by K.T. Weaver, SkyVision Solutions
The Internet of Things (IoT) involves an Internet which will evolve from connecting just machines and people towards connecting “smart” objects and things. The electric utility industry is currently developing an IoT-based smart grid (SG). This SG is envisioned as the largest installation of an IoT network for our future world with literally billions of smart objects and things, such as smart meters, smart appliances, and other sensors .
Unfortunately, as a cyber-physical system, an IoT-based smart grid faces several security issues. One of them is privacy where:
“Smart meters and smart appliances in residential houses could tell more than the energy consumption. Their generated fine-grained data could harm the privacy of the end-user, by divulging information about their habits (wake up, sleeping and dinner times, etc.), if they are in or away from house, if they are on vacation, etc.” 
In addition, an IoT-based SG (a critical infrastructure) will be attractive to cyber-attacks, attacks that were not possible with the classical electric grid of the past. The purpose of this article is to outline the degree of cyber risk that exists with the planned future smart grid and associated smart meters. It is unlikely that policy makers and utility executives are fully aware of the risks, or they would not proceed with future deployments.
Smart Meter Cyber Attack Surface
Smart meter “initiatives rely heavily on the information infrastructures and communication networks, which may be vulnerable against a wide array of threats, such as energy theft and fraud, sensitive information theft, service disruption for the purpose of extortion, vandalism, hacktivism, and terrorism. Especially, the large-scale deployment of AMI [Advanced Metering Infrastructure] represents a significant increase in the attack surface that needs to be protected.” 
The size and scope of the cyber attack surface for smart meters is defined by the number and types of methods that can be utilized by an adversary to introduce or retrieve data from a smart meter environment or related system. A targeted attack on smart meters could potentially result in the shutdown of the power grid, disabling energy delivery systems. 
The Internet bounds the smart meter information network on both sides, i.e., the home on one side and the utility offices on the other side. (Note: Refer to figure below.) As stated in one published study  from 2015:
“The compromise of even a single smart meter through focused attack or reverse engineering potentially provides access to the AMI network as a whole.”
“This, coupled with the extensive use of multiple wireless technologies and geographic dispersion, results in an attack surface of unprecedented scale.”
“A compromise of the HAN [Home Area Network] side of AMI has the potential to disrupt the lives of consumers on an intimate level, physically within their home, and provides an access point back to the Internet.” 
In addition, as stated in a POLITICO article  published this month:
“‘Every component in the grid that has become digitized is becoming an attack point,’ said Sander Kruese, privacy and security adviser at Alliander, a distribution system operator in the Netherlands.”
“Cyber attacks could bring down whole grids, something that could even kill people if it happens in winter. That’s the scenario of the 2012 German best-selling novel ‘Blackout’ by Marc Elsberg, which portrays a dystopian nightmare after the collapse of the electricity grid triggers telecommunications problems, food shortages and an economic breakdown.
“Those scenarios aren’t far-fetched to experts.” 
Types of Smart Meter Cyber Attacks
Smart meter cyber attacks can be “very dangerous. For instance, a malicious attacker who gets access to the crypto key may remotely disconnect massive [numbers of] smart meters, which causes a heavy financial loss of the power utility, even causes devastating effect on the livelihood and safety of people.” 
Here are some of the theoretical and demonstrated attacks aimed at compromising smart meters:
1) “Denial of service attacks that compromise smart meters such that they are not capable of responding to any request sent by a customer or energy supplier. It is accomplished through smart grid network exhaustion or tampering with the routing of the smart meter traffic.
2) False-data injection attacks that introduce arbitrary and/or certain errors inside a normal smart meter traffic activity causing invalid measurements that are unacceptable in a smart grid network. …
3) De-pseudonymization attacks that compromise anonymization and privacy of smart meter data.
4) Man-in-the-middle attacks where rogue agents can place themselves in between consumer and energy company …
5) Meter spoof and energy fraud attacks can occur by gaining the smart meter ID through physical access.
6) Authentication attacks where attackers can authenticate as a valid user are possible with physical access to smart meter where user authentication password can be obtained via a direct connection to the EEPROM [electrically erasable programmable read-only memory] storage. …
7) Disaggregation attacks for profiling customer energy consumption behavior.” 
Another published study  categorizes smart meter attacks in a different way, those specifically directed at the power grid itself, as follows:
– “Denial of power (DoP): Attacks on individual smart meters to deny power service to a consumer. This type of attack could be directed at critical users resulting in significant harm.
– Theft of power (ToP): Attacks on individual smart meters to facilitate theft of power from the utility. Consumers that are purposefully disconnected from the power utility may surreptitiously reconnect to obtain power. The data within a smart meter may also be altered to misrepresent power usage on any number of smart meters.
– Disruption of grid (DoG): If a large group of smart meters are compromised, they can be connected and disconnected in rapid or chaotic sequences, which results in instability in the power grid. On a large enough scale, the power grid will be unable to absorb this transient behavior and may partially fail resulting in widespread power loss.” 
Smart Meter Remote Disconnect: An ‘Unnecessary Risk’
The last item mentioned above refers to the smart meter “remote disconnect” option contained in most new meters deployed in the United States and elsewhere. I described the dangers associated with the remote disconnect in prior articles at this website, such as Smart Meter Remote Disconnect: An ‘Unnecessary Risk’ for Significant Damage to the Grid  and Investigation: US power grid and ‘smart’ meters vulnerable to hacks .
As stated in prior articles:
The most dangerous “feature” included in the majority of smart meters deployed today is the remote disconnect option.  As documented in the book, Smart Grid Security: An End-to-End View of Security in the New Electrical Grid:
“What if [smart] meters are told to disconnect by a worm or virus? Among all the services AMI [Advanced Metering Infrastructure] offers, the disconnect function is the most controversial in information security circles as it is the only one that directly controls the flow of power to the home or business.”
“The greatest concern is that a successful attack could allow someone to gain control of customers all at once. In addition to causing widespread blackouts, repeatedly switching the power off and on could create frequency imbalances and surges in the grid that could damage loads and destabilize the entire grid, potentially causing damage to generators, transformers, and other equipment in the path [including the smart meters themselves and major appliances in homes and other buildings]. Such a consequence would be much more severe than a simple power outage, resulting in damage to expensive equipment with replacement times of more than a year in some cases. Effectively taking temporary control of a meter network could lead to widespread power outages lasting weeks or perhaps longer.” 
“In my opinion, if it’s got the remote disconnect relay in it, whether it’s enabled or not … it’s a real big, ugly issue.” 
The smart meter remote disconnect was also discussed in the recent POLITICO article previously referenced:
“The meters that really worry security experts are those that can be remotely switched off. The dangers range from leaving a single house in the dark to causing a widespread blackout by switching smart meters on and off repeatedly, said Kruese, whose company distributes power to about a third of Dutch households. ‘If you get control of the grid by getting control of the smart meters, you can cause a lot of damage’.”
“The Netherlands has opted for smart meters without the remote switch-off option, ‘because they saw this threat’, Kruese said.” 
In countries outside the Netherlands, policy makers and utility executives are either unaware of the significant “remote disconnect” threat or choose to ignore it.
Utility Industry Poorly Prepared to Deal with Cyber Threats
Many smart meter devices rely on secret communication codes and algorithms embedded in the hardware with the hope of “maintaining security through obscurity.” However, with some knowledge of the hardware and/or reverse engineering, these codes can be exposed thereby negating the purported obscurity aspect of the devices.
According to a researcher at IOActive, “all it takes for an attacker to gain command and control over a smart meter is $500 worth of equipment and materials and a background in electronics and software engineering. This could mean en masse manipulation of service to residential and business facilities.” 
There has also been difficulty in getting cooperation between vendors and cyber-security researchers due to efforts to protect intellectual property and competitiveness. This conflict impedes the progress in developing improved security solutions. 
According to research by Ponemon and an analysis by Unisys in 2014 , the organizations managing critical infrastructure facilities are not well prepared for cyber attacks:
“Keeping the ‘lights on’ and facilities safe are the primary concerns for companies in the critical infrastructure sectors. The number and severity of cyber-attacks on these companies is escalating and endangering those important goals.”
“As the findings reveal, organizations are not as prepared as they should be to deal with the sophistication and frequency of a cyber threat or the negligence of an employee or third party. In fact, the majority of participants in this study do not believe their companies’ IT security programs are ‘mature’.” 
In an interview with SCMagazine.com, Dave Frymier, CISO of Unisys, found it concerning that so many respondents seemed to be knowledgeable of threats to their organizations, but that this awareness hadn’t translated to a heightened focus on security.
“Over 60 percent [or participants] said they expected another breach to occur in the 12 month period,” Frymier said. “Yet, only 25 percent of them said that security was one of the top five things they were interested in. 
An additional complicating factor is that many utility companies falsely believe that smart meters should have a relatively long lifetime of perhaps 15 to 20 years, which means that the hardware will remain constant for long periods of time. This contributes to the increased vulnerability of smart meters to hacking since upgrades for those devices are difficult or limited in scope.  The cyber threats associated with smart meters are partially responsible for the content of my prior article at this website, Congressional Testimony: ‘Smart’ meters have a life of 5 to 7 years. 
General Analysis, Conclusions, and Recommendations
Cyber hacking into smart meters can create instability in the electric grid potentially damaging equipment and causing physical harm to individuals utilizing the power grid. 
A paper  published in 2009 clearly outlined the cyber threats posed by the smart meters that did not previously exist with analog or electromechanical meters:
“The smart grid, AMI in particular, introduces new security challenges. By necessity, AMI will consist of billions of low-cost commodity devices being placed in physically insecure locations. The equipment is under the control of the often disinterested, unsophisticated, or sometimes malicious users. Even in simple and/or low value services, such an arrangement would be extraordinarily difficult to secure.”
“We posit that the basic requirements of AMI are in conflict with security. While some poor engineering choices are sure to exacerbate some of these issues, there are fundamental reasons why a fully digitized metering system is inherently more dangerous than its analog predecessor.” 
To emphasize the above point, “there are fundamental reasons why a fully digitized metering system is inherently more dangerous than its analog predecessor.” This was known in 2009, yet the utility industry continues to move forward with smart meter deployments as if nothing were wrong.
Can you now understand why informed consumers are reluctant to participate in such a dangerous undertaking as smart meter deployments? As stated by one expert respondent who participated in a recent Pew Research Center report:
“The ‘smart grid’ is the most substantial danger. Cyber attacks that target a ‘smart grid’ will result in loss of power to large numbers of places simultaneously, causing infrastructure damages. … No single instance will be ‘widespread harm,’ but all of these together will add up to that in only a short period of time. Unless there is some unforeseen major new technological development …, the only way to prevent this will be to refrain from adopting ‘smart grid’ technologies.” 
In September 2013, I wrote an article explaining that smart grid cyber security was in a state of chaos and deteriorating. Quoting a Pike Research analysis:
“After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand. Many attacks simply cannot be defended.” 
It would appear that nothing has improved over the past few years. With additional information and analysis over time, the cyber threat situation and associated smart meter attack surface just looks more bleak and onerous. Although it would seem that no policy makers or utility industry executives are calling for a halt to smart meter deployments, that is the only logical course of action.
It is difficult to fully speculate as to why policy makers and utility industry executives continue to allow smart meters deployments. One can partially explain by attributing it to ignorance, corruption, and greed. After all, there is a lot of money to be made in selling smart meters and mining the data they create. 
A U.S. Department of Energy (DOE) document  released in January 2017, entitled, “Transforming the Nation’s Electricity System,” acknowledges the basic facts outlined in this article:
“Cyber attacks are emerging and rapidly evolving threats that may increase the vulnerability of utilities’ system operations.”
“Automated smart meters, for example, are increasingly relied on to track actual power usage and allow for two-way communication between the utilities and end users. Hackers targeting this technology could cause disrupted power flows, create erroneous signals, block information (including meter reads), cut off communication, and/or cause physical damage.” 
The DOE report, however, would seem to be bound by an established narrative that smart meters and other similar devices are needed to modernize the electric grid in order to improve efficiency and resiliency. From a threat and risk assessment perspective, the impact risk of a catastrophic event is high, but the probability of such an event is viewed as low. The context of a catastrophic event involving smart meter hacking would seem to be essentially lost in the discussion of what are viewed as more probable events such as hurricanes and winter storms. Furthermore, smart meters and similar devices are viewed as helping to restore electric service quicker following outages from weather-related events.
Unfortunately and regrettably, it may take an actual catastrophic hacking event where millions of smart meters are turned off in a way that cannot be turned back on before smart meter proponents finally acknowledge that these meters and their associated communications infrastructure are too dangerous to have ever been deployed.
 “Security Issues and Challenges for the IoT-based Smart Grid,” by Chakib Bekara; International Workshop on Communicating Objects and Machine to Machine for Mission-Critical Applications (COMMCA-2104); Procedia Computer Science 34 ( 2014 ) 532 – 537; available at http://www.sciencedirect.com/science/article/pii/S1877050914009193
 “A Survey on Intrusion Detection System for Advanced Metering Infrastructure,” by Weiming Tong, et.al.; published in the 2016 Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC); 21-23 July 2016; available at http://ieeexplore.ieee.org/document/7774730/
 “Identifying the Cyber Attack Surface of the Advanced Metering Infrastructure,” by Foreman and Gurugubelli, The Electricity Journal; Volume 28, Issue 1, January–February 2015, pp 94–103; available at http://www.sciencedirect.com/science/article/pii/S1040619014002899
 “Hackers Threaten Smart Power Grids,” by Anca Gurzu, 1/4/17, 6:18 PM CET Updated 1/6/17, 3:32 PM CET; available at http://www.politico.eu/article/smart-grids-and-meters-raise-hacking-risks/
 “Clustering of Smart Meter Data for Disaggregation,” by Vitaly Ford and Ambareen Siraj; published in the Global Conference on Signal and Information Processing (GlobalSIP), 2013 IEEE; 3-5 Dec. 2013; available at http://ieeexplore.ieee.org/document/6736926/
 “Smart Meter Remote Disconnect: An ‘Unnecessary Risk’ for Significant Damage to the Grid,” SkyVision Solutions Blog Article, May 2016, at https://smartgridawareness.org/2016/05/12/smart-meter-remote-disconnect-an-unnecessary-risk-for-significant-damage-to-the-grid/
 “Investigation: US power grid and ‘smart’ meters vulnerable to hacks,” SkyVision Solutions Blog Article, December 2015, at https://smartgridawareness.org/2015/12/21/us-power-grid-vulnerable-to-hacks/
 Smart Grid Security: An End-to-End View of Security in the New Electrical Grid, by Gilbert N. Sorebo (Author), Michael C. Echols (Author), Michael Assante (Foreword); Publisher: CRC Press; 1 edition (December 5, 2011). Book available from amazon.com at http://www.amazon.com/dp/1439855870/ref=wl_it_dp_o_pC_S_ttl?_encoding=UTF8&colid=JQVO0DK288NY&coliid=I3HT55J613FATM
 Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter; Publication Date: November 11, 2014; available at: http://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital-ebook/dp/B00KEPLC08/ref=dp_kinw_strp_1.
 “Critical Infrastructure: Security Preparedness and Maturity,” research and analysis sponsored by Unisys and independently conducted by Ponemon Institute LLC; Publication Date: July 2014; available at https://www.hunton.com/files/upload/Unisys_Report_Critical_Infrastructure_Cybersecurity.pdf
 “Study: Security not prioritized in critical infrastructure, though most admit compromise,” July 2014; available at https://www.scmagazine.com/study-security-not-prioritized-in-critical-infrastructure-though-most-admit-compromise/article/538808/
 “Congressional Testimony: ‘Smart’ meters have a life of 5 to 7 years,” SkyVision Solutions Blog Article, October 2015, at https://smartgridawareness.org/2015/10/29/smart-meters-have-life-of-5-to-7-years/
 “Cyber Hackers Can Now Harm Human Life through Smart Meters,” SkyVision Solutions Blog Article, December 2014, at https://smartgridawareness.org/2014/12/30/hackers-can-now-harm-human-life/
 “Energy Theft in the Advanced Metering Infrastructure,” by Stephen McLaughlin, et.al.; published in CRITIS’09 Proceedings of the 4th international conference on Critical information infrastructures security; September 30 – October 02, 2009; available at http://dl.acm.org/citation.cfm?id=1880566 or http://www.patrickmcdaniel.org/pubs/critis09.pdf.
 Pew Research Center, October 2014, “Cyber Attacks Likely to Increase”; Expert Opinion of Andrew Chen, Associate Professor Computer Science at Minnesota State University-Moorhead; report available at: http://www.pewInternet.org/2014/10/29/cyber-attacks-likely-to-increase/.
In this report, “widespread harm” was defined as “significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars.”
 “Smart Grid Cyber Security in a State of Chaos and Deteriorating,” SkyVision Solutions Blog Article, September 2013, at https://smartgridawareness.org/2013/09/29/smart-grid-cyber-security-in-state-of-chaos/
 “Smart Meters Generate a ‘Gold Mine of Data’ for Utilities,” SkyVision Solutions Blog Article, December 2015, at https://smartgridawareness.org/2015/12/31/smart-meters-generate-gold-mine-of-data/
 “Transforming the Nation’s Electricity System,” Quadrennial Energy Review: Second Installment; U.S. Department of Energy, January 2017; available at https://energy.gov/epsa/downloads/quadrennial-energy-review-second-installment