Securing the Smart Grid: The Road Ahead - Page 2
In 2008, IOActive researchers evaluated the security of a series of smart meter devices and uncovered several security vulnerabilities. In addition to being vulnerable to common attack vectors, IOActive achieved proof-of-concept, worm-able code execution on standard smart meters. Since the smart meter's radio communication chipset is publicly sourced and the communication protocols lacked authentication and authorization, IOActive researchers were able to leverage these weaknesses—among others—to produce a proof-of-concept worm. If an attacker were to install a malicious program on one meter, the internal firmware could be made to issue commands that would flash adjacent meters until all devices within an area were infected with the malicious firmware.
Theoretically, once the worm spreads to meters, the attacker gains several abilities including connecting and disconnecting customers at predetermined times; changing metering data and calibration constants; changing the meter's communication frequency; and rendering the meter non-functional.
While IOActive's findings are serious and warrant immediate attention, it is certainly not too late to secure the Smart Grid. So, how is that done, exactly? Just like remediating any serious security vulnerability, securing the Smart Grid is a joint effort that requires the support of utility companies, smart meter vendors, the government, and leading privacy and security experts.
To help meter vendors develop more secure products, IOActive advocates for the adoption of leading security methodologies including Microsoft's Secure Development Lifecycle (SDL). Taking a proactive stance, the SDL implements security and privacy measures during each stage of a product's development, requires third-party auditing, and conducts a final review before software is released. The SDL also makes business sense, as it is a proven tool to save money—studies indicate that overall project costs are 60 times higher when gaps in information security controls are addressed late in the development phase.
Following an SDL will help meter vendors resolve many of the design flaws discovered in their devices including the lack of layered defenses. Multiple layers of defense provide the best security, using the theory that if one mechanism fails you have several others to prevent a breach. It is especially important for smart meters to have a layered defense because they are installed on the outside of homes with minimal physical protection. Without a layered defense in place, someone with a basic understanding of electronics could easily steal a meter, reverse engineer it, and potentially uncover exploitable vulnerabilities.
Contributing to the lack of layered defenses, IOActive discovered that strong encryption, authentication, and authorizations were often poorly implemented in smart meter devices. IOActive found that many devices do not use encryption or implement any authentication before carrying out sensitive functions like executing software updates and performing disconnect operations. Even when meters had encryption algorithms in place, it was found that functionality was unmanageable, and that the keys were often exposed, extremely weak, and could be recovered through simple hardware hacking techniques.