In this interview, Professor Glen Chase brings to light some absolutely KEY information in the areas of privacy and health regarding ‘Smart’ Meters, using primary data including information obtained under a court order. Prof. Chase interprets and makes this information highly accessible.
Once you have seen it, please re-post and forward it to your loved ones and contacts. Don’t pass this one up.
Thalia Assuras from EnergyNow.com sat down with former CIA Director James Woolsey to discuss the current state of the nation’s electric grid and its vulnerabilities. Woolsey says the federal government’s oversight of grid security is inadequate and attacks on the grid are “entirely possible”.
“No one in charge of security for the grid, whether it’s cyber or transformers or whatever. You can search forever through the federal code to try to find who that person might be.”
“And a so-called ‘Smart Grid’ that is as vulnerable as what we’ve got is not smart at all, it’s a really, really stupid grid.”
This video is from a 2007 CNN report whereby researchers launched an experimental cyber attack (virtual realm) on a power generator which caused it to actually self-destruct (physical realm). This apparently alarmed the federal government and energy industry so much that they ploughed on with a plan to increase the susceptibility of the grid to cyber attack.
The threats posed by hacking into a less secure Smart [sic] Grid are manifest and very real. It now seems evident that the effort to bring it about represents a risk to our energy supply of gigantic proportions – for a supposed estimated gain of just £24/year per household. Former CIA Director James Woolsey recently called the Smart Grid idea “really, really stupid”. It also seems to be really, really dangerous.
[SSM UK comment] We seem to be experiencing a surge in stories being contributed to us which warn about the unnecessary systemic vulnerabilities that a Smart [sic] Grid presents. Remedying this – if indeed possible – can only add to the burden on tax payers and bill payers. The excerpts included below are from a report from the FBI’s cyber intelligence bulletin.
~ Hacks against so-called “smart meters” over the past several years may have cost just a single U.S. electric utility hundreds of millions of dollars annually.
~ The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology.
~ Spot checks found that one in ten smart meters had been modified! The company estimates the resulting losses at up to $400 million (around €300 million) per year.
~ Suitable probes are available online for around $400 and are connected to a laptop which runs software to modify the meter’s settings.
~ The software needed to carry out the hack is freely available online. The hack does not damage the smart meter hardware or require its removal.
~ The FBI warns that insiders and individuals with only a moderate level of computer knowledge are likely able to compromise meters with low-cost tools and software readily available on the Internet.
~ “The FBI assesses with medium confidence that as Smart Grid use continues to spread throughout the country, this type of fraud will also spread because of the ease of intrusion and the economic benefit to both the hacker and the electric customer,” the agency said in its bulletin.
~ “This is a well-known and common issue, one that we’ve warning people about for three years now, where some of these smart meter devices implement unencrypted memory”
~ The two researchers were slated to demo their smart meter hacking tools at the Shmoocon security conference earlier this year, but agreed to pull the presentation at the last minute at the request of several vendors and utilities that they declined to name.
[SSM UK comment] We issued a video earlier featuring David Chalk, but this press release just came in and is a must read – posted here in full with the video re-embedded via BusinessWire.com and ThePowerFilm.org. Please circulate.[/]
“100% certainty of a total catastrophic failure of entire energy grid within 3 years – worse than nuclear war”
VANCOUVER, British Columbia–(BUSINESS WIRE)–The vulnerability of the energy industry’s new wireless smart grid will inevitably lead to lights out for everyone, according to leading cyber expert David Chalk. In an online interview for an upcoming documentary film entitled ‘Take Back Your Power’ (www.ThePowerFilm.org), Chalk says the entire power grid will be at risk to being taken down by cyber attack, and if installations continue it’s only a matter of time.
“We’re in a state of crisis,” said Chalk. “The front door is open and there is no lock to be had. There is not a power meter or device on the grid that is protected from hacking – if not already infected – with some sort of trojan horse that can cause the grid to be shut down or completely annihilated.”
“One of the most amazing things that has happened to mankind in the last 100 years is the Internet. It’s given us possibility beyond our wildest imagination. But we also know the vulnerabilities that exist inside of it. And then we have the backbone, the power grid that powers our nations. Those two are coming together. And it’s the smart meter on your home or business that’s now allowing that connectivity.”
Chalk also issued a challenge to governments, media and technology producers to show him one piece of digital technology that is hack-proof.
“The computer companies that are involved, the manufacturers that are involved, bring forward a technology and I will show you that it’s penetrable,” said Chalk. “I’ll do it on national TV, I’ll do it anywhere. But I can guarantee you 100% that there is nothing out there today – nothing – that can’t be penetrated.”
Chalk’s strong words come amidst increasing reports of the smart grid’s fatal insecurities, even from the governments and energy companies who are forcing their hand with the smart program. “Every endpoint [meter] is a new potential threat vector,” according to Doug Powell, manager, SMI Security, Privacy & Safety, for Canadian utility BC Hydro.
And in an interview with EnergyNow.com, former CIA Director James Woolsey was also highly critical of energy policy makers, whose plans received multi-billion dollar funding as part of the Economic Stimulus Act of 2008. “The so-called ‘smart grid’ that is as vulnerable as what we’ve got now is not smart at all,” said Woolsey. “It’s a really, really stupid grid.”
But there’s more. In an audit released in January, the US Inspector General Gregory Friedman was also highly critical. “Without a formal risk assessment and associated mitigation strategy, threats and weaknesses may go unidentified and expose the … systems to an unacceptable level of risk,” Friedman wrote.
Energy officials knew of these weaknesses but approved plans for the projects anyway, auditors said. “The initial weaknesses had not always been fully addressed, and did not include a number of security practices commonly recommended for federal government and industry systems.”
And security is not the only technologically-based obstacle faced by smart grid proponents. In March, alarm bells were rung following current CIA Director David Patraeus’ confirmation that governments will use wireless smart appliances to spy on citizens. “Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters,” Patraeus said at a meeting of In-Q-Tel, the CIA’s venture capital firm. He added that this will prompt a rethink of “our notions of identity and secrecy.”
With strong criticism to the smart grid now coming from many directions, energy corporations and governments now have the challenge to explain to an increasingly unapproving public why they continue to fast-track smart grid installations.
Citizen groups and organizations throughout the US, Canada and Europe have launched legal actions to stop the installation of smart meters. They cite issues such as cost increases, health risks, privacy concerns, grid vulnerability and the lack of democratic process. In Chalk’s home province of British Columbia, Citizens for Safe Technology (www.citizensforsafetechnology.org) and the BC Coalition to Stop Smart Meters are leading a growing challenge.
Options for opting out of the smart metering program have been announced in markets including California, Maine, Vermont, Louisiana, Michigan, Connecticut, Quebec, the UK and the Netherlands. In the US, several regions including the counties of Santa Cruz and Marin are enforcing outright moratoriums.
“Unless we wake up and realize what we’re doing, there is 100% certainty of total catastrophic failure of the entire power infrastructure within 3 years,” said Chalk. “This could actually be worse than a nuclear war, because it would happen everywhere. How governments and utilities are blindly merging the power grid with the Internet, and effectively without any protection, is insanity at its finest.”
The full video interview with David Chalk can be seen on www.thepowerfilm.org. The feature film documentary ‘Take Back Your Power’, which critically examines the smart grid program, will be released online this spring.
Image: US National Oceanic and Atmospheric Administration (NOAA)
Dr. Isaac Jamieson has issued an Addendum to his report on Smart Meters - which was commissioned by the Radiation Research Trust - detailing Smart Grids’ increased vulnerabilities to Space Weather, Manmade Electromagnetic Pulses and Cyber Attacks. The full Addendum is available here.
We are grateful to Dr. Jamieson for his extensive work in assessing the many significant risks associated with Smart Meters and Smart Grids, and for permitting us to post the following summary for our visitors and members. We encourage everyone to read the full addendum and to review the full list of references Dr. Jamieson has drawn upon.
It is predicted by NASA and by the NOAA that the Sun may be entering a particularly energetic period (similar to that in which the most powerful solar storm ever recorded occurred), with very energetic solar storms happening every couple of months instead of years, with activity peeking around 2013-‐ 2014. Scientists are already talking about the likelihood of solar “blackswan event” in 2012. The risks posed by space weather are known and significant, a severe event could potentially have serious impacts upon infrastructure and society. The UK National Security Strategy identifies space weather as a Tier 1 risk, the highest of identified “priority risks.” Under the worse case scenario, large areas of the Earth could be without electricity for long periods, possibly several months, with high loss of life. Countries, and areas, with “fragile” grid infrastructures are likely to be affected most -‐ smart grid electronics may introduce additional vulnerabilities to exposed grids. The use of Smart Meters instead of analogue meters may also increase risk, as they are more likely to be damaged by solar events.
Practicality, Security, War, Terrorist or Cyber-Attack
It is recognised that if countries fail to implement suitable measures to protect themselves against electronic attack they leave themselves open to extreme danger.
Manmade EMP Events
High-‐Altitude Electromagnetic Pulse (HEMP)
The term HEMP is often used for EM signals created from a nuclear detonation interacting with the Earth’s upper atmosphere. There are already nations possessing the capability to use HEMP devices to cause catastrophic results to critical infrastructures over wide geographical areas. Smart grid components are more prone to damage from HEMP than the parts of the system they replace. HEMP may seriously damage solid-‐state Smart Meters. The US National Security Working Group notes “… vintage type electronic systems are much more robust and tolerant to EMP effects. The bad news is that these systems are growing old and … will be replaced with modern versions that are inherently more vulnerable to EMP.”
Extremely powerful portable radio transmitters (which may be mobile and coordinated) can be built to create NNEMP. Its effects are similar to solar threats and HEMP but are usually more localised. As noted by Radasky, “… the IEMI threat to Smart Meters, distributionelectronics, substation electronics, substation communications, control rooms and power generating facilities (including wind and solar facilities) is the same as for … HEMP.” This vulnerability needs to be urgently addressed. There is presently no protection for Smart Meters against EMP. Even simple EMP devices such as a coil of wire and a battery at close range can disable them.
Preventing Natural and Manmade EMP Catastrophes
Smart grids create more potential points of failure from EMP than traditional grids. Ideally, protective no cost / low cost measures should be considered early in the brief and applied before rollout. Action is required sooner rather than later and could create numerous beneficial opportunities. As noted by Arbuthnot et al., “The technology to protect critical infrastructures from natural or malicious electromagnetic threats now exists. Implementation costs are estimated at less than 0.01% of GNP.”
Cyber Security
The UK National Security Council recognises cyber-attacks as a Tier One threat. It has already been claimed that hackers from foreign countries have reconnoitered the US electricity grid possibly seeking to discover exploitable systemic vulnerabilities such as those found in present Smart Meter systems. Smart Meters can create substantial new cyber-vulnerabilities. As noted by Anderson & Fuloria, one of the gravest of these is that of “a ‘cyber-nuke’ [through the Smart Meters] that would reduce … [a country’s] population to destitution. Recovery from such an attack would be painful [loss of lifemay also be high – present author’s comment].” This risk does not exist with analogue meters.
Conclusion – the design of power grids, meter systems and electrical appliances needs to be rapidly rethought to deal with the real life issues that have been raised.
Extract: “The average user will have 736 pieces of personal information collected every day…accessible anytime in their service provider’s retention period. Most individuals will have over a million pieces of information spanning the past 45 months already in their provider’s possession. A third-party, owning nearly four years of your life… Those in the network pay to be unknowing participants in a vast study group…Your four years of information is extracted and sold without consent, contributing to the nearly $34,000 accumulated every second by the information sector.”
On the subject of the intrusive, behaviour-based profiling and targeting this data-harvesting activity drives, where services are pre-emptively limited in scope without your permission, the narrator chillingly concludes:
“The global internet becomes the personal internet – and information ceases to be information at all.”
Smart Meters and Home Area Network-sourced data would add significantly to this marketers’ panopticon.
Original story found on The Register - excerpts below:
“White-hat hackers have exposed the privacy shortcomings of smart meter technology.
“The researchers said German firm Discovergy apparently allowed information gathered by its smart meters to travel over an insecure link to its servers. The information – which could be intercepted – apparently could be interpreted to reveal not only whether or not users happened to be at home and consuming electricity at the time but even what film they were watching, based on the fingerprint of power usage. The many surprising secrets revealed by some smart meter set-ups were revealed during a presentation by researchers Dario Carluccio and Stephan Brinkhaus at the 28th Chaos Computing Congress (28c3) hacker conference in Berlin late last month.
“During the talk, entitled, Smart Hacking for Privacy (YouTube video here), the researchers explained that they came across numerous security and privacy-related issues after signing up with the smart electricity meter service supplied by Discovergy.
“Some security experts, most notably Ross Anderson, professor in security engineering at the University of Cambridge Computer Laboratory, have warned that smart metering introduces a “strategic vulnerability” that might be exploited to remotely switch off elements on the gas or electricity supply grid. Government ministers in the UK have downplayed such fears but the work of the German researchers raise new concerns, related to privacy.”
“Two German researchers have exploited security holes in a smart meter service to alter energy consumption rates, expose privacy flaws and determine what movies consumers had watched.
“Dario Carluccio and Stephan Brinkhaus demonstrated the flaws with German energy company Discovergy at the Chaos Computing Congress in Berlin.
“The researchers, also customers, learnt that energy consumption data was sent unencrypted because SSL was malfunctioning.”
