by K.T. Weaver, SkyVision Solutions

A new book by Charles Arthur on “Cyber Wars” reviews the most significant cyber attacks in recent years, discusses the lessons learned, and then concludes with an outline of what future hacks we can expect over the next couple of decades.  [1,2,3]

The first future hack scenario deals with smart devices which may be hacked and controlled through ultrasonic “speech” instructions which can unknowingly be given to smart devices in the home (like your front door to unlock) from your computer or phone speakers.

The second future hack scenario deals with self-driving cars where machine learning (ML) systems can potentially be easily affected by hackers and other bad actors to cause self-driving cars not to stop for stop signs or lights as an example.

The third future hack scenario deals with “disrupting a country through its smart meters.”  Arthur envisions a day ahead, maybe in winter, when the power goes off for no apparent reason.  You look out the window to find the entire city in the dark.  There were no warnings.  What happened?   Possibly an attacker broke into the smart meter system and issued an order for all utility meters to disconnect from the power grid.  At the same time cryptographic keys for each meter were changed or wiped clean preventing the meters from ever being reset or reconnected to the grid.  Every “smart” utility meter would require replacement.  How long would that take?

SkyVision Solutions has published many articles over the years in an attempt to sound the alarm bells on how dangerous smart meters are to our society.  Last year I highlighted published papers discussing how smart meter deployments result in a cyber attack surface of “unprecedented scale” and that smart meter cyber attacks represent a “clear and present danger.” [4 and 5]

In 2016 I summarized testimony in the United Kingdom where an expert provided testimony on how the smart meter remote disconnect feature represents an “unnecessary risk.” [6]

Arthur in his book concludes that “future nation-state attacks are likely to seek out connected infrastructure.”  It is “far easier to help your opponent’s system fail than to attack them directly.”  One way to inflict considerable harm would be to target smart meter systems and where every smart meter (millions and millions) would have to be replaced in order to repair the damage.  I just don’t understand how utility companies can continue to ignore this risk.  As part of basic risk management, there is a point where purported benefits of smart meters clearly cannot outweigh the catastrophic risks that the meters present to society.  But alas, I have said this all before.

References

[1] Cyber Wars, Hacks that Shocked the Business World, by Charles Arthur, Kogan Page (publisher), 2018, Paperback, 248 pages.

[2] “Russian ‘cyber war’ hackers could target smart meters in British homes plunging the country into massive chaotic blackouts,” The Sun, March 28, 2018, at https://www.thesun.co.uk/news/5922516/russia-cyber-war-hackers-smart-meters-british-homes-blackouts/

[3] “From self-driving crashes to national power cuts: the future of cyber attacks,” by Charles Arthur, Irish Times, May 17, 2018, at https://www.irishtimes.com/business/technology/from-self-driving-crashes-to-national-power-cuts-the-future-of-cyber-attacks-1.3496097

[4] “Smart Meter Deployments Result in a Cyber Attack Surface of Unprecedented Scale,” SkyVision Solutions Blog Article, January 2017, at https://smartgridawareness.org/2017/01/07/cyber-attack-surface-of-unprecedented-scale/

[5] “Smart Meter Cyber Attacks: A Clear and Present Danger,” SkyVision Solutions Blog Article, June 2017, at https://smartgridawareness.org/2017/06/28/smart-meter-cyber-attacks-clear-and-present-danger/

[6] “Smart Meter Remote Disconnect: An ‘Unnecessary Risk’ for Significant Damage to the Grid,” SkyVision Solutions Blog Article, May 2016, at https://smartgridawareness.org/2016/05/12/smart-meter-remote-disconnect-an-unnecessary-risk-for-significant-damage-to-the-grid/