Guess what? As utility companies rush to upgrade your energy meters and their power grids to be “smart” they may be stupidly inviting in hackers.So finds an internal audit by the Energy Department, which has spent about $3.5 billion in stimulus money to help fund smart grids. [PDF here.]
Inspectors found that about one-third of these projects failed to put in adequate security controls. This is even after the government had told them what to do. The Energy Department wanted to see a thorough risk assessment and details on how utilities would respond to security thugs should an attack happen.
Funny thing is, these utilities got the money for the projects even when they blew off part of their security planning.
In some cases crummy security could let hackers gain personal information of homeowners, says the Washington Post. Attacks could also bring down the utility and, in a worst-case scenario, harm the whole dang power grid.
While that level of risk may seem unrealistic, last year a report surfaced that indicated hack attacks against power infrastructures worldwide were on the rise.
The grants cover a three-year period so the auditor is pressing for utilities to beef up their security during this period.
So-called “smart grids” use computers to automate power meters and allow them to be managed remotely (no more meter readers walking door to door). With smart grids, consumers could get some cool new ways to control a building’s power usage, such as viewing and modifying electricity usage over the Internet. But with such advantages comes the risk of hack attacks.
Smart grids are a major initiative for many big IT firms including Cisco, IBM, Siemens, Oracle, and HP.