Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Power Security United States

Smart Grid Computers Susceptible To Worm Attack 98

narramissic writes "Researchers with security consultancy IOActive have created a worm that could quickly spread among Smart Grid devices, small computers connected to the power grid that give customers and power companies better control over the electricity they use. '[The worm] spread from one meter to another and then it changed the text in the LCD screen to say "pwned,"' said Travis Goodspeed, an independent security consultant who worked with the IOActive team. In the hands of a malicious hacker, this code could be used to cut power to Smart Grid devices that use a feature called 'remote disconnect,' which allows power companies to cut a customer's power via the network. The robustness of US power networks has been a hot-button issue after a technical glitch in 2003 caused a cascading power failure in the eastern United States and Canada that affected 55 million people."
This discussion has been archived. No new comments can be posted.

Smart Grid Computers Susceptible To Worm Attack

Comments Filter:
  • by gravos ( 912628 )
    Pwned! Power nazi say... no electricity for j00!
  • lazy engineering (Score:4, Interesting)

    by Anonymous Coward on Sunday March 22, 2009 @07:25AM (#27287259)
    I know about these.... they're running windows XP, and are on modems. They call in every now and then to get get updates from the main network.... its' the power grid from the future? More like 1990.
    • Re:lazy engineering (Score:5, Interesting)

      by mangu ( 126918 ) on Sunday March 22, 2009 @08:07AM (#27287421)

      its' the power grid from the future? More like 1990.

      Actually, power systems is a mature technology. The "bible" that every power engineer has is this book [amazon.com], first published in 1955. Notice that the book on sale is the fourth edition, printed in 1982. Nothing is changing very fast in this field.

      The problem that could arise from a large number of Smart Grid computers being pwned is if a worm triggered them off at exactly the same time, this is called a "load rejection" event. It would cause oscillations in the power flow which could end in a blackout but, generally, load rejection is not as bad as generation rejection, which happens when a power plant is cut off.

      Another problem that would cause much more harm to the companies than to users is if the worm instructed power meters to register less power consumption. I see a large black-market arising, if someone figures out how to write this exploit.

      • Re: (Score:3, Insightful)

        by TubeSteak ( 669689 )

        Another problem that would cause much more harm to the companies than to users is if the worm instructed power meters to register less power consumption. I see a large black-market arising, if someone figures out how to write this exploit.

        I miss the days when hackers were just doing things for lulz.
        Society would be better off with merry pranksters breaking things because they want a big splash and lots of attention. And usually, the bigger the splash, the sooner the fix.

        Organized criminals, exploiting the same flaws, want secrecy and this is bad for society.

        • Re:lazy engineering (Score:5, Informative)

          by mangu ( 126918 ) on Sunday March 22, 2009 @08:57AM (#27287617)

          I miss the days when hackers were just doing things for lulz.

          Problem is old time hackers [paulgraham.com] did things for money, too. Pricing details here: [markusehrenfried.de]

          In 1971 Steve 'Woz' Wozniak designed a device called the 'Blue Box'. It allowed -- of course illegal -- phone
          calls free of charge by faking the signals used by the phone companies. His friend Steve Jobs instantly realized that there must be a huge market for something that useful. He bought the parts for $40, Woz built the boxes and Jobs sold them to his fellow students at the University of California in Berkeley for $150.

          This well known anecdote is what made me think of the market for an electricity meter hacking device. $150 in 1971 dollars would be about $800 today.

      • by sjames ( 1099 )

        That's just the beginning of the problem. Imagine a hot day in the south. Air conditioners shut off one by one so that nothing terribly alarming happens. A few calls come in, repair visits are scheduled, no big deal.

        Somewhere around 7:00 P.M. when everyone is home, and wondering why their A/C isn't running, suddenly every A/C in the region comes on all at once.

        Further, imagine they THEN all start randomly cycling (but in perfect sync to maximize load fluctuation).

        Really bad day for the grid.

        Further dangers

        • the 'smart' meters i've dealt with allowed remote disconnect, but remote re-connect impossible. Re-connect could be enabled remotely, but someone had to operate something physical to re-connect the customer premise.

          I think they didn't want to go about re-energizing customer premise remotely in case someone had said "oh house is disconnected I will do this electrical work since all wires are dead".

          • by sjames ( 1099 )

            That depends. I have seen remote interrupters for things like air conditioning used to shave peak loads. Those can certainly reconnect remotely. In one place I lived, the local co-op would give you a discount if you agreed to let them install an interrupter and they promised that the A/C would never be off for more than 30 minutes in any hour.

            • hmm, i've been looking for a 2 channel smart meter with load control relays on both channels so I could have remote disconnect and use the 2nd channel for dispatchable loads like hot water that could then be billed at a lower rate. Maybe I'll check out remote interrupters.

    • I work in the power industry with these devices. They are not Windows XP.
  • How long before there is a brisk trade in black-market meters and the little seals to make them look official? The power co owns the meter... I suspect making a filter will be unworkable ;)

    • Re: (Score:3, Interesting)

      by peragrin ( 659227 )

      Bribe just about any good electrician if you want one of those seals. I can put my hands on four of them for upstate NY in less than an hour. (only minor B&E involved as I know where they are stored for one electrician.

      Also if you are good most of those seals can be opened and closed with regular tools. It takes a bit of patience, but is possible.hence why when they really lock you out they use padlocks now. Of course I bet with the right bribe one could get a copy of even those keys as they are mos

    • Re: (Score:1, Interesting)

      by Anonymous Coward
      A power company employee showed me one of their smart meters here while back. It has a GPS tracking device built into it. If you move it from where it's supposed to be, it reports back to the power company. Also, the meter is paired with your service address, so they know when another meter is substituted. They're going to be using remote-read so that the meter continuously reports its status and your usage. They know your usage patterns and can tell when usage changes.

      Black market is going to be a lot hard
      • Black market is going to be a lot harder with these puppies, and this is just the beginning of what's possible.

        I remember reading an article about a guy getting caught stealing an intelligent sprinkler control system which was WiFi equipped because he didn't disable the remote monitoring feature. Hilarity ensued. I don't suppose hacking these meters will be any more challenging than hacking cellphones, though.

  • Glitch? (Score:5, Insightful)

    by Scrameustache ( 459504 ) on Sunday March 22, 2009 @07:39AM (#27287329) Homepage Journal

    It wasn't a glitch, it was negligence! Cheap cost cutting measures, enabled by foolish deregulation: Trees were not trimmed around critical power lines, the lines were cut by falling branches, and then a cascading failure spread through the grid.

    • Re: (Score:3, Informative)

      the lines were cut by falling branches

      Apparently I had that bit upside down; it was the power lines swinging low, not branches falling: http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003#Sequence_of_events [wikipedia.org]

      And here's a piece about why regulations are good and should be enforced: http://www.ontariotenants.ca/electricity/articles/2003/ts-03i08.phtml [ontariotenants.ca]

      • 'An operator corrects the telemetry problem but forgets to restart [wikipedia.org] the monitoring tool'

        This from conclusions in the report by the investigating task force. This is BS, the reason the 'operator' disabled 'real-time status of the power system' was to 'conduct a manual check of the network' because they were fully aware an incident was in progress, in the middle of which he then .. incrediously ... went to lunch [computerworld.com] and forgot about it.

        "We have no clue. Our computer is giving us fits [wired.com], too," replied a FirstEn
  • Asinine (Score:3, Insightful)

    by Samschnooks ( 1415697 ) on Sunday March 22, 2009 @07:45AM (#27287351)

    Should one of these security bugs be made public, it wouldn't just be dangerous, it would also be expensive, costing utility companies big money as they went back and retrofitted their buggy systems, Pennell said.

    Let me get this straight. Pennell wants the bug to kept undisclosed because it will be too expensive for the utilities to fix. Yet, someone whose clever, maybe those folks who hacked into the grids in other countries, may do it to the utilities here in the US; which will be vulnerable because the bug is "too expensive" to fix. Meaning, that the grid is vulnerable and subject to the damage that everyone is afraid might happen since the bugs exist. I guess if the bugs are kept secret, no one else is capable of discovering them because nobody is as smart as the researchers?

    OooooooKaaaaay. Riiiiiiight.

    • Um, citation please? Nowhere in the linked article (sorry, I know I wasn't supposed to read it, but I was curious), does it say anything about being expensive to fix. In fact, it says nothing at all about repair cost, which may merely involve a firmware update which could be deployed remotely.

      From TFA: "Many of these devices are already deployed and it would be too dangerous to make the bugs known"

      And I agree. I think the last thing anyone needs is some 14-year-old scriptiddie tuning downtown Los Angeles in

      • OK, my bad. Pennel *did* say in the last line that it'd be expensive to fix, although I'm unsure how well a security researcher can estimate retrofit or update costs, especially since I can guess the manufacturers will recover some significant part of the costs from the manufacturers of the devices.

      • Re: (Score:3, Informative)

        "Um, citation please? Nowhere in the linked article (sorry, I know I wasn't supposed to read it, but I was curious), does it say anything about being expensive to fix. In fact, it says nothing at all about repair cost, which may merely involve a firmware update which could be deployed remotely."

        From TFA:

        "Should one of these security bugs be made public, it wouldn't just be dangerous, it would also be expensive, costing utility companies big money as they went back and retrofitted their buggy systems, P
  • Should I be sad? (Score:3, Interesting)

    by stokessd ( 89903 ) on Sunday March 22, 2009 @07:54AM (#27287381) Homepage

    This has the potential to suck for the consumer as people could now mess with our power. But after living in several places over the last decade, and being charged $25-$100 to "turn on" my power which is effectively just a change of name on the record at the central office, I can't say I'm shedding a tear for those folks.

    Sheldon

  • by cavehobbit ( 652751 ) on Sunday March 22, 2009 @08:01AM (#27287405)

    This demonstrates the weakness of centralized power grids, like big hydro, big nukes, big coal, big solar arrays beaming power down to Earth, Big solar arrays covering the desert, or any other huge centralized 'answer' to our power generation problems. They are all vulnerable to DOS attacks or attacks on central points of weakness like power lines. It takes just one well crafted weapon, whether kinetic, EMP, radiological, chemical-explosive, cyber-viral-worm, etc., to plunge large populations into darkness and chaos.

    Monolithic thinking leads to monolithic engineering, (not to mention monolithic politics), that concentrate your vulnerabilities and limit your flexibility in responding to problems.

    Better to have many smaller, locally distributed sources. They make it far more difficult to attack them. Looks like Edison was right and Westinghouse was wrong. At least partially. Too bad we went with Westinghouse, at least so far as the centralized generator is concerned.

    This is a challenge that evolution, free markets and democracy all respond to with good answers. Authoritarian structures like organized religions, socialism/communism and autocracy in general all respond poorly to.

    This is also a vulnerability of the Internet, with its centralized DNS name servers. I wish I was knowledgeable enough to come up with a solution to that one.

    • Comment removed based on user account deletion
      • by mspohr ( 589790 )
        A large percentage of power generated by big power generators (dams, nuclear, coal, etc.) is lost in transmission over long distances... this is not efficient.

        It's much more efficient to generate power close to where it is used with small scale power plants (solar, wind, etc. are good for this).

        This gives you a distributed grid of generators and consumers. The grid only has to shift power small distances (with correspondingly low loses) to cover local variations in power consumption and generation. It

        • by Dachannien ( 617929 ) on Sunday March 22, 2009 @08:35AM (#27287547)

          One, we have roughly 10,000 power plants of all types in the US.

          Two, transmission losses are roughly 10% (up from 5% 40 years ago, largely due to a failure to improve the transmission grid on par with the increase in load).

          And three, I'm pretty sure the efficiencies being talked about earlier are related to economies of scale. That is, you can build a large power plant at a cost much cheaper per unit of capacity than a corresponding number of small plants.

          • Re: (Score:3, Informative)

            by Ashriel ( 1457949 )

            I would certainly classify 10% loss as a large percentage of inefficiency; in most companies I've worked with, the minimum acceptable efficiency seems to be 93-95% - granted, I'm not talking power generation and transmission in those cases.

            That is, you can build a large power plant at a cost much cheaper per unit of capacity than a corresponding number of small plants.

            Absolutely. But we're talking initial outlaying of funds here, not maintenance, upkeep, or fueling. More to the point, with generators every few blocks in a city; one or two for every town in the country, the costs are completely removed from private business and placed o

            • by sjames ( 1099 )

              10% loss may seem large, but it isn't when compared to the greater expense of having more smaller plants.

              OTOH, the argument for greater resiliency may have merit even if it does cost more. However, it won't likely be perfect local self-sufficiency even if it started out that way. Many growing towns will find themselves with insufficient local power but not enough demand to economically build a new plant yet. Others will face shrinking populations and an overabundance of capacity.

              All the same, in the event

      • Re: (Score:3, Funny)

        So, that's time to change this way to do things. This is the reason I have harnessed a whole flock of squirels to run in a large squirel cage linked to a damn big dynamo which produce enough power to fill my needs. And you know what? It just costs me peanuts!
    • This is also a vulnerability of the Internet, with its centralized DNS name servers. I wish I was knowledgeable enough to come up with a solution to that one.

      Wouldn't the easiest get-around for DNS be to stop using domain names, and instead refer to everything by its IP address? I know it's not pretty to look at, but it's no worse than remembering a telephone number.

      • by barzok ( 26681 )

        I know it's not pretty to look at, but it's no worse than remembering a telephone number.

        How many telephone numbers do you have memorized?

        How do you propose that when a website changes IPs, that change be broadcast to everyone?

      • by doshell ( 757915 )

        Wouldn't the easiest get-around for DNS be to stop using domain names, and instead refer to everything by its IP address? I know it's not pretty to look at, but it's no worse than remembering a telephone number.

        Yes, wait until the anti-IPv6 crowd hear about that one ;)

      • Hmm... Interesting proposition. I wonder how many IP addresses the shared hosting server I have a few websites on would need if that happened.

      • With the advent of always-on internet connections and mobile devices with wi-fi, etc, plus easy to implement encryption, I wonder if we may not be far from being able to create something new, kind of like a cross of usenet and fido-net, but without the centralization that fido has with controlling nodes.

    • by doshell ( 757915 ) on Sunday March 22, 2009 @08:26AM (#27287509)

      This is also a vulnerability of the Internet, with its centralized DNS name servers. I wish I was knowledgeable enough to come up with a solution to that one.

      The DNS name servers are not centralized. Perhaps you are thinking of the root servers, but those hold only a few records for the TLDs; in order to resolve "slashdot.com", the root servers only know about the ".com" part. Besides, 99% of the queries you make do not ever reach a root server, because you are using your ISP's name server, which does caching. Precisely because it would be unworkable to make every query depend on the DNS servers "above".

      The current problem with the DNS is one of security, but that has nothing to do with it being centralized (indeed I would argue it is easier to secure a centralized system than a decentralized one...)

    • by dtmos ( 447842 ) * on Sunday March 22, 2009 @08:54AM (#27287603)

      Decentralized power generation is a major part of the Smart Grid initiative. See, e.g., the Galvin Electricity Initiative [galvinpower.org].

      Since power generated in a grid cannot be effectively stored, it must be used when generated. This forces today's utilities into a large control problem, in which consumers' needs (in the form of measurements of line voltage and frequency, sampled throughout the network) are fed back to centralized control points and used to control the output of a relatively small number of generating plants (and current sent along individual transmission lines). Control of this system is moderately well understood, if one accepts that certain heuristics have to be used -- along with occasional human judgement. Considering its complexity, this is one of the great engineering achievements of the 20th Century.

      Decentralized power generation, however, is a completely different type of control problem. With millions of potential generators, the existing control algorithms fail completely; further, as part of the decentralized control algorithm the utility needs to communicate with each power meter (a.k.a. potential generator) in essentially real time, to control any power it may generate.

      Having a meter that bills the customer only for the net of power used and generated is termed "net metering." This exists today, but cannot achieve wide-spread use without better communication with the meters. Utilities like net metering, because they get additional generating capacity without paying for new power plants.

      The Smart Grid, with its communication to individual power meters, effectively enables net metering: Homeowners can generate their own power, use what they need locally, then sell any surplus to the utility for use by others. The meter can inform the utility how much power it is supplying at any time, a number used by the utility to maintain network stability. If the utility has no use for the power at that moment, it can refuse the offer, again by communicating with the meter.

      • Why control it centrally at all?

        Design it so that each generator source get paid for what it generates and each consumer pays for what it takes, and can not get what is not there?

        The only information needed is quantity produced vs. consumed, with a dumb port to release power flow upon demand to a request. If there is not enough to satisfy a request, nothing gets distributed.

        Seems like this could be done easily with old technology in a way that would be more difficult to hack than new technology with everyth

        • Re: (Score:3, Insightful)

          by dtmos ( 447842 ) *

          I think you'll find the control problem, whether centralized or distributed, is orders of magnitude more complex than you envision. The hard part isn't the economic part, it's the electrical part: Maintaining a constant amplitude (i.e., voltage), frequency, and phase over a large (both in geographic area and node order) network, with limited ability to transfer power from one point to another, is a very difficult problem -- especially when one has limited control over the applied load, and limited generat

      • by Tuoqui ( 1091447 )

        Since power generated in a grid cannot be effectively stored, it must be used when generated.

        Actually power companies are actually banking on Electric Vehicles with their massive battery packs of storage as being integral portions of the electrical grid so that they will finally be able to store large amounts of electricity.

        Decentralized power generation, however, is a completely different type of control problem.

        You're right but I don't believe that the problem is that complex. If each house is a power generating station using Solar Panels, Wind Turbines, etc... then such a house would only need to 'import' the shortfall during times when it is in high drain. It is also possible that su

        • by dtmos ( 447842 ) *

          Actually power companies are actually banking on Electric Vehicles with their massive battery packs of storage as being integral portions of the electrical grid so that they will finally be able to store large amounts of electricity.

          Very true. This is not a panacea, however, as utilities' peak load is typically around 5 PM (1700) local time, when most cars are not attached to the grid, and most drivers typically would plug in their vehicles in the evening, a high-load time. Solutions to the latter problem

          • by Tuoqui ( 1091447 )

            Well I do not know why peak load is at 5PM when everyone presumably gets off work and goes home. I suppose with smart grid technology it would be possible for a utility to remotely turn off the lights in office buildings when someone forgot to do so thus saving some electricity. As long as there is some sort of manual override so that if someone is working late they can keep their light on.

            I agree that things are more difficult to deal with. The fact is solar power is designed to basically reduce the depend

            • by greed ( 112493 )

              In Ontario, summer peak load is around 4:15 PM, there's another, smaller, peak around 8-9 PM in the evening. The first peak comes about as you get the people on early shifts (7-3) starting dinner, turning on the TV, having the air conditioning come back to full, and so on. But that's happening while stuff is still going on in offices, shops, and the rest.

              The second peak in the evening is suspiciously close to when the utility has asked us to delay using the dish and clothes washers, clothes drier, and so

    • Denmark produces 20% of their power from wind turbines scattered all along the coast.

      That's about as de-centralized as you can get. A good example, if us in North America would like to do the same.

    • Actually, this bug demonstrates the vulnerability of a distributed system, not a centralised one.
      If there was one central computer to control them, the machines would have been set up
      for a single administration point, which would disallow the attack in question.
      Because a lot of 'outside machines' are regulated by a big semi-public network,
      the remote machines can be abused to create chaos.

      Creating a grid of small machines means that the small machines need to be as pridictable (

  • by dtmos ( 447842 ) * on Sunday March 22, 2009 @08:17AM (#27287465)

    This is non-news.

    There is no single "Smart Grid" device technology. At present there are many proprietary solutions from many different vendors, each using different communication protocols, computer hardware and firmware, and security methods. Each one of these vendors has its products in a very, very small fraction of the utility meters in the nation, most of which, of course, have no Smart technology at all. So the fact that these guys found one architecture vulnerable to a particular stack-overflow attack is bad for the vendor(s) that use it, but not indicative of an approacing nationwide catastrophe.

    Smart Grid system standards are under development, however, and those doing the development are exceedingly aware of the need for high security. The IEEE, for example, recently started a Smart Grid standardization effort, P2030 [eetimes.com], and the IEEE 802.15.4g Smart Utility Neighborhood Task Group [ieee802.org] effort is already underway. Since the utilities lose revenue -- potentially all revenue, plus destruction of capital assets -- if their equipment is cracked, they are very much a part of these standard development activities, and security is of constant concern. (There will undoubtedly be an industry consortium tasked with reviewing implementations of these standards.)

    • Re: (Score:3, Interesting)

      "Since the utilities lose revenue -- potentially all revenue, plus destruction of capital assets -- if their equipment is cracked, they are very much a part of these standard development activities, and security is of constant concern. (There will undoubtedly be an industry consortium tasked with reviewing implementations of these standards.)"

      Ironically, even in the face of lost revenue and destruction of equipment, power companies do not take security as seriously as you would have us all think. In som
      • by dtmos ( 447842 ) *

        I think the difference is that in your example the cost to the utility of the attack is that the attacker, and only the attacker, gets free power. That's obviously not what anyone at the utility wants, but until the number of people attacking in this way steal enough power that it costs the utility more in power than it does to equip everybody with more secure cards, it's actually the correct business decision to let the few steal.

        In the Smart Grid example, the entire grid could (conceivably) get pwned; it

  • by freaklabs ( 1359341 ) on Sunday March 22, 2009 @08:19AM (#27287481)
    The attack in question is a side-channel attack that is limited to using a microcontroller with an external 802.15.4 radio that includes an encryption engine. The actual AES-128 algorithm wasn't broken. Instead the vulnerability is that the AES keys are sniffed on the exposed bus when you load the keys into the radio's registers. Contrary to popular belief, you can't take over the nation's smart grid from this attack, and it would be difficult to even take over your neighbor's meter unless you broke into his house. I have more info on my site where I respond to the hack from Travis Goodspeed. The blog post is at http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html [freaklabs.org]

    Akiba
    FreakLabs Open Source Zigbee Project
    http://www.freaklabs.org/ [freaklabs.org]
    • Re: (Score:3, Informative)

      by smallfries ( 601545 )

      No it isn't, and if you had read the article instead of the summary before you tried to pump your own blog you would realise that what you describe is not the issue here at all. This is *not* the side-channel attack that your post talks about.

      Here are some basic clues:
      1. It's a worm
      2. It can spread from device to device over the network
      3. No external hardware is required, the exploit is purely software (see points 1 & 2).
      4. Goodspeed is not mentioned in connection with his side-channel attack on AES, bu

      • Re: (Score:2, Informative)

        by freaklabs ( 1359341 )
        Uhhh...I read the article. If it were a pure software exploit. It wouldn't be an expensive issue to fix as mentioned in the last line of the article.
        And if you read my blog article, you'd see that smart meters aren't able to communicate with each other and instead communicate on the utility's backhaul.
        And if you read my blog article, you'd see that Travis Goodspeed posted a blog article of his own detailing a side channel attack on 802.15.4.
        Uhhh...personally, I don't care if you read my blog or not, b
      • p.s. you succeed.
        • Hmmmm...I now realize that posting on Slashdot after I'm dead drunk is not a good thing...oh well...huzzah!!!
  • Frightening (Score:3, Insightful)

    by MobyDisk ( 75490 ) on Sunday March 22, 2009 @09:14AM (#27287673) Homepage

    Many of these devices are already deployed and it would be too dangerous to make the bugs known.

    and:

    Should one of these security bugs be made public, it wouldn't just be dangerous, it would also be expensive, costing utility companies big money as they went back and retrofitted their buggy systems, Pennell said.

    I love how they think that not releasing this information makes them safe. This is truly scary: Not like some Internet Explorer exploit on a user's desktop - this is the power grid! Someone is telling us that a remote hacker can take-over the entire power grid, and the companies are not going to stop everything and fix it? Holy crap that's negligent!!!

    It will be a heck of a lot more expensive to NOT fix this, than to fix it.

    (Yeah, I know, "preaching to the choir")

  • Am I mistaken, or did I read somewhere that these units were running a version of MS Windows? That alone would be shocking (horrifying).

    That would be problem one, securing the operating system (use Linux).

    I also wonder what, if any, logging and monitoring they are utilizing, or anti-virus (I'm guessing none).

     

  • We have done SO MANY things wrong over the last 8 years. This is but one more item. You would think that by this time, they would push to use the electrical grid itself, with a back up on the federal internet. Nope. Just more garbage that was pushed for far too long.
  • "The robustness of US power networks has been a hot-button issue after a technical glitch in 2003 caused a cascading power failure in the eastern United States and Canada that affected 55 million people"

    The nature of the 'technical glitch' was using Windows NT SCADA [computerworld.com] units to relay info over the Internet in the middle of the Blaster worm [computerworld.com] infestation. As was demonstrated in the earlier MS SQL Server 2000 worm [nrc.gov] infestation of a nuclear power plant.
  • These devices aren't even close to being in the mainstream yet. Personally I don't see any reason they could ever be made "secure" because by their very nature they need to be "accessible". These devices should NOT be allowed to become popular or mainstream. It's nobody's business but yours, the bill-payer, how much electricity you're using or what you're using it for, and nobody outside of your home should be allowed to control when your HVAC or clothes dryer is running. Create more energy-efficient device
    • by Tuoqui ( 1091447 )

      As long as this is voluntary...

      Some people would be happy to set their HVAC controls to the power company to let them adjust them up/down a degree or two from where they set them. There should always be an override at the site too.

      Remember sometimes the companies would be using these to prevent blackout/brownout conditions. If your power goes out completely then you have no HVAC or clothes dryer anyways.

  • I never liked the idea of the power companies having this kind of control. Maybe those little punk-asses (the kind who give hackers a bad name) are doing a public service by discouraging this sort of thing?

    Then again, I expect the ones with the money invested to sweep the problem under the rug, which will eventually end in disaster when an exploit is released for all the kiddies to play with.

  • by Animats ( 122034 ) on Sunday March 22, 2009 @12:52PM (#27289063) Homepage

    I hadn't been aware that "remote disconnect" was being incorporated into electric meters. Read this industry analysis of remote disconnect" [kema.com] for background. The "risk items" list doesn't even consider the implications of hostile attack.

    The purpose of "remote disconnect" is to get more control over customers. Utilities are considering using this to enforce collection, and even for prepaid electric service. It's another way to tighten the screws on poor people, like prepaid cellular and paycheck loans.

    There's another feature, current limiting - draw too much current and the power cuts off. The current limit can be set remotely. When someone gets behind on their bill, the power they can use is limited to survival levels until they pay up.

    Vulnerabilities in the remote management system could be a serious problem. Will the keys be kept in a Microsoft system? If you thought it was bad when credit card numbers were stolen, what happens when someone steals the meter key database? The meters have to be physically visited, one at a time, to reset the keys. And who would do that? The meter readers get laid off when this goes in.

    • by Animats ( 122034 )

      More on "remote disconnect":

      A utility statement [sce.com], from Southern California Edison: Application of Common Criteria was considered but deemed impractical to formally apply due to schedule. Much of SCE's process is borrowed from the Common Criteria. Choosing robustness levels. Graduated sense of robustness. Not requiring vendors to take to someone for certification.

      In other words, no outside validation of security, and no compliance with even the minimal Common Criteria standards.

    • by Tuoqui ( 1091447 )

      So will these 'disconnect/reconnect' fees disappear because all it takes is them pressing a button or two to turn things off/on instead of having to send a tech out to do the same?

      I agree though, such things are rather despicable way to punish the poor. Particularly if 'survival levels' are lower than survival requirements and who gets what 'survival level' is? Probably the CEO.

      • I don't know if these regulations are federal or state; but in many jurisdictions (maybe all, don't know) there are laws against turning off the power when it gets too cold. Here in Kansas at least, it's actually called the Cold Weather Rule. The company has to send personnel out to turn meters on. So no, the power company is not despicably punishing the poor. Even if it wanted to, it couldn't.

        Smart meters offer a lot more than simply remote disconnect. A great deal of what they offer is related to the

    • by dtmos ( 447842 ) *

      No, the purpose of "current limiting" is to get more control over the system peak loads, since the utilites (for a variety of good reasons, including environmental and regulatory concerns, and a variety of poor reasons, notably NIMBY problems) have been unable to increase generating and transmission capacity as fast as peak loads have been increasing.

    • Umm, you are incorrectly applying TCP/IP bandwidth demand to electricity demand. If the distribution company simply wanted to disconnect customers, they have breakers already in place to take care of that. But shutting off a retail customer violates the PUC agreements, and gets the utility in hot water (even if the customer isn't paying, but that's a separate issue). Utilities already measure peak customer current, and they build their systems to handle it. It's actually a fully recoverable expence -- w

  • Could be a real problem if terrorists exploit this weakness on any day of the year except the one on which Jack Bauer is working...
  • The IOActive research will probably never be released publicly: Many of these devices are already deployed and it would be too dangerous to make the bugs known.

    Hopefully they've tested the security of the computers that are storing this data. Wouldn't it be ironic if the IOActive computers were hacked and criminals got a hold of their worm?

  • by Orne ( 144925 ) on Sunday March 22, 2009 @07:33PM (#27293111) Homepage

    Dammit, I'm getting sick and tired of this. Since I was involved in the 2003 blackout investigation for an outside utility company, here's what happened:

    • First Energy (OH) had some lines trip. Because of a race condition in their EMS (Electric Management System), the program never recognized that the lines tripped. Their State Estimator locked up, giving the dispatchers false information. Their redundant backup had the same code, used the same inputs, and got in the same race condition, and there was no watchdog system like Tivoli to measure that the systems were not outputting data.
    • Outside companies who observed odd flows on their systems tried to commuinicate with FE regarding the trippings, but FE said that the trippings were a data error (not recognizing they were real)
    • An hour and a half later, the grid split due to additional overload trippings in FE, and it all went to hell
    • FE executives begin spinning the story so fast you could have generated electricity if you stuck magnets on them
    • In the investigation, they found that too many companies were not adequately protecting their SCADA systems (it was so convenient to put the controls on VPN so you can work on an issue remotely), despite this was not one of the root causes.
    • Six months later, the government issued a report saying every utility was at fault, gave FERC the ability to set industry standards, and gave NERC the ability to fine companies a $1 mil/day for violating those standards.
    • 5+ years later, we're all reacting to these CIP (Critical Infrastructure Protection) standards, which are all poorly defined, everyone's paranoid they may be violating something (which = fine), and so they're all overreacting by clamping down on anything that looks like a SCADA violation.

    I'm tired of all this editorializing that thinks that this stuff is related, but it's not. The root cause was incompetence at FE -- cutting budgets so hard they got rid of tree trimming, failure to communicate properly in emergency situations, and lack of situational awareness -- combined with an over-reaching government that thinks the underlying communcations networks are unsecured. The "technical glitch" was an AIX UNIX machine with poor ICCP error handling, a message queue that failed to empty, and dispatchers that weren't trained how to handle the lack of data. DHS runs one test (Aurora) where they pretend to take over a generator with SCADA, then over-excite it for like an hour before they got it to spark, then suddenly they think the whole grid's at risk so they can get more government funding to justify their existence.

  • Comment removed based on user account deletion
  • I always wondered why the grid had such a thing as load balancing feedback, which when the grid itself
    has a sector that goes down, it kicks into overdrive by jumping on the next grids load. I understand being able to let people keep having power, but I think the thing with that is if (we have seen in the past 55 million without power) we were to have 1 or 2 failures that pushed over the limit of the next grid, the cascading effect takes place and wipes out the whole grid.

    I prefer separating each sector but

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...