IOActive Checking Smart Grid For Security Issues
IOActive finished its tests and the verdict is grim:vulnerabilities identified within Smart Grid could further expose the US to attacks on the power infrastructure.
March 23, 2009
According to the research, these technologies are susceptible to common security vulnerabilities such as protocol tampering, buffer overflows, persistent, and non-persistent rootkits, and code propagation.
These vulnerabilities could result in attacks to the Smart Grid platform, causing utilities to lose momentary system control of their Advanced Metering Infrastructure (AMI) Smart Meter devices to unauthorized third parties, thus exposing utility companies to possible fraud, extortion attempts, lawsuits or wide spread system interruption.
"The Smart Grid infrastructure promises to deliver significant benefits for many generations, but first we need to address its inherent security flaws. Based on our research and the ability to easily introduce serious threats, IOActive believes that the relative security immaturity of the Smart Grid and AMI markets warrants the adoption of proven industry best practices including the requirement of independent third-party security assessments of all Smart Grid technologies that are being proposed for deployment in the Nation's critical infrastructure. We are also recommending that the Smart Grid industry follow a proven formal Security Development Lifecycle," said Joshua Pennell, President and CEO of IOActive.
The company added that if security is not addressed in the design and implementation of these emerging technologies, the cost of fixing them once they are deplyed in the field would be prohibitive.