Communications of the ACM
Security Pros Question Deployment of Smart Meters
PG&E
The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.
But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.
“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week.
The panel included Seth Bromberger, manager of information security at Pacific Gas and Electric, a San Francisco-based utility company that provides natural gas and electrical services to customers in Central and Northern California and is in the forefront of the smart-meter rollout; and Matt Franz, principal security engineer at Science Applications International Corporation.
Carpenter serves on the AMI-SEC Task Force, a group working on developing security guidelines and best practices for smart-meter infrastructure, and has done penetration testing on smart-meter systems to uncover security issues. He said the most common vulnerability he’s seen so far is susceptibility to “cross-site request forgery” on the control systems.
“That took me by surprise,” he said. “That’s not something that I would have imagined to be one of the greatest vulnerabilities found.”
From Wired
View Full Article
No entries found