Stop The Smart Grid

The “Smart Grid™” is a stupid idea. I have been trying to sell this article to possibly interested parties for a few months. No sale. I got fired from my last gig over it. But no point in crying about it. I’m going to give it away. Please do me the honor of passing it on. I think it is that important.

====

Since I’m an engineer I like to look at the dark side of things. What can go wrong.

“Physicists dream of Nobel prizes, engineers dream of mishaps.” Hendrik Tennekes

A few years back I was looking at the smart grid and decided it was a bad idea. I plan to go into more detail here on why it is a bad idea. And I’m not the only one who thinks it is a bad idea. Former CIA director James Woolsey calls the Smart Grid a stupid idea.

His reason? It would be a hacker’s dream. He mentions a hacker in Shanghai. I think what he really means is a Chinese Cyber Warfare agency. That would be P.L.A. Unit 61398 on the outskirts of Shanghai

Let us start at the lowest level. Encryption. What encryption standards are being used for smart grid communications over the internet? You will be pleased to know that there is no encryption standard for the smart grid. One thing to definitely avoid is triple DES as implemented by Microsoft. A very common protocol on the ‘net. It looks like it has a back door designed in. Since there are no standards it might be a good idea to design your own encryption method in conjunction with a security firm knowledgeable in that area. The more bits that are in the key the better. Since the probability of cracking a key reduces by a factor of two with every added bit – the more bits the better. Given Moore’s Law the ability to crack a key doubles every year or so. Ten more bits in a key protects you for ten years. Given the life of power equipment you should add at least 50 bits to your key. Assuming you have a key length adequate to foil today’s computing power. What would be a key length adequate to foil cyber attacks? Hard to say. A lot of security firms suggest at least 1,000 bits (about 125 bytes) with 2,000 bits much better. It is a very good idea to have a different key and a different password to generate the key for every connected device.

So much for simple keys. The more traffic sent with a given key, the easier it is to decrypt. And once you have the key the device that uses it is open to attack.

Current encryption methods also require that keys are transmitted by known mechanisms between end points, which are easily intercepted or spoofed. These two inherent weaknesses explain why a criminal’s attack of choice is against the key. The next generation of encryption must eliminate these two major risks. The new Anti-Statistical Block Encryption (ASBE) utilizes variable-length keys that scale between 2008 bits and 2 GB, which are reinforced by variable-length passwords up to 64KB.

The ASBE method uses a random data generator that generates-destroys-recreates keys and passwords on demand, making key/password transfer between end points unnecessary. The communication and storage of encryption keys and passwords are also not needed, which circumvents criminal interception.

Future requirements will also dictate a more simple and inexpensive key management system. Today’s Public Key Infrastructure (PKI) is economically and operationally an albatross. Research shows that organizations spend between $47 and $5,921 for the creation, distribution and maintenance of each PKI key in use. PKI management involves certificates, registration authority, directory management, central key deposit, external validation and protocol. Future encryption methods must find alternatives to secure key communication and management.

It is obvious that for security reasons and timeliness of message handling quite a bit of computing power will be required in end point devices. To get response times of a tenth of a second or less means being able to generate a 2,000 bit key in less than that time. That effectively means the days of using a cheap microprocessor to control an appliance are over. Smart grid enabled appliances are going to need to be much smarter. This will drive up costs for end users and utilities deploying the smart grid. For appliances it also means there will need to be a standard encryption method if the utility is to make use of a given appliance for load management.

But cracking/hacking is not the only way to get a key. Keys can be obtained by hacking the files the keys are located in. A file with all the keys is easier to maintain and guard. But once it is obtained all the devices referenced in that file are vulnerable. So are more files the answer? Yes. Up to a point. Because keeping track of all the files becomes a security problem in and of itself.

What is the easiest way to get access to those files? Have an insider give them to you. An insider might do that for money. That has happened for credit card data. Or he might do it to spite an organization that has severely annoyed him.

There is also the possibility of bad design.

This week has brought a new alert from the U.S. Department of Homeland Security, detailing some important cybersecurity vulnerabilities contained within some critical smart grid gear. Backing that up, Greentech Media has been briefed on an in-depth report on how one utility found similar vulnerabilities that forced it to replace millions of dollars of smart grid systems — or face the threat of a potentially catastrophic hack attack.

What’s comforting is how cheap these kinds of security problems can be to prevent, if they’re planned for in advance. What’s scary, however, is how much they may end up costing to fix after the fact — or worse yet, what kind of damage they could cause if exploited.

That is a good idea. But what if the vulnerability is not obvious? Some method will be required for quickly updating all the affected devices. If the update happens over the ‘net that is another point of vulnerability. Boy, is this ever getting complicated.

Page 8 of this pdf has a very nice chart of threat effects and probabilities. I hope it scares you. It scared me. The worst threats are government actors and given that something like a Stuxnet virus has the possibility of taking down the whole electrical grid and destroying enough critical infrastructure so that it might take weeks or months to restore the grid, I think it would be wise to avoid the smart grid.

A security paper on the smart grid had this to say:

Internet connected systems present a window of opportunity for compromise. For example, a nefarious individual could intercept or redirect Internet-born commands on a Smart Grid and wreak havoc. Just imagine if a virus such as Stuxnet (which assumingly set the Iranian nuclear program back years) was distributed to power stations or sub stations via a Smart Grid incursion. The results could be devastating.

How about a broader look at the vulnerabilities?

Utilities’ cyber-vulnerabilities can be grouped into the following categories:
• Operational systems – generators, transformers, Supervisory Control & Data Acquisition (SCADA) Systems & Energy Management Systems (EMS), programmable logic controllers (PLCs), substations, smart meters, and other intelligent electrical devices (IEDs) that control the creation and flow of power
• IT systems – PCs, servers, mainframes, applications, databases, web sites, web services, etc.
• Communications networks and protocols – Ethernet, Wi-Fi, Zigbee, 4G, DNP3, etc.
• End points – smart meters, EVs, smart phones and other mobile devices
• Human factors – lack of training and awareness, social engineering attacks, phishing attacks, misuse of USB drives, etc.

While a small minority of vulnerabilities may be intentionally introduced, most are included accidentally or inadvertently by the professionals designing, building, configuring, deploying and maintaining these complex pieces of technology.

And what should utilities do to prevent or deal with an attack?

• Deploying sensors and sensing systems to detect attacks earlier and block them;
• Leveraging increased automation and intelligence to enable fast reconfiguration and self healing infrastructure attributes;
• Building and deploying better investigative tools to understand attacks after the fact and adjust defenses accordingly;
• Engaging in wide-area situational awareness to detect less concentrated attacks not protected for by localized pieces of security equipment;
• And lastly, when defenses prove insufficient, making better preparations for recovery from successful cyber attacks via disaster response, business continuity and emergency recovery procedures.

Well, that last bit (emphasis added) is not very comforting.

And why do we really need a smart grid anyway? The main reason is to integrate intermittent unreliable sources of alternative energy into the grid. That is supposed to make the politicians pushing for this more expensive form of energy look good. In other words a government sponsored boondoggle. Why not wait until storage technology is better developed? Well that would delay the transfer of funds to the cronies. A politically untenable condition – for politicians.

My advice? Keep the stupid grid. It may cost more to run but it is safer. No cost savings from the smart grid can possibly make up for a few weeks of nation wide or even regional lost electrical power, not to mention lost infrastructure like transformers and switch gear stations.

What people fail to understand is that most breaks are inside jobs. And crypto is no good as a lock if you can’t control the keys. And the big secret is: you can’t control the keys. Affordably. And even if you can afford it. You can’t control the keys. Trust. It is almost always for sale in a big enough organization if the price is right. I might add that sometimes the price is as cheap as “I’ll get you for that.” Most security breaches originate inside an organization. Even organizations dedicated to security are not immune. Just ask the people that trusted Edward Snowden. I think Ed did us a service. Next time we may not be so lucky.

==

I probably should add that I have an idea to get the effects of the Smart Grid without remote control of your electrical appliances by government. I could use some donations to finish a test instrument. I think the idea is patentable and would be low cost to implement. If anyone would like to start a corporation to exploit this idea you can contact me or leave donations at:

M. Simon’s e-mail can be found on the sidebar at Space-Time Productions.

Engineering is the art of making what you want from what you can get at a profit.

Let me add that Eric and commenter Frank have already helped me get this project off the ground. Not to mentioned my friend Clyde – the software wizard – and a player to be named later.