India’s Smart Grid May Not be Secure: Analyst

With every new technology comes some risk. Even when we talk about smart electricity meters. That’s according to Justin Searle, managing partner at UtiliSec, one of only three consultancies in the US that specializes in security services for the energy utility sectors.

It’s an opinion that’s becoming more relevant as India moves relentlessly, like much of the world, towards employing smart electricity meters. “India needs to make sure these systems don’t come crashing down, affecting hundreds of millions citizens dependent ontoday’s modern conveniences,” says Searle.

The trend of using smart meters is part of a largermove to create smarter electricity grids. Smart meters help electricityutilities do away with manual data collection and power theft, a major problem in the sector. India has among the highest transmission and distribution (T&D) losses anywhere in the world–a problem that smart meters can fix.

Just two days ago the Bangalore Electricity Supply Company (BESCOM) launched smart meters to track power consumption in thecity, which faces T&D losses of 15 percent. BESCOM is expected to deploy one million smart meters in the following year.

But there’s a security risk attached to smart meters. In the US, for example, which has used smart meters for a decade, Searle says that “hackers have recovered passwords stored in theoptical interface and used them to attack other smart meters causing massive blackouts. And of the very few attacks in the US that have been made public, we know that user data has been stolen off the hardware,” says Searle.

The biggest risk the meters carry is the power disconnect button. “An attacker can shut down power remotely at different homes,” says Searle. With some of these deployments, an attacker can potentially track the network connection back to the electricity supply company. “Any vulnerability in the communication channel can allow access to a utility datacenters’ servers. That’s control on much more critical infrastructure.”

Attackers can also figure out a users’ power usage.”Hackers could intercept the data during transmission from the home to the energy company and gain details on a resident’ lifestyle,” says Searle. “Criminals could use it to time a burglary and even figure out which appliances they’d like to steal.”

What’s worse is that attacks on smart meter are difficult to detect, since they don’t have logging or sensor capabilities. “One of the best measures is to disable any functionalities that the meters have but are not in use. Functionalitiesare the biggest vulnerability,” says Searle.

(Justin Searle spoke at the Nullcon Goa Conference, 2012 on ‘Attacking and Defending a Smart Grid’. Visit https://www.nullcon.net/website/ for more information.)