Sounds like some people need to be whacked over the head with one of Kerckhoff's weighty tomes
Seattle Suehawks: Smart meter hush-up launched because, er ... terrorism
Smart meter makers are battling to keep Seattle's power grid designs under wraps – claiming that if the details are made public, they could be exploited by hackers to plunge the US city into darkness. Sysadmin-activist Phil Mocek requested documents from the city on its smart meter system under the Washington Public Records …
COMMENTS
-
-
Thursday 26th May 2016 00:46 GMT dan1980
Yep.
While keeping the details secret may provide an extra (thin) layer of protection, if the system is - as they identify - an attractive target to miscreants and worse, it shouldn't need to be hidden.
In other words, if secrecy forms an integral part of the security of such a system, then it is not fit for purpose.
-
Thursday 26th May 2016 15:42 GMT Trigonoceps occipitalis
System security is not binary. Big brains will be applying mathematical tools to make the system secure enough - in this case (I hope) extremely secure. Obscurity can be a factor in this calculation. Security by obscurity quickly breaks down when keeping the architecture, technology etc. "secret" is the only or a significant aspect of the system security design.
To miss-quote Michael Cain: "Not a lot of people seem to know that."
-
Thursday 26th May 2016 17:49 GMT Alan Brown
"Big brains will be applying mathematical tools to make the system secure enough - in this case (I hope) extremely secure. "
You can hope all you want. The fact is that most smartmeter installations have been found to have NO security at all.
Now, imagine the effect on the stock price of the meter supplier if someone publicises that and how to walk down the street remotely tweaking people's dials or shutting their power off.
It's terrorism alright - the kind of terror induced in company boards and directors that comes from the unlimited liabilities associated with being caught knowingly supplying deficient systems that in some cases could affect safety of life (home dialysis or medical systems, etc)
-
Thursday 26th May 2016 23:30 GMT J__M__M
Yep? Try nope.
Hey popular know it all comment guy, unless you and your 27 friends would like to post your full, complete, and unredacted network documentation right here for everyone to see, you are full of crap.
Not fit for the purpose? Whatever. You're not fit for the purpose.
And don't call me shoeless.
-
Friday 27th May 2016 01:17 GMT dan1980
Re: Yep? Try nope.
@J__M__M
There's a slight difference between my network(s) and this situation, which is that I am not claiming that my network is a juicy target for hackers, nor that a breach of my network could affect a critical utility across an entire city.
Secrecy is a security measure, but if you have already identified that your systems are an attractive target and that an attack could have critical, far-reaching reprecussions for hundreds of thousands of people and businesses, then you really should assume that the design details will get out somehow, at some point.
Changing the meters from traditional ones to 'smart' ones creates a risk that is not insignificant; the devices and the network behind it needs to be exceptionally robust.
-
Friday 27th May 2016 11:18 GMT Sir Runcible Spoon
Re: Yep? Try nope.
@J__M__M
I'm with Dan on this one, when you create a security design you have to assume that the full build documentation could be leaked/stolen at some point, and you have to preempt that and put necessary measures in place to mitigate the risk (note I didn't say eliminate).
As far as I am concerned, especially with the nature of the organisations I usually design for, the biggest security risk to the environment is me. So I design safety measures into the system so that once it is up and running, should I suddenly go rogue and sell of the designs or even try to compromise it myself, there are measures in place to a) stop me and b) know that it's happening and how to stop it even if I do get in.
Insiders are a massive risk, and whilst obscurity plays it's part (i.e. people don't know what to hack if they don't know it exists etc.) it isn't *actual* security - it's just an extra measure to take to reduce the risk surface, every little bit helps.
Now, in the case of these meters, everyone knows they are remotely controlled and that the security on them is probably a joke. The obscurity measure is already lost. The only thing left to do is to ensure that all the other (actual) security measures are in place.
If they aren't telling people that measures are there, then you can be fairly sure they aren't. We aren't talking about them releasing detailed diagrams with IP addresses, physical locations, specific details about the ports and protocols - we are talking about the generic things that go into the security soup.
For example, their documentation mentions RSA and keys - has that actually been implemented or is it just sales blurb? Are they using encryption all the way? Are they using MAC address control? What level of monitoring is going on - are there tamper traps in the software that will start calling for help if the system detects unexpected activity?
One major advantage of a closed system where you know everything that happens is that you can set it up as a white list only - everything else is blocked from even getting SYN, ACK back.
I would bet my house that the meters being rolled out to the US are as secure as a sign on a 2ft fence saying 'please don't hack me, you'll make me cry'.
-
-
-
-
-
-
Thursday 26th May 2016 09:39 GMT Hud Dunlap
@ Sir Runcible Spoon. One reason is because of the dogs
http://www.breitbart.com/texas/2016/05/16/dog-attacked-wrench-centerpoint-energy-contractor-died/
For some reason the building code is to put the meter behind the privacy fence where the meter reader has to go to read it. Even if you don't have a privacy fence if you have a pool you have at least a chain linked fence. A lot of rural meter readers carry quality binoculars to read the meter so they can avoid the dogs..
With a smart meter you can read and turn them off remotely if the bill hasn't been paid. Of course you can turn them off during periods of high use for rolling black outs too. This is one reason cities are pushing Smart Thermostats. The City will install them for free and give you a whole ten dollars if you give them the right to adjust your thermostat when they want.
-
Thursday 26th May 2016 17:46 GMT Alan Brown
Re: @ Sir Runcible Spoon. One reason is because of the dogs
"A lot of rural meter readers carry quality binoculars to read the meter so they can avoid the dogs.."
In other words, just fitting the meters with bigger dials would be more than sufficient.
It's the remote control aspect that most people find creepy as all hell - and the surefire certainty that consumers will be charged EXTRA for increasing the convenience of the supplier, not the other way around.
-
Wednesday 27th July 2016 14:06 GMT Joe Gurman
Re: @ Sir Runcible Spoon. One reason is because of the dogs
No, actually, the certainty (fear implies some level of doubt) is that the utilities' databases with information on when one is home and when not will be hacked, Wikileaked, and used to aid breakers and enterers (government as well as more overtly criminal). Smart meters enable the destruction of a reasonable expectation of privacy.
-
-
Friday 27th May 2016 04:30 GMT Number6
Re: @ Sir Runcible Spoon. One reason is because of the dogs
Our dog is big and loud and the meter is not visible from outside. Worse, you have to run up some stairs to the gage from where the meter is fitted. However, the pool is much further than the meter so there's no need for the meter reader to fall in that.
-
-
-
-
-
Thursday 26th May 2016 01:16 GMT Malcolm Weir
Re: GEt a bigger "Gun"?
Unfortunately, Washington's anti-SLAPP law was _too_ good, and was struck down as unconstitutional last year. As far as I can tell, they haven't enacted a "fixed" version, so the state of play as of today is that Washington has no anti-SLAPP law. This is probably a fact well known to Landis + Gyr and the other contractors...
-
-
-
Thursday 26th May 2016 23:34 GMT J__M__M
Re: Security?
If you hire a contractor that isn't worried, both you and the contractor should be fired.
------
They clearly aren't very confident about how well they wrote their software then, if they're worried that it's vulnerable to terrorists. Someone ought to push for an independent review of it all, just in case, before they're allowed to deploy the network.
------
-
Thursday 26th May 2016 00:55 GMT Malcolm Weir
Optional
It's much worse than the article suggests:
The suit is directed at Mocek asks for damages because he posted material *that was released by the city*, which they allege contain trade secrets of the contractors. The notion is that the city released documents before they could be vetted by the contractors... and therefore the contractors will suffer harm (potentially, fair enough). But the complaint should, surely, be addressed to the city (who released the docs) not Mocek, who received them?
So (and this is based solely on the contractors lawsuit): the Mocek asked the city for documents; the city asked the contractors for redacted versions; the city provided Mocek those documents and (allegedly) accidentally some unredacted related docs; Mocek posted them; the contractors sued Mocek demanding that he not post any of the documents the city had given him; and would like a restraining order preventing the city from releasing the unredacted docs. Oh, and the contractors would like damages from Mocek for, apparently, posting the documents they prepared in response to his freedom of information request.
The contractors make great play, as the article notes, the risk if CyberBadGuys get the information... but again, that's addressed to the wrong people: it's not Mocek's responsibility to maintain the cybersecurity of the city's power system, that's the responsibility of the city. So if this was a rational (rather than SLAPP) lawsuit, surely it should be the city suing Mocek...
Finally, the contractors want to a complete list of everyone who has accessed the docs, which can be found at https://www.muckrock.com/foi/seattle-69/smart-meter-security-audit-plans-schedules-proposals-contracts-discussion-results-seattle-10378/, which is well worth a visit!
-
-
Thursday 26th May 2016 01:09 GMT Malcolm Weir
Re: Optional
Excellent! I'm sure you've seen Section 38 of the contract between Landis + Gyr and the city, signed by a senior VP of L+G named William Weidenbach, which explicitly discusses Washington State's Public Records Act, and explains how the city isn't going to protect L+G's information for them...
-
-
Thursday 26th May 2016 01:53 GMT MachDiamond
Re: Optional
Very bizarre. I've designed and quoted many systems and never delivered confidential company data in any of them. Any bids by a contractor for a public project should be 100% available to any member of the public to examine. It's our money. These products and services are being purchased for us by our elected representatives (via their staff).
-
Thursday 26th May 2016 08:18 GMT Sparks_
Re: Optional
Interestingly, according to the article, city officials claim they are not capable of censoring/redacting documents, so how did they choose from the proposals in the first place? Was it the technical assessment of cheapest bid wins? If so, is the cheap design so badly engineered that it is inherently a risk? Thus keep it covered up because there's no security in obscurity...
-
Thursday 26th May 2016 08:23 GMT Sir Runcible Spoon
Re: Optional
One of those documents states that the system has been designed to comply with standards x,y,z etc. and that RSA and HSM's are involved, plus info that open standards are being used etc.
Then, at the very bottom, it states that the information in the pdf is trade secret!! Looks like a standard footer message to me and obviously not related to the information in the document body, as all it mentions are the standards that were used in designing the system, hardly trade secret.
-
-
-
-
-
Thursday 26th May 2016 06:16 GMT Voland's right hand
Re: Check this out:-)
How the f*** did this get granted in the first place?
This is just a boilerplate design for a generic gateway which has been produced by various manufacturers for years. Sagem was shipping such a device 7+ years ago (with a slightly different protocol set, but pretty much identical designwise).
There is absolutely _NOTHING_ inventive here. It fails the novelty test, it fails the prior art test, which f**** cretin has granted this and why are our fees (and for USAisians - taxes) being used to pay his salary.
Oh... I geddit... Search and replace with software defined - same as it was done by plugging mobile everywhere 5 years ago and Internet everywhere 10 years ago. In any case - a Eu patent examiner will laugh his arse off if you submit this as an application and slap you on the head with it.
-
-
Thursday 26th May 2016 07:18 GMT Anonymous Coward
Wow, this is a timely article!
Just saw on the news tonight that downtown Seattle had a blackout at around noon yesterday that lasted about an hour. They said it was related to a failure at a substation, though this article says the cause hasn't been determined. Interesting...
http://www.seattletimes.com/seattle-news/downtown-seattle-loses-power/
-
Thursday 26th May 2016 08:18 GMT Brian in Seattle
Mmmph! HAHAHAHA!
Ok, um. . . .
"Smart meter makers are battling to keep Seattle's power grid designs under wraps – claiming that if the details are made public, they could be exploited by hackers to plunge the US city into darkness."
That line made me laugh out loud in a restaurant as I was waiting for my take out tonight, causing the rest of the guests in the restaurant to turn and stare at me. News flash: Seattle's power grid doesn't need hackers exploiting it to go down. All that's required is a wayward racoon:
http://www.king5.com/news/local/seattle/raccoon-de-energized-power-to-38000-in-seattle/185341641
Or, today, some unidentified equipment issue that plunges the entire downtown core into "darkness." (It's really hard to call it darkness at noon. Maybe "a darker shade of gray"?):
http://www.king5.com/news/local/equipment-failure-causes-large-power-outage-in-seattle/214886559
I've lived in other large cities in the US, and this has to be one of the most unstable power grids around. One wonders how much duct tape is really keeping it all together.
-
Thursday 26th May 2016 12:15 GMT Alistair
We can't tell you about that
You might break it if you knew.
<It in this case being our kneecaps>
I have dealt with a manager who freaked out when a process I set up and ran sent MD5 sums of transferred files in a separate email to both ends. "It tells them what we use".
Urr, no, no it doesn't.
In all cases like this, it would be management/C suite non techie types pulling the kneejerk "Oh crap I don't know what that means, so we must be giving away the farm". I *hope* that the techies that built it did so with a modicum of security in mind, however, given what all of the big corporates are up to these days, lowest cost, shortest turnaround, etc etc .... It likely will give away the farm.
<grumpy bastard this morning, despite decent coffee>
-
Thursday 26th May 2016 15:59 GMT dmacleo
irony was just thinking about the money NOT using smart meter costs me today.
I pay about 12$ (US) to NOT have smart meter, I am in area with constant power blinks, etc (rural Maine) and do not want anyone to have the ability to remotely shut my power off to reduce load.
have some physical issues that make it keeping house at 71-72F a necessity as well as multiple ML350G5 servers running.
ah well I digress..
-
Thursday 26th May 2016 19:00 GMT Anonymous Coward
smart meter does not automatically = remote disconnect meter. Some smart meters include remote disconnect, a technology originally developed for the benefit of a utility that had lots of seasonal disconnects (turn on the power at the cabin in May, shut it off in September or so). Others include ability to load shed certain loads (which, if *properly designed*, have no impact on the customer).
If keeping your house at 71-72 degrees is critical, wouldn't it be beneficial to you if the entire region allowed for 15 minute windows of load shedding air-conditioners (yes, yours included). The typical load shedding regime calls for rolling or staging of heavy loads in order to prevent outright (lengthy) blackouts. It's more of a load synchronization than anything else. The alternative is to build the grid to supply worst-case loads and to buy spot power to cover said loads, the result of which shows up on your power bill.
-
Friday 27th May 2016 16:47 GMT dmacleo
our meters would have been the type that allows remote shutoff from power company.
and no it would not be beneficial to me.
its very rural area and the load is not that high, the power company just refuses to trim trees that hit lines so I lose power (blink or minute or 2 outages) usually 5x a week. bad enough I need to have UPS on my on demand water heater and water softener just to keep programming and give me time to fire up generator if longer than an hour.
I have enough issues keeping stuff running w/o having to deal with someone else deciding I don't need the power.
-
-
-
Thursday 26th May 2016 19:12 GMT hellwig
Destruction?
I don't need a document to destroy these devices, just give me a sledgehammer!
I remember a story about a utility company that used "smart meters" that reported home over 3G data connections. People figured out (without any documentation I'm sure) that they could remove the SIM cards from the meters and use them to make all sorts of phone calls and browse all sorts of data.
I mean, if you'er only using these meters to report usage data back to home base, WHY would they have ANY calling plan in the first place?
Sensus probably just doesn't want you to find that switch labelled "Stop Metering but continue to supply power" they put in each unit.
-
Friday 27th May 2016 02:13 GMT Herb LeBurger
I'll bet the FBI has set up a Stingray
... to find out what other shenanigans this Mocek character is up to. Even if they had to get a warrant, I'm sure telling the judge that he requested documents from the city would be enough to get it signed.
And while I'm betting:
"The information Sensus has redacted contains specific details that, if publicly released, would increase the risk of both cyber-intrusions and physical attacks on the utility grid," Sensus says in its filing.
Anyone else think these specific details are "The default password is 'password'. And the default password can't be changed." ?