Hacking Power: Feds Promise Smart Grid Security

  There is little doubt that our nation needs to be smarter with our energy use. In response, the Obama Administration has unveiled a new set of smart-grid standards. Here’s a May 2009 quote from the Wall Street Journal: 

  “Energy Secretary Steven Chu and Commerce Secretary Gary Locke discussed the White House’s smart-grid plans Monday with more than 70 executives from utilities, manufacturers, and telecommunications and information technology firms.

The creation of a next-generation electric grid, which would integrate computer technology to help balance supply and demand from an array of energy sources, is a key component in the White House’s plan to achieve energy independence, find new efficiencies, create jobs and cut costs for consumers.”

This is certainly a noble goal. Most of the experts agree that this grid upgrade is long overdue.  The standards released link together new areas of infrastructure such as “smart customer meters” and cybersecurity.

 Government Computer News just ran an excellent article on how the Department of Energy (DOE) and NIST aim to secure the the smart grid.

 One central question remains, will the “smart grid” be smart enough to stop hackers? Or in pragmatic layman’s terms, can those “smart customer meters” conserve energy,  eliminate the need for the “meter man” to keep running around our neighborhoods, allow us to turn down the home air conditioning from work and allow us to remotely start our ovens to get casseroles ready for dinner – without creating any “back doors” for the inevitable bad guys. 

 My first exposure to “back doors” on computers came from watching the movie “War Games.”  A teenager was able to play “global thermonuclear war” on his home computer.   I still remember two of the taglines: “The only winning move is not to play.” Or, “Is it a game, or is it real?”

 It was 1983, and I was a computer science major at Valparaiso University. Watching that movie was the first time I really thought about how technology could be used for evil purposes as well as for good. I was intrigued and motivated. That movie quietly contributed to my decision to join the NSA two years later and spend my career working on security and networks. I wanted to join up with the good guys. 

 Today, there are plenty of studies glorifying the “dark side” hackers or “crackers.” From students trying to change their grades to those hacking IDs for money, there is no doubt that there will be many trying to break into the new smart grid. 

Studies have been done over the past decade describing how hackers become who they are. Some articles encourage hacking and describe positive and negative motivations for hacking.   There are excellent articles on the making of hackers, so I won’t dwell on that topic. There are also many “white hat” or good hackers like “hackers for charity” led by Johnny Long.

However, my point is that plenty of people will be trying break into this new “smart grid.”  A CNN article described this smart grid threat; however, it remains to be seen if the new specifications will be secure enough to stop the bad guys. Back in April, the BBC ran a story about how spies have infiltrated our current (not so smart) power grid in the US.  Whether hacking the new smart power grid will ever really happen or not, get ready for new movies highlighting smart teenagers successfully hacking into your local power grid. 

Imagine this: a group of teenagers initially change their home electricity bill, but later they discover that they can shut down the neighborhood grid. Despite reservations, they are forced to act in order to save the local police from some group of international criminals. You can decide what happens next.    

One of my neighbors said to me, “My house is already plugged into the net. Why do we need the meter man running around anymore?”

Great question. I’m still not sure if we truly know the right answer. One thing is almost guaranteed, the movies will show teenagers successfully hacking power, and another generation will try even harder to hack the electricity grid.

 What are your thoughts? Can promises of smart grid security be fulfilled?