My Security Thoughts – The Smart Grid & The Danger to You by @mhbjr

Just happened to run across some papers talking about the Smart Grid. Wikipedia has the following for the smart grid:

A smart grid is a modernized electrical grid that uses analogue[1] or digital information and communications technology to gather and act on information, such as information about the behaviors of suppliers and consumers, in an automated fashion to improve the efficiency, reliability, economics, and sustainability of the production and distribution of electricity.[2] Electronic power conditioning and control of the production and distribution of electricity are important aspects of the smart grid.

Ok if we look at this we see the words ‘to gather and act on information, such as information about the behaviors of suppliers and consumers’. Without looking at the rest of the wording I am given to pause. The utility industry needs to gather and act on information about me? The hairs on the back of my next are starting to raise but let’s keeps riding this train.

At a past conference of security professionals, I started a small argument between a presenter and some utility industry personnel when I asked when the smart grid is ubiquitous who owns the consumer’s data/information? In the end the best answer I received was that it depends. It could be owned by the state, the utility, or a combination of both. The one entity that they agreed would not own that data is the consumer.

Some may say so what, utilities have my data on electric usage in my home. Well based on the smart grid proposals and the ability of appliances to gather information, those with access to your data will be able to determine how many TVs, computers, etc. are in your home.

Side Note: Since I mentioned TVs in the previous paragraph, there is a big stink brewing about how some Samsung TVs handle the voice recognition. It sounds like they are capturing the conversations in your residence and giving it to 3rd parties. Read more here: http://techcrunch.com/2015/02/10/smarttv-privacy/#SYTjBb:Hcg

Now back to the original thread: They will be able to ascertain when you get up, enter the shower, leave for work, and time you return home on any given day. This data will provide the number of residents and what age category they can be placed.

Let us look at a single female or single mother with small children, a criminal will be able to determine when is the best time to commit a robbery or even worse a stalker or rapist the best time to carry out their evil deed. Types of alarm systems may be noted due to their power consumption giving better planning for break-ins.

This will give an advantage to those planning a crime in that they do not have to perform as much on site surveillance. They can purchase the data from the local utility that is willing to do a lot of the legwork for them, commendable (that was sarcasm).

I have also done some study on the national electric grid in the past. Control of the electrical generators and substations that make up the national electric grid are called Supervisory Control and Data Acquisition (SCADA) systems. SCADA systems were not designed with security as one of the requirements as a top priority. These systems have been hacked.

There have been a number of presentations on hacking the new smart grid systems. The smart grid systems have as one of their components the SCADA systems. In my humble opinion we are opening up the attack fabric or the number of ways that an individual can get to the control systems. I do not feel comfortable with this direction.

I am not going to dwell on the dark side for too long because there are other aspects of this I would like to cover. When you read the Wikipedia entry the word behavior or behaviors appears in this part only. The word consumer is spread throughout the entry. It is my take that government and the utility industry are selling the smart grid as a way to give consumers more control of their electricity usage. The spin I see is, consumers look here you can have more control, your appliances will be smarter, you will save, save, save.

It is my belief that consumers will see a saving when compared to the charges that will occur if you don’t utilize the smart grid. In other words, if you don’t use the new equipment then you will pay an increased cost but it will be less when you use smart grid technology. Now what we need to do is track the average cost now of those who don’t have smart grid compatible equipment and appliances and compare that with their average cost after getting smart grid compatible equipment.

Businesses are not in the business of saving consumers money. The utilities are notorious for getting all the fees they can from consumers, businesses, and even the government. We in the Washington, DC metro area even have to pay a certain price for the utilities to get the power back on. I am paying when I am not receiving anything. Also what utility has gone out of business, stock investment?

In ending this thread, it is my belief that we will buy into the smart grid because it has a lot of blinking lights, pushes pseudo control to the consumer, while giving more information about us to entities we can’t imagine.

What do you think?

3 Trackbacks & Pingbacks

  1. My Security Thoughts – The Smart Grid & The Danger to You by @mhbjr | infopunk.org
  2. My Security Thoughts – The Smart Grid & The Danger to You by @mhbjr | infopunk.org
  3. Veille Cyber N14 – 28 février 2015 |

Leave a Reply

Your email address will not be published.


*


error: Content is protected !!