by K.T. Weaver, SkyVision Solutions

A new article has been published in the International Journal of Critical Infrastructure Protection entitled, “Security Analysis of an Advanced Metering Infrastructure.”  According to the article [1]:

“Sophisticated cyber attacks on advanced metering infrastructures are a clear and present danger.  The most devastating scenario involves a computer worm that traverses advanced metering infrastructures and permanently disables or ‘bricks’ [2] millions of smart meters in major metropolitan areas.”

“Fig. 2 shows the potential impact of smart meter bricking attacks on fifteen of the largest U.S. metropolitan areas.  The total population in the affected metropolitan areas is approximately 110 million, more than twice as many people as were affected by the 2003 blackout [in the Northeastern U.S. and Canada].  But much more significant is that the attacks would result in, not a few or even hundreds, but tens of millions of points of failure.  Power to each customer premises would not be restored until the damaged smart meter is replaced, which typically takes a technician approximately 30 minutes.”  

“What is truly scary is that the limited inventories of smart meters due to production capacity and the inadequate number of trained technicians available to replace the damaged smart meters would result in outages lasting several months to more than one year.”

“Several attack vectors [3] … enable a sophisticated attacker to target advanced metering infrastructure assets and operations to realize five possible outcomes:  (i) theft of data; (ii) theft of power; (iii) localized denial of power; (iv) widespread denial of power; and (v) disruption of grid.”

I have written many, many articles on the subject of smart meter cyber attack threats at this website.  I have done this as an attempt to raise awareness to the critical issues at hand.  You would think at some point someone in authority would put a halt to this nonsense, but yet the smart meter deployments continue worldwide.

Although the new paper [1] presents a “truly scary” scenario of what is to come someday in our future, the article doesn’t really do it in a way intended to halt the insanity of smart meter deployments.  It primarily presents the information so that it can be used as a “foundation … to create a robust risk management program.”  Not very comforting.  Why not just maintain the perfectly good, unhackable,  analog meters as the solution for eliminating the “clear and present danger”?

References and Notes

[1] “Security Analysis of an Advanced Metering Infrastructure,” by Aaron Hansen, et al., International Journal of Critical Infrastructure Protection (2017), at http://www.sciencedirect.com/science/article/pii/S1874548217300495

Also see link at https://www.elsevier.com/about/press-releases/research-and-journals/smart-electrical-grids-more-vulnerable-to-cyber-attacks for “Smart electrical grids more vulnerable to cyber attacks.”

[2] The word “brick” when used in reference to electronics, describes an electronic device that, due to a serious misconfiguration, corrupted firmware, or a hardware problem, can no longer function, hence, is as technologically useful as a brick.  In the common usage of the term, “bricking” suggests that the damage is so serious as to have rendered the device permanently unusable.  See https://en.wikipedia.org/wiki/Brick_(electronics).

[3] The article at [1] identifies eight (8) of what it calls “attack vectors”:

“(i) physical access to the internals of a smart meter;
(ii) physical access to the internals of a data collector;
(iii) cyber access to a smart meter;
(iv) cyber access to a smart meter using technician equipment;
(v) cyber access to a data collector;
(vi) cyber access to a data collector using technician equipment;
(vii) cyber access to a smart meter via a compromised supply chain; and
(viii) cyber access to a data collector via a compromised supply chain.”