Published October 27, 2009
If you build it, they will hack it. Or at least they'll try.
President Obama announced $3.4 billion in government support Tuesday for 100 projects aimed at modernizing the nation's power grid, an initiative cybersecurity analysts say is like throwing down the gauntlet to hackers. The challenge, they say, will be to create a system that can survive an attack.
Obama said a more modern grid is needed to give consumers better control over their electricity usage and costs, and to spur development of renewable energy sources such as wind and solar. He said the system will save consumers more than $20 billion over the next decade in utility bills, and will create tens of thousands of new jobs across the country.
The modernized devices will "have a direct benefit for consumers who want to save money on their electric bills" and will "help us lay a foundation for lasting growth and prosperity," he said, adding that modernization would lead to a "smarter, stronger and more secure electric grid."
The funds will allow installation of 18 million "smart meters" and 1 million other in-home devices as well as more modern thermostats to allow homeowners to better monitor their electricity usage. The government and industry plan within the next several years to deploy 40 million smart meters -- wall-based units that can monitor how much electricity various appliances use -- and turn them off when energy costs more.
But as the government evolves to a more sophisticated and efficient system, so too will potential hackers looking to manipulate the country's power system on a mass scale.
Researchers are now doggedly pursuing ways to safeguard the computer and communications technology that will control the digitalized system.
"It's impossible to build a grid that is entirely secure -- some attacks will be successful" said William Sanders, principal investigator for the National Science Foundation Cyber Trust Center on Trustworthy Cyber Infrastructure for the Power Grid, who is spearheading an effort to develop technology that protects the new grid.
"We need to build a grid that's resilient in the sense that it can provide its mission -- to safely provide continuous delivery of power -- in spite of partially successful security attacks that might occur," Sanders said. "The smart grid revolution will only succeed if we build a system that is secure, reliable, and resilient."
Sanders, a leading researcher at the University of Illinois at Urbana-Champaign -- along with researchers from Dartmouth College, the University of California at Davis and Washington State University -- was awarded $18.8 million in federal grant money to develop ways to protect the new system from attacks.
Sanders characterized threats to the power transmission system as similar to attacks on the average computer, and said "exposed devices" in the field -- like individual "smart" meters -- could be vulnerable.
"The worst you can do with a single meter is turn off the power at a person's house," said Sanders -- though he noted that the field of security metrics is too young to have reliable estimates on the feasibility of a large-scale attack.
Kip Gering, a senior product manager at Itron, a major manufacturer of automated meters, stressed that technical controls must be put in place to "limit the system's capability to do something on a massive scale."
"We can put in place technical controls that would never allow it to go beyond a certain threshold," he said.
Despite being confronted with new security challenges, researchers say the benefits of a modernized system far outweigh the risks.
"The developing world, which does not have a transmission grid as secure as ours right now, is starting out with this kind of modern grid so they're actually ahead of us," said Joe Fagan, an attorney for Pillsbury Winthrop Shaw Pittman in Washington, D.C., who has spent his career representing the energy industry. "So we're behind the curve on that."
The Associated Press contributed to this report.