Who Controls the Off Switch?
We're about to acquire a significant new cybervulnerability. The world's energy utilities are starting to install hundreds of millions of 'smart meters' which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay tariff; secondary purposes include supporting interruptible tariffs and implementing rolling power cuts at times of supply shortage. The off switch creates information security problems of a kind, and on a scale, that the energy companies have not had to face before. From the viewpoint of a cyber attacker - whether a hostile government agency, a terrorist organization or even a militant environmental group - the ideal attack on a target country is to interrupt its citizens' electricity supply. This is the cyber equivalent of a nuclear strike; when electricity stops, then pretty soon everything else does too. Until now, the only plausible ways to do that involved attacks on critical generation, transmission and distribution assets, which are increasingly well defended. Smart meters change the game. The combination of commands that will cause meters to interrupt the supply, of applets and software upgrades that run in the meters, and of cryptographic keys that are used to authenticate these commands and software changes, create a new strategic vulnerability, which we discuss in this paper.
Posted pursuant to the creative commons license at http://creativecommons.org/licenses/by-nd/2.5/
There's More to This Story
Get more. You can read the rest of this story and other exclusive content as a Control Global community member. It's FREE, and it’s easy. We just need your name and email address. Then you can read everything you want on our site and even comment on it.
Author: Ross Anderson and Shailendra Fuloria, Computer Laboratory | File Type: PDF
Find more white papers on Safety Instrumented Systems