[Cryptography] Smart electricity meters can be dangerously insecure, warns expert

Jerry Leichter leichter at lrw.com
Mon Jan 2 18:43:47 EST 2017 

> ...A number of years ago, I spent a week working on some modeling problem related to the UK electrical grid, and an engineer I talked to at the time told me that nobody really knows how to restart the grid if it crashes. Or more precisely, it has never been tried. The grid has been operating continuously since World War II, and while they have all sorts of procedures worked out for restoring the grid should it ever crash, this is something you clearly don't get to practice like you do fire drills. No specific time estimates were mentioned, but he was clearly quite concerned about it, and it was clear that the procedure would be quite involved.
You guys are lucky, then.  Here in the US we had a crash of the grid back in the 1960's.  It took over a day to get things going again.

Of course, a great deal depends on what you mean by a "crash".  The 1960's crash involved about the eastern third of the USA and Canada.  The rest of the country stayed up - but (well, because) in those days there country was divided into a couple of independent grids.  Now they are all interconnected, but we've also put a huge amount of work into keeping problems from propagating too widely.  (The great crash started with a lighting hit on one high power line, as I recall.)  There were also other lessons learned - e.g., large generators draw power for their exciters.  They were typically designed to assume that the rest of the grid would always be there to supply excitation power.  Not a good assumption in a big crash.  (Now there are local diesel generators that don't need external power for exciters in place to supply the big guys.)

There are many examples of huge infrastructure vulnerabilities, though they are usually discussed in terms of physical destruction.  A classic example:  All natural gas to Manhattan flows through one of three distribution points - big manifolds along the Hudson River, as I recall.  These are large and impossible to hide.  A determined (physical) attacker could pretty easily take all three out.  Repair time would be many months:  Each of these is a custom design that would have to be built from scratch.  And then you have the unsolved problem of hundreds of thousands of pilot lights that went out when the gas failed, so that if you start supplying new gas, it'll be leaking from a huge number of points - each an explosion waiting to happen.

Electrical substations are also mainly custom (though they are more custom combinations of standard units).  Reconstructing those would be a lengthy operation (though they've been regularly knocked out in various air wars around the world, and people have figured out how to get them back on line).

Yes, some of these physical vulnerabilities may now be vulnerable to attacks via their computerized management infrastructure.
                                                        -- Jerry

More information about the cryptography mailing list