[Cryptography] Smart electricity meters can be dangerously insecure, warns expert
Harlan Lieberman-Berg
hlieberman at setec.io
Mon Jan 2 16:10:53 EST 2017
Arnold Reinhold <agr at me.com> writes:
> The problem is a broader one in my view, the lack of a body that sets
> security standards with enough clout to say, no, really, you have to
> do this.
I think it's even more fundamental: it's a simple tragedy of the
commons. The meter manufacturers have no particular desire to spend
money (both in parts and, more significantly, in development and QA
time). The power company doesn't really care, since any problem can
inevitably be blamed on someone else (THE EVIL HACKERS DID IT! RUSSIA!
CHINA! THE NSA!), and the customers have ~no say in the products that
they choose. (The power company is the one who selects the meter, at
least in the situations I'm familiar with.)
This is a spot that security gets dumped into a lot. I wonder if
liability shifting could help fix the problem, or if that's just going
to end up in the same situation we're in now. ("Nothing bad has ever
happened from doing X, so why change now?") Regulatory solutions as you
recommend can certainly solve them, if they're government ordered. I
fear even a voluntary standards body might not be enough, since the
"customers" here (the power company) doesn't have particular incentive
to do anything but choose the lowest cost option.
--
Harlan Lieberman-Berg
~hlieberman
More information about the cryptography
mailing list