Then there are the systemic threats . . .
When I was getting my solar panels installed, I couldn’t wait to see my electric meter literally spin backwards. Alas, as part of the process, the utility swapped out the old analog meter. That spinning metal disk had been a reminder of the raw mechanical power—giant turbines, mighty waterfalls, searing furnaces—that stood at the other end of the dainty wires running into my house. Now, instead of a disk, I have flashing digits, which seem more ethereal. In return, the new meter is more capable, which is why power companies are installing smart meters by the millions. But a lot of people worry they are a little too capable.
If someone in a utility control room can read your meter remotely, shut off power to your house, and modulate individual appliances to shed load during peak hours, then so could hackers. As the number of smart meters grows, so does the incentive for criminals and terrorists to misuse them. Concern has been mounting for several years. In early 2009, IOActive, a security firm, demonstrated how little it takes is to break into smart-meter networks. Last year, computer security expert Nate Lawson of Root Labs hacked a smart meter radio module he’d bought on eBay for $30. Many people who’ve gotten the meters complain about incorrect readings, often with good cause. After all this, I begin to wish I had my old spinning wheel back.
I spoke yesterday with Ben Jun, vice-president of the security firm Cryptography Research, about the risks. The good news is that homeowners don’t need to worry too much about hackers taking over our lights. “I don’t think I’d be too scared about switching over to a smart meter,” he said. At least, not yet. If utilities bungle the transition, Jun says some of the scare stories could come true.
One concern is that homeowners could jimmy their meters. Power theft already saps a percent or two of U.S. electricity production, and much more in other countries; there are pages all over the web showing how to fool a mechanical meter. But at least physical tampering is easy to spot. An unsecured smart meter could be reprogrammed without any visible trace.
Another problem is privacy. By monitoring your power use, utilities get to know rather more about your household routines than you’d like them to. It never ceases to amaze me how much you can learn from simple wattage measurements. Each appliance in your house causes a telltale fluctuation in power, and websites such as PlotWatt and EnerSave can analyze the output of a home power monitor to see how often you run what appliance—useful self-knowledge for those of us looking for ways to conserve energy. Imagine what marketers (let alone burglars) would pay for that information.
Then there are the systemic threats. As electrical engineer David Nicol warns in our July issue, the “smart grid”—the networking of control systems of generators and substations—is a veritable playground for mischief-makers. A government cyberwar exercise in 2007, shown vividly in footage obtained by CNN, caused a generator to self-destruct. In effect the generator was forced to fight the raw mechanical power of the rest of the grid, and lost.