By David Baker
The security of the United States’ power infrastructure has become a widely discussed and debated topic. With the rapid deployment of advanced metering infrastructure (AMI), often referred to as smart meters, energy distribution is moving quickly into the new millennium and becoming more technologically complex. However, like many early-to-market technologies, smart meters are likely to exhibit severe security vulnerabilities, making them a prime target for attack.
As a critical component in the smart grid, smart meters act as the power distribution endpoints as well as the endpoints for communication and sensory nodes. They promise to deliver utilities and consumers better control over electricity distribution, generation, and usage in addition to greater savings and more reliable, efficient services. This sounds great in theory, but how safe are these meters that are being installed rapidly on homes across the nation?
Smart meters are essentially miniature computers; however, many lack the protection types that have become standard on modern computers and networks. Similar to computers and software developed in earlier years, these devices were not designed with security in mind. This fact was confirmed by IOActive’s research on a series of smart meter platforms, which uncovered a range of vulnerabilities and programming errors.
In addition to being vulnerable to typical attack vectors, IOActive researchers achieved proof-of-concept “worm-able” code execution on standard smart meters. The smart meter’s radio communication chipset is publicly sourced and the communication protocols themselves lacked authentication and authorisation. These shortcomings, among others, were leveraged to produce a worm. If an attacker were to install a malicious program on one meter, the internal firmware could be made to issue commands to flash adjacent meters until all devices within an area were infected with the malicious firmware. Conceivably, once the worm spreads to meters, the attacker gains the ability to connect and disconnect customers’ power at predetermined times; change metering data and calibration constants; change the meter’s communication frequency; and render the meter non-functional. Despite these findings, smart meters are here to stay and are being deployed at an astounding rate. With the help of a $4.5 billion stimulus package, millions of smart meters are used in the US today, and it is estimated that more than 73 participating utilities have ordered 17 million additional smart meter devices.
So, how do we move past these security vulnerabilities and transition to the next generation of secure power distribution?
To help ensure that only secure, wellmade smart meters are deployed, utilities need to drive accountability in the smart meter market by performing rigorous penetration testing security reviews on devices from all manufacturers. By continuing to test the security, quality, and reliability of these devices for the duration of the product lifecycle, utilities can ensure that meter vendors continually maintain and improve the security of their product.
To help guide the release of meters that are more secure and better able to withstand attacks, IOActive advocates that smart meter vendors adopt a formal Secure Development Lifecycle (SDL). The SDL takes a proactive approach to security by implementing security and privacy measures during each stage of development, and conducting a final review before software is released. In addition to creating more secure products, meter vendors will save money by implementing an SDL because studies show that overall project costs are 60 times higher when gaps in information security controls are addressed late in the development phase.
By following an SDL, meter vendors will be better equipped to resolve many of the design flaws present in smart meter devices and employ the most basic rule of security: layer your defences. Good security relies on several layers of defence, using the theory that if one mechanism fails you have several others in place to prevent a breach. Since smart meters reside on the outside of homes with minimal physical protection, it is especially critical to have layered defences. Otherwise, there is little to prevent someone with only a basic knowledge of electronics from stealing a meter, reverse engineering it, and uncovering exploitable vulnerabilities.
Strong encryption, authentication, and authorisation are additional security basics that seem to be poorly implemented in many smart meter devices. IOActive researchers found that many devices do not use encryption or implement any authentication before carrying out sensitive functions like executing software updates and performing disconnect operations. Even when meters had encryption algorithms in place, it was found that functionality was unmanageable, and that the keys were often exposed, extremely weak, and could be recovered through simple hardware hacking techniques.
Fortunately, the effort to secure the smart grid infrastructure is currently taking place. Utilities are embracing their position as guardians of the energy ecosystem and holding vendors accountable for the security of their products. Utilities are making vendors responsible for security by demanding the implementation of a formalised SDL and mandating third party security auditing. As a result, both consumers and utilities will thrive from the vast benefits of the smart grid, while ensuring the present and future safety of the world’s critical infrastructure.