*Note from Tipmont* Microsoft has added numerous stability and security enhancements to Internet Explorer. Please consider downloading the latest version here.
Home » News » Press Releases

Security Questions about Tipmont REMC's Smart Meter Rollout

Introduction

Associated Press recently posted an article entitled, “’Smart’ meters have security holes”, that brought up security concerns about the “Smart Grid” technologies that are being deployed by various electric utilities. I’d like to address the specific concerns about the technology that will be utilized by Tipmont REMC.

Gaining Access to the Smart Grid

Joshua Wright, Senior Security Analyst with InGuardians, addressed two methods of gaining access to data communicated over the Smart Grid. The first was through physical access to the meter and the second was by utilizing wireless communications through close proximity. Wright did not disclose which manufacturers he utilized for his research, but having physical access to the equipment, he was able to intercept and decrypt data transmitted from the meter to its “access point” (data collector). We’re currently working with our vendor to verify how the data channel is encrypted to determine if there is a similar vulnerability.

Regarding wireless access, our system is not vulnerable due to the fact that our implementation utilizes Power Line Carrier (PLC), the physical power line, to communicate from the meter to its data collector. If someone does attempt to pull a meter to reprogram it or intercept data on this channel, the system will alert personnel to the activity. So the wireless vector is not a concern for Tipmont REMC’s implementation.

Specifically What Can Be Accomplished

By reading the detail of the article, decrypting and intercepting this data was about the extent of what was accomplished. Wright and other security researchers should be applauded for their efforts to test the security of these systems and the industry will benefit from their research. However, take note of the things that have not been accomplished. They were yet unable to “jack up strangers’ power bills”, remotely turn someone’s power on and off, signal people or appliances to take actions, or utilize the channel to “sneak into the utilities’ computer networks”.

Conclusions

Obviously, these concerns are real and valid, but thanks to security researchers like Wright, we’re able to work with our vendor to validate the encryption and security of the internal protocols utilized by our system. Additionally, the communications to and from our Smart Meters will be segmented to its own network to ensure that communication with Tipmont REMC’s other networks is not possible. We continue to welcome research and comments that further secure our members’ information.

By Corey Willis, Manager of Information Technology

See this article for additional information.

Copyright © 2012 Tipmont REMC. All rights reserved.   (800) 726-3953