

Ask HN: Can a smart meter be made to lie to the Grid? - Cherian_Abraham

Maybe some among here might be working in the Smart Grid ecosystem and could help answer this question:<p>As Smart Meters become ubiquitous, for the sake of argument Can someone maliciously (using whatever exploits applicable at the moment) gain control of a number of smart meters, and would it then be possible to make those smart meters lie about their power usage to the utility grids? Then, they could create a botnet of these compromised smart meters and in turn convince the grid to pump more power to them and in the process, trigger rolling blackouts at other locations? A Denial of Service of sorts.. Is that possible?<p>Maybe someone here can tell me it is, but improbable, or its not and will never happen.
======
wmf
Hacking smart meters is definitely possible, but you can't hurt the grid that
way because meter data is only used for billing.

[http://rdist.root.org/2010/01/11/smart-meter-crypto-flaw-
wor...](http://rdist.root.org/2010/01/11/smart-meter-crypto-flaw-worse-than-
thought/)

~~~
sp332
There are smart meters that let the utility have some control over when air
conditioning and other large appliances (washers etc.) are powered on. I think
it would be pretty easy to maliciously turn _on_ those devices when the
utility sends the command to turn them off, e.g. crank up the A/C and spin up
the dryer when power is already in high demand.

------
dmlorenzetti
There was a seminar at UC Berkeley on this, on 8-April (I didn't attend,
though, and can't attest to its quality).

Link to a video: <http://www.youtube.com/watch?v=nj64jVIvKQU>

From the seminar abstract:

The smart grid will use automated meters, two-way digital communications
technology, and advanced sensors to save energy, improve electricity
efficiency and reliability. Use of these systems exposes the electrical grid
to potential cyber security and privacy risks. For instance, there have been
media reports of fears that a hacker could gain control of thousands, even
millions, of meters and shut them off simultaneously; or a hacker might be
able to dramatically increase or decrease the demand for power, disrupting the
load balance on the local power grid and causing a blackout.

------
savrajsingh
What you've imagined is pretty elaborate. You're assuming that meters can
'request power' and have more directed to them, and somehow this causes a
blackout (nothing in your statement said everyone's microwave & A/C switched
on at the same time, now that's how you cause a blackout). Since the goal of
the smart grid is the opposite -- "demand-response" -- that is, getting
appliances to 'turn off' or go in to a low-power mode when there isn't enough
supply, the scenario you imagine is unlikely.

That said, I'm sure we'll here of some amazing hacks that we didn't imagine
ahead of time. :)

EDIT: Ok, didn't think of this when I originally replied. Meters are being
issued with a "Remote Disconnect" feature so utilities can disconnect non-
paying customers. Seems like that will be hackable.

~~~
stonemetal
That still seems to be open to attack. Force all meters to low-power mode to
cause a "blackout", or perhaps fast cycle power modes in attempt to hurt
poorly made equipment.

~~~
bonzoesc
In Florida, we have FPL On Call[1], a smart meter program that allows the
power company to turn off your A/C, heating, water heater, or pool pump. I
suspect that if my A/C got cut off in the middle of summer, I'd probably just
use the pool 8)

But yeah, the fast cycling would probably break something.

[1]:
[http://www.fpl.com/residential/energy_saving/programs/oncall...](http://www.fpl.com/residential/energy_saving/programs/oncall.shtml)

------
eru
You could probably hack the smart meters, but how should `pump[ing] more power
to them' work? The utilities just try to hold the voltage constant, as people
are drawing power.

------
joezydeco
The ComEd (Chicago area) "smart meters" are really just recording meters, but
there is the option to have ComEd automatically cycle the load to your A/C
compressor when the real-time price gets too high.

I guess one could play havoc with that, make the utility think all the load
guards are operating when they're not, or vice versa. Don't think it would be
enough to whipsaw the grid into chaos unless everyone has it. Right now
adoption is pretty low.

------
gourneau
See the work of Travis Goodspeed
[http://travisgoodspeed.blogspot.com/2010/03/smartgrid-
skunkw...](http://travisgoodspeed.blogspot.com/2010/03/smartgrid-
skunkworks.html)

------
pnathan
Meters are not just straight up kW/h devices. They can be used for power
quality analysis, fault analysis, and whatever else the supplier can meter.
<http://www.selinc.com/metering/>

Note that in certain deployments you might have meters operating as sensors
(SCADA type setup), then some sort of central station running logic. So you of
course can consider that an architecture for a hacker to exploit.

For a brief note, this describes what happens:
[http://www.smartgridnews.com/artman/publish/commentary/Why_Y...](http://www.smartgridnews.com/artman/publish/commentary/Why_Your_Smart_Grid_Must_Start_with_Communications-526.html)

You can find some information in relation to this here:
<http://blog.iec61850.com/> which is run by <http://nettedautomation.com/>.

Cybersecurity in the power industry is a rising wave. It's been growing, but
Stuxnet really drew many eyes onto SCADA / power systems in the industry.

------
jpiasetz
Most of the smart meters aren't billing rated currently. Also the meter's
don't control how much electricity is generated.

As far as device control goes most of them only turn on and off simple
switches. The only area that is of concern is running people's furnaces or air
conditioning too much. Lots of vendors are moving away from directly
controlling the temperature and just focusing on controlling energy usage.

------
stretchwithme
Wouldn't the utility have smart meters at its own nodes? In other words, they
should be able to tell when the data gathered beyond a node that something
doesn't add up. Then they can look at usage patterns and find out what
changed.

Will the big, slow utility do this? Eventually.

