Smart Meters Can Be Hacked: Security Experts

Experts say security concerns could threaten power grid

Digital electric meters being installed throughout North Texas could be sabotaged, according to security experts.

Unlike analog electric meters that have a wheel that spins and dials that record total electric use, the so-called "smart meters" are digital with a tiny computer and wireless communication capability.

"There's a little processor in here doing the work now; there's software," said Mitchell Thornton at Southern Methodist University in Dallas.

Mitchell works in the HACNet Lab at SMU's Computer Science and Engineering Department, which is studying potential problems hackers could cause with the new digital meters.

"They could cause some kind of mass disconnect for the neighborhood or part of the grid," said Suku Nair, of HACNet. "It could be the whole Dallas area."

Workers with North Texas electric provider Oncor are fanning out across the region to replace more than three million of the old analog meters with the new "smart" meters in the next few years.

"That's one of the largest and most comprehensive exchanges in the country," said Oncor spokesperson Carol Peters.

Customers have already started paying for the meters with a state-approved rate hike of $2.21 a month for the next 11 years, a total of $291.72 per meter.

The company says it is a good deal for customers.

"We anticipate there will be about $200 to $300 a year savings just from the knowledge that consumers gain from these meters," Peters said.

Instead of waiting for a monthly power bill to arrive to track your usage, a wireless device -- sold separately -- could read the smart meter constantly.

Future rates may vary by time of day to reflect peak demand periods and future appliances will communicate with the digital meter.

"They will also be able to decide, 'When's the best time to run the air conditioner? When's the best time to run the washer or dryer?'" Peters said.

Smart meters offer several advantages for power companies. Constant monitoring allows more accurate power generation and distribution.

"Every 15 minutes, Oncor will be reading a meter," Peters said. "In the past, we've done once a month."

And the meters approved for Texas give companies the ability to remotely connect and disconnect customers.

But that also poses a security concern, experts say. If the company can remotely disconnect service through a smart meter, a hacker could do so, too.

"That person drives through the alley way of a neighborhood, sends that command to every meter and disconnects all those residents from power," Thornton said.

Or the sabotage could occur from the power company's computer.

"They can get in the server, and then it's the broadcast effect. They can go to multiple meters and do the same thing," Nair said.

Usage information that would be stored in the meter could also permit a hacker to see inside a home. Data on the times of day when less electricity is used could offer a burglar better knowledge about when to stage a break-in.

"You'll be able to measure a lot more than just overall power usage," Thornton said.

Oncor said it is installing multiple layers of security to guard against all of these threats.

"We are designing a comprehensive system that has both human and technological protection for the consumer," Peters said. "And the interaction between the meter and the house is secure, so there's no opportunity for anyone else to observe your data."

But the meters are already being installed, and experts argue utilities have not perfected protection yet.

"I would say we are in the early stages of incorporating serious security measures for these things," Nair said.

The researchers at SMU and other institutions are working to find weak spots in hopes companies will pay them to guard against those threats.

"Just like the bank would do, if you have better security, you can attract more customers," Nair said.

More Information:

Contact Us