The Smart Grid infrastructure promises to deliver significant benefits for many generations, but first we need to address its inherent security flaws. IOActive believes that the Smart Grid and Automated Metering Infrastructure (AMI) markets would benefit from the adoption of a formal Security Development Lifecycle and independent, third-party security assessments.
—Joshua Pennell, President and founder of IOActive
Due to its complexity, large number of stakeholders, and highly time-sensitive operational requirements, securing the Smart Grid and its related infrastructure is a major concern for both the utility industry and government regulatory agencies. The research firm, Park Associates, estimates that there are eight million Smart Meter, or AMI, devices in field use today, and this number is forecast to grow to over 33 million in 20111. Meanwhile, the North American Electric Reliability Corporation, the Federal Energy Regulatory Commission, and the National Institute for Standards in Technology are busy developing a detailed roadmap for Smart Grid security. Failure to follow their guidelines could result in hefty fines. The time is now for the utility sector to protect their investment by demanding that Smart Meters come equipped with the types of security protection afforded to computers on a standard enterprise network.
The potential damages from leaving the Smart Grid unsecured go beyond fines from regulatory agencies. IOActive researchers performed a series of "black-box" penetration tests on several standard Smart Meter devices. These tests revealed vulnerabilities to multiple common attack techniques, including the ability to create a worm that grants the attacker full control of all exposed devices. An attack of this nature could spread through a utility grid, disconnecting customers, and rendering meters non-functional. Recovery from such an event would be costly, time-consuming, and incredibly damaging to the utility's reputation.
IOActive is uniquely prepared to help utilities protect their infrastructure and thrive from the Smart Grid's benefits. We are spearheading efforts to secure Smart Meter AMI devices by introducing proven best practices to test quality, security, and reliability throughout the product lifecycle. As pioneers in Smart Grid systems security, we are at the leading edge in providing leadership, expert techniques, and accurate results in our security assessments.
1. Source: Over Eight Million
Smart Meters Deployed in U.S., Millions More to Come (July 14, 2009).
