IoT Nightmares: Who Turned Out the Lights?

Last updated: 16 May 2016

This post originally appeared on SafeNet’s The Art of Data Protection blog prior to Gemalto’s acquisition of SafeNet.

IoT Nightmares - Smart Grid Attacks

You have a big meeting tomorrow. A large partner is flying in from the west coast to discuss a new joint offering for the cloud. There is so much to prepare for: you need to finalize the presentation, check to make sure WebEx is set-up, and then print off projection reports. You have got to get some sleep so you can wake up early and get this all done by the 9 am start! Alarm. Set.

You wake up, and feel well rested. It is quiet in the house; the birds are chirping; the sun is shining bright. It feels like a relaxing Saturday morning.

Wait! You never feel this refreshed first thing on a weekday morning. The sun is shining? How can that be? You had set the alarm for 5 am! What time is it on the iPhone? 8 am! How? You triple checked the alarm last night.

Then you realize that you still might be alright. You can quickly get ready, start the coffee pot, call into the office for help, and jet out the door. As you rush through the better part of your morning routine, you realize the coffee maker won’t turn on, and the digital display is entirely blank. Must be broken. It’s going to be that kind of day.

At least your cell still works (even though the battery’s a bit low). You call a colleague at the office to see if she can help you. You get an error tone. You try again and get the same thing. What is going on? No time.

You have to get to the office stat, and decide you better take the back roads to avoid traffic lights. You arrive to the office and run up to the door. What now? Your badge won’t work at the front door! It’s not Saturday is it? No. No, it’s definitely Thursday. Why is the office so dark? Other co-workers are arriving now. They look just as rushed and confused.

No alarm. No coffee. No power at the office. No power… anywhere. That’s it! Your town has been hit by a massive blackout.

But this isn’t just any blackout. There wasn’t a massive demand surge on the power grid that caused it to break down. Unbeknownst to you, a hacker group penetrated the network of your local energy company. They were able to get into the system and take it over, shutting down all of the power.

Your world has been blacked out – and it could stay that way for a very long time.

IoT Nightmares LogoWe no longer live in a manual world; we are all connected, including the smart grid—the backbone of the utility and energy market.  From the meters at your home, to communications going back to the utility company, trust must be established at every link. This ensures devices are identified and authentic, software updates in the field are authorized, and access to the systems monitoring and managing the grid are controlled and authenticated.

Without this trusted link, hackers could easily penetrate the grid using sophisticated malware and other tactics- ultimately overriding the grid. Maybe they would start by pushing an unauthorized software update to the meters controlling and monitoring the power to your home; maybe they would get into the central utility operations center and turnoff the power to a section of the grid; maybe they would hit the hacker jackpot and turnoff an entire region.

Smart devices are convenient and efficient. In the case of utilities, the Internet of Things (IoT) is allowing us to better monitor our energy consumption and control its use during peak periods so we can conserve as many resources as possible.

The energy and utility market players know this and they also know the threats that surround it, hence why they have worked with leading providers on building in robust security at the device, communication, and application layers of the smart grid infrastructure.

They have worked with device manufacturers to ensure a trusted supply chain is established during the manufacturing process and that identities are assigned to each meter or meter reader out in the field; they work with their software application developers to ensure in-field firmware updates are authorized and properly provisioned; they implement security technologies to ensure communications are secure and devices. The list goes on.

This infrastructure is only as secure as the private keys and certificates used to protect it—this is where a solid PKI environment becomes critical to avoiding this particular IoT Nightmare. Visit our Smart Grid Security page to learn more.

The IoT Nightmares don’t end here!

Check out our IoT Nightmares security game to explore vulnerabilities impacting this and other industries.

Leave a Reply

Your email address will not be published. Required fields are marked *