Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Can a smart meter be made to lie to the Grid?
17 points by Cherian_Abraham on April 13, 2011 | hide | past | favorite | 12 comments
Maybe some among here might be working in the Smart Grid ecosystem and could help answer this question:

As Smart Meters become ubiquitous, for the sake of argument Can someone maliciously (using whatever exploits applicable at the moment) gain control of a number of smart meters, and would it then be possible to make those smart meters lie about their power usage to the utility grids? Then, they could create a botnet of these compromised smart meters and in turn convince the grid to pump more power to them and in the process, trigger rolling blackouts at other locations? A Denial of Service of sorts.. Is that possible?

Maybe someone here can tell me it is, but improbable, or its not and will never happen.




Hacking smart meters is definitely possible, but you can't hurt the grid that way because meter data is only used for billing.

http://rdist.root.org/2010/01/11/smart-meter-crypto-flaw-wor...


There are smart meters that let the utility have some control over when air conditioning and other large appliances (washers etc.) are powered on. I think it would be pretty easy to maliciously turn on those devices when the utility sends the command to turn them off, e.g. crank up the A/C and spin up the dryer when power is already in high demand.


There was a seminar at UC Berkeley on this, on 8-April (I didn't attend, though, and can't attest to its quality).

Link to a video: http://www.youtube.com/watch?v=nj64jVIvKQU

From the seminar abstract:

The smart grid will use automated meters, two-way digital communications technology, and advanced sensors to save energy, improve electricity efficiency and reliability. Use of these systems exposes the electrical grid to potential cyber security and privacy risks. For instance, there have been media reports of fears that a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously; or a hacker might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout.


What you've imagined is pretty elaborate. You're assuming that meters can 'request power' and have more directed to them, and somehow this causes a blackout (nothing in your statement said everyone's microwave & A/C switched on at the same time, now that's how you cause a blackout). Since the goal of the smart grid is the opposite -- "demand-response" -- that is, getting appliances to 'turn off' or go in to a low-power mode when there isn't enough supply, the scenario you imagine is unlikely.

That said, I'm sure we'll here of some amazing hacks that we didn't imagine ahead of time. :)

EDIT: Ok, didn't think of this when I originally replied. Meters are being issued with a "Remote Disconnect" feature so utilities can disconnect non-paying customers. Seems like that will be hackable.


That still seems to be open to attack. Force all meters to low-power mode to cause a "blackout", or perhaps fast cycle power modes in attempt to hurt poorly made equipment.


In Florida, we have FPL On Call[1], a smart meter program that allows the power company to turn off your A/C, heating, water heater, or pool pump. I suspect that if my A/C got cut off in the middle of summer, I'd probably just use the pool 8)

But yeah, the fast cycling would probably break something.

[1]: http://www.fpl.com/residential/energy_saving/programs/oncall...


You could probably hack the smart meters, but how should `pump[ing] more power to them' work? The utilities just try to hold the voltage constant, as people are drawing power.


The ComEd (Chicago area) "smart meters" are really just recording meters, but there is the option to have ComEd automatically cycle the load to your A/C compressor when the real-time price gets too high.

I guess one could play havoc with that, make the utility think all the load guards are operating when they're not, or vice versa. Don't think it would be enough to whipsaw the grid into chaos unless everyone has it. Right now adoption is pretty low.


See the work of Travis Goodspeed http://travisgoodspeed.blogspot.com/2010/03/smartgrid-skunkw...


Meters are not just straight up kW/h devices. They can be used for power quality analysis, fault analysis, and whatever else the supplier can meter. http://www.selinc.com/metering/

Note that in certain deployments you might have meters operating as sensors (SCADA type setup), then some sort of central station running logic. So you of course can consider that an architecture for a hacker to exploit.

For a brief note, this describes what happens: http://www.smartgridnews.com/artman/publish/commentary/Why_Y...

You can find some information in relation to this here: http://blog.iec61850.com/ which is run by http://nettedautomation.com/.

Cybersecurity in the power industry is a rising wave. It's been growing, but Stuxnet really drew many eyes onto SCADA / power systems in the industry.


Most of the smart meters aren't billing rated currently. Also the meter's don't control how much electricity is generated.

As far as device control goes most of them only turn on and off simple switches. The only area that is of concern is running people's furnaces or air conditioning too much. Lots of vendors are moving away from directly controlling the temperature and just focusing on controlling energy usage.


Wouldn't the utility have smart meters at its own nodes? In other words, they should be able to tell when the data gathered beyond a node that something doesn't add up. Then they can look at usage patterns and find out what changed.

Will the big, slow utility do this? Eventually.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: