|
 |
The Dark Side of Smart Grids
by Lee H Goldberg
What’s not to like about smart grids? The interactive, two-way capabilities they will add to our antiquated power distribution networks will make them more efficient, more resilient, and able to work with new, clean distributed generation and storage systems. Besides any environmental benefits they will give us, the economic benefits will be even greater as the new, open power grid becomes as much of a platform for driving innovative energy technologies as the Internet is for computers. But what if the very openness of such a smart grid encourages the same kinds of mischief that is commonplace on the Internet?
Don’t get me wrong, I think that smart grids are not only cool, but essential to moving our society towards a sustainable future. It’s just that there are some very real security issues that could arise when you give everything with an electric plug the ability to chat with the electric meter – and maybe even its fellow appliances. I don’t want to wake up one morning to find that some script kiddy has spoofed my power meter into telling the refrigerator and freezer to initiate their defrost cycles or convinced my electric vehicle to feed the entire contents of its batteries back into the grid.
Heck, if the home power network protocol we decide to standardize on isn’t secure enough, these kinds of antics might be the least of our worries. For example, what would happen if, at the peak of a heat wave, several hundred thousand electric vehicles and plug-in hybrids all received an unauthorized broadcast message saying that electric power would be cheap for the next hour and they should start charging their batteries? I’m currently trying to track down and verify the authenticity of an Air Force study I’ve heard about that includes an account of a team of programmers that actually used similar techniques to destroy a large generator by remote control.
But even if our generating plants and our homes are safe against overt malicious intrusion, will the very intelligence of our smart homes make the smart grid a conduit for more personal information than we’d bargained for? The home energy management systems being marketed today are doing a great job at providing their owners with a much better understanding of their energy use patterns than was ever possible before. Companies like Green Box, Tendril, and Trilliant all offer users a web-based dashboard that provides users with an accurate minute-by-minute energy consumption profile. In fact, they’re so accurate that one analyst I talked with was able to identify the types and brands of appliances operating in a home simply by their energy signature. If your home is smart enough to generate a detailed energy profile, whose data is it? Yours? The power company’s? The police, FBI, or the hacker who just tapped into your Wi-Fi network? And even if you are properly guarded against unauthorized access, do your friends at the power company have a right to extract the details of your personal life from your power profile and sell them to data mining companies?
Within a decade, I’m hoping that smart grids start to change our lives and our economy for the better, in much the same way the Internet did a little over a decade ago. But, unless we apply some of the tough lessons we’ve learned from twenty years of securing the Internet to the protocols that will govern how our homes and the equipment inside them interact with the grid, it’s a sure bet that someone’s going to figure out a way to do some serious damage – either to our homes, our power infrastructure, or our privacy.
Comments? Questions? Discounts on custom-fitted tinfoil hats?
Write me at lhg at en-genius dot net or post your comments on our blog.
|
|
|
|
|
