Security catalogue presented for smart electrical power grids
The US government has published the first draft of its report entitled Smart Grid Cyber Security Strategy and Requirements, which aims to make the country's future smart electrical power grid more secure.
The goal of the Smart Grid is to make power supply more reliable and less resource-hungry. For example, smart meters (also called "advanced metering infrastructure" or AMI) would be used in homes to inform consumers about their current consumption, which could then be adjusted to current generation or distribution. It is expected that this approach will be faster at detecting and fixing brownouts. The US government wants Power Grid 2.0 to increase the efficiency of the current grid, which is currently running at its limit.
However, according to a study published in March, due to considerable security flaws in the systems, this energy supply infrastructure is more vulnerable to hacker attacks than the present infrastructure. Some of these flaws could even lead to a complete blackout. The study conducted by security service provider IOActive found that the devices used are especially vulnerable to buffer overflows and rootkits. In addition, the protocols used do not include any security mechanisms. The study found that unauthorised parties would be able to get access to systems and networks in order to launch attacks by transmitting arbitrary data to the systems used by power providers.
The 236-page draft, now released by the National Institute of Standards and Technology (NIST) for comments, specifies a number of requirements for the Smart Grid and the systems used behind it, with the goal of increasing integrity, availability, and confidentiality. Furthermore, the catalogue also describes organisational work flows, such as the handling of documents, security problems, and security events.
Apparently, attacks on power grids are already taking place. According to US Secret Service information, during the blackout in 2003 hackers from the Chinese army had access to a system in the US used to control the grid. This April, the Wall Street Journal cited US security officials who claimed that hackers from Russia, China, and other countries had penetrated parts of the control infrastructure. The New Scientist also recently published a report about research being conducted publicly at a Chinese university focusing on the reliability of the grid on the West Coast in the US. Data currently publicly available were apparently used to work up ways of bringing down the grid.