing the risks as “stirring up fear among the public.” [5]  Until this dangerous mindset changes, the public good will not be served, and public resistance and opposition to smart grid technology is fully justified.

References for this Article

[1] “Investigation: US power grid and ‘smart’ meters vulnerable to hacks,” SkyVision Solutions Blog Article, December 2015, at https://smartgridawareness.org/2015/12/21/us-power-grid-vulnerable-to-hacks/

[2] UK Science and Technology Committee Oral evidence: Smart meters, HC 993; Tuesday, May 3, 2016; available at https://skyvisionsolutions.files.wordpress.com/2016/05/oral-evidence-on-uk-smart-meters-03-may-2016.pdf

[3] UK Parliamentlive.tv, Science and Technology Committee, May 3, 2016, at http://parliamentlive.tv/Event/Index/79ce41f8-6a7a-40ce-8216-3c1a19591250

[4] “Squirrels, Grid Security and a Stuffed Rudd,” by Nick Hunn, April 2016; available at https://skyvisionsolutions.files.wordpress.com/2016/05/hunn-april-2016-squirrels-and-cybersecurity.pdf

[5] “Smart energy meters letting hackers in through ‘back door’, Labour Minister says,” May 12, 2016, at https://www.energyvoice.com/other-news/109377/smart-energy-meters-letting-hackers-back-door-labour-minister-says/.  Also see http://web.archive.org/web/20160513150322/http://eandt.theiet.org/news/2016/may/smart-meter-hacking.cfm for archived location.  Quoting:

A Labour minister has accused the Government of allowing hackers “in through the back door” by rolling out insecure smart energy meters.

Energy Secretary Amber Rudd hit back at the MP for stirring up fear among the public.  “You should be careful not to put fear in to the hearts of people where none should exist.”

Copyright Notice © SkyVision Solutions and Smart Grid Awareness, 2013 – 2015.  Unauthorized use and/or duplication of original material from this site without express and written permission from this site’s author and/or owner is strictly prohibited.  Excerpts and links may be used, provided that full and clear credit is given to SkyVision Solutions and Smart Grid Awareness with appropriate and specific direction to the original content.
Material presented in this article is presented in the public’s interest for non-commercial purposes.  SkyVision Solutions does not imply any exclusive right to preexisting material contained in published works highlighted in this article.

About SkyVision Solutions

Raising public awareness and finding solutions for smart grid issues related to invasions of privacy, data security, cyber threats, health and societal impacts, as well as hazards related to radiofrequency (RF) radiation emissions from all wireless devices, including smart meters.
This entry was posted in Smart Grid, Smart Meters, and RF Emissions and tagged , , , , , . Bookmark the permalink.

3 Responses to Smart Meter Remote Disconnect: An ‘Unnecessary Risk’ for Significant Damage to the Grid

  1. Joy says:

    My question, if we disable the facility of Remote disconnection, then we are disabling one if the Smart feature??

    • The customer has no control over the remote disconnect function; this article points out the danger of utilities incorporating such a feature into the smart meter. As background, below is information more fully describing the remote disconnect switch.

      As described by one utility company, the “remote disconnect” is a switch within a smart meter that can be remotely operated to connect or disconnect power to the customer:

      “Traditionally, utilities send a metering service person to connect or disconnect the meter. With an AMI system, the connect/ disconnect can be performed remotely by switching the internal meter switch in the Smart Meter for any of the following possible reasons:
       Remote Connect for Move-In
       Remote Connect for Reinstatement on Payment
       Remote Disconnect for Move-Out
       Remote Disconnect for Non-Payment
       Remote Disconnect for Emergency Load Control
       Unsolicited Connect / Disconnect Event”

      Source: http://smartgrid.epri.com/UseCases/Meter%20Remote%20Connect%20Disconnect_ph2add.pdf

  2. David Ward says:

    I don’t hear much talk about it, but in addition to the utilities and the vendors, the banks make a huge amount of money loaning money with interest to the utilities so they can pay the vendors. All three types of entities are scratching each others backs for their own benefit.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s