Smart grid technology vulnerable to attack, experts say
WASHINGTON — Billions of dollars in government stimulus money are encouraging utility companies to ignore security risks that could plummet large metropolitan areas into darkness, security experts say.
In 2009, the Obama administration provided nearly $4 billion to upgrade and digitize the nation’s electric grid and other utilities using “smart grid” technology. Since then, utility companies have been scrambling to roll out programs to install the new technology before federal funding dries up, often without regard for security, said Jonathan Pollet, the founder of the security consulting firm Red Tiger Securities.
“The utilities were in a mad grab for money, and almost every major utility was able to submit applications for almost free money,” he said.
Smart grid technology allows companies and consumers to monitor energy usage. Theoretically, this would enable consumers to reduce their energy bills and conserve at times when demand and prices for energy are high.
To do this, instead of utility companies sending power to consumers, smart meters at homes and businesses communicate back to the utilities, reporting usage without the need for technicians to visit the sites.
Pollet said his company found that the grid could be exploited at multiple points, starting at the meters on consumers’ homes. If left unprotected, he said, the two-way communication could act as a starting point for hackers, and if exploited it could cause significant blackouts such as the one in the Northeast in August 2003. That two-day outage affected as many as 50 million people and cost an estimated $6 billion.
In Central Texas, a handful of utility companies use smart grid technology, and officials with those utilities say they are aware of the security risks and challenges.
Austin’s Pecan Street Project won $10.4 million in federal stimulus money to create a smart grid demonstration project at the Mueller redevelopment in East Austin. Pecan Street officials said last year that the grant money will help turn Mueller — the city’s former airport, now a 700-acre community of homes, stores and businesses — into a smart grid model community.
Austin Energy has not used any stimulus funds to pay for such projects but is looking into installing smart grid components in the city.
“We are only in the pilot stage of concept,” spokesman Ed Clark said. “This will be a very deliberative process, so when we are ready to implement, we will make sure that it’s properly installed, properly protected and takes advantage of the best technology. As smart grids get developed, the technology to protect those girds and ensure their reliability is also going to be developed.”
The Bastrop-based Bluebonnet Electric Cooperative launched a smart grid project for its Central Texas custom- ers in June. Leslie Barrios, manager of information technology support, said a blackout as severe as the one in the Northeast in 2003 is highly unlikely.
“Never say never, but there are layers of protection around that,” she said. “In 2003, smart grids were barely even understood. Lessons have been learned and new technologies have been taken advantage of.”
Computer-security research- ers have said smart meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.
Oncor Electric Delivery Co. is installing smart meters in parts of Williamson and northern Travis counties. Austin Energy already has installed smart meters for most of its customers. The City of San Marcos has installed smart water and electric meters.
Luke Clemente, general manager of Metering Sensing and Systems at General Electric Co., said there’s an ongoing industry effort to secure the grid at all points.
“We’re always looking for vulnerabilities and addressing those vulnerabilities,” he said, “but you’re never done with cybersecurity. It’s a living process.”