The development of the smart power grid and the smart meter in our homes to accompany it brings several benefits, such as improved delivery and more efficient billing. Conversely, any digital, connected technology also represents a security risk. Writing in the International Journal of Smart Grid and Green Communications, UK researchers explain how a malicious third party that hacked into the metering system could manipulate en masse the data being sent back to the smart grid and perhaps trigger a power generation shortfall.
Carl Chalmers, Michael Mackay and Aine MacDermott of Liverpool John Moores University, explain how the implementation of the smart grid brings many improvements over the traditional energy grid by making use of the vast interconnected infrastructure that allows two-way communication and automation throughout the entire grid, from generator to consumer and back.
“A smart grid is a complex modern electricity system which utilises sensors, monitoring, communications, and automation, to improve the electricity system,” the team writes. “Smart grids fundamentally change the way in which we generate, distribute and monitor our electricity. They dramatically improve the efficiency, flexibility and reliability of the existing electricity infrastructure,” they add.
The researchers point out that a critical difference between the old “passive” electricity grid and the new smart grid, is the presence of the advanced metering infrastructure (AMI) which provides the two-way communication between consumer and generator. The flow of data between consumers and generators allows the power generation companies to match demand with generation, to spot patterns in changing demand on a day to day basis or through the changing seasons and more.
However, as the UK has shifted focus from coal- and oil-fired electricity generation to being more reliant on natural gas as the fuel of choice (irrespective of wind, solar, nuclear and other alternatives), this makes the electricity grid somewhat vulnerable to accidental and incidental problems with the flow of data and to malicious manipulation for the sake of sabotage, criminal or online military/terrorist action.
The team adds that, “Critical infrastructures in particular, present a tempting target for terrorists, military strikes and hackers wanting to cause disruption, steal information or incapacitate a country remotely.” The team suggests that now we are forewarned of the possible worst-case scenario with regard to the smart grid and smart meters, we must put in place security measures to protect the infrastructure and maintain that security as the hackers advance to stay at least one step ahead of the threat.
Learn more: When hackers turn out the lights
Computer networks may never float like a butterfly, but Penn State information scientists suggest that creating nimble networks that can sense jabs from hackers could help deflect the stinging blows of those attacks.
“Because of the static nature of a computer network, the attacker has a time advantage,” said Dinghao Wu, assistant professor of information sciences and technology. “Hackers can spend a month, two months, six months or more just studying the network and finding vulnerabilities. When they return to use that information to attack, the network typically has not changed and those vulnerabilities are still there, too.”
The researchers, who release their findings at the Information Security Conference held in Honolulu today (Sept. 8), created a computer defense system that senses possible malicious probes of the network and then redirects that attack to a virtual network that offers little information about the real network.
Typically, the first step a hacker takes when attacking a network is a probe to gain information about the system — for example, what software types and versions, operating systems and hardware the network is running. Instead of trying to stop these hackers’ scans, researchers set up a detector to monitor incoming web traffic to determine when hackers are scanning the network.
“We can’t realistically stop all scanning activities, but we can usually tell when a malicious scan is happening,” said Wu. “If it’s a large-scale scan, it is usually malicious.”
Once a malicious scan is detected, the researchers use a network device — called a reflector — to redirect that traffic to a decoy, or shadow network, according to Li Wang, a doctoral candidate in information sciences and technology, who worked with Wu. The shadow network is isolated and invisible from the real network, but can mimic the structure of a physical network to fool the hackers into believing they are receiving information about an actual network.
“A typical strategy would be to create a shadow network environment that has the same look as the protection domain,” said Wang. “It can have the same number of nodes, network topology and configurations to fool the hacker. These shadow networks can be created to simulate complex network structures.”
The system, which is a type of defense known in the computer industry as a moving target defense, also gives network administrators the option to more easily change parts of the shadow network’s virtual system, making it even more difficult for hackers to assess the success of their scans.
Because the reflector can act as a regular network device when no malicious attacks are present, there should be little effect on the real network’s performance and functionality, according to Wu.
The researchers created a prototype for the system and tested it on a simulated network that runs on a computer — a virtual local area network. This allowed them to simulate both the attack and defense without using an actual network. The prototype was able to sense the incoming scan and deflect it to a shadow network.
According to the researchers, the information that was gathered from the attack scan only produced information from the shadow network.
Wu said the next step is to deploy the system in an actual network.