Being Stupid About Smart Grids

We've all been reading about the so-called “Smart Grid”, a system that allows utilities to have better information about and control over their systems. Smart grids are supposed to be more efficient and cost effective because the utilities will be able to tailor system operations to demand on a minute by minute basis. The biggest problem with implementing the communications needed in order to make smart grids possible.

Frankly, I always thought the utilities would use encrypted low power radio links (telemetry only), fiber optic networks, or even power line communications to link the control and telemetry systems back to the operations centers. I also thought they would use closed systems, meaning there would be no direct connection to public data networks (the Internet), keeping them separate for security purposes.

I was wrong.

It appears a number of utilities are looking to use the public cellular networks to provide communications for their smart grid systems.

This is an idea that leaves them open to being compromised by hackers. And while some may claim that encryption will help keep the systems secure, there is no such thing as a “secure” system if there is a publicly accessible portion to the network. Almost any encryption system can be cracked given enough time and effort, either through brute force decryption, the exploitation of overlooked system vulnerabilities, or through critical information obtained from someone inside the utility.

This is a bad idea, one that can lead to compromised electrical, water, and gas utility systems being brought down through cyber attacks by groups unfriendly to the US.