Wondering why your hydro bill is so high this month? There is a chance your neighbours are offloading some of their consumption on to you, or even monitoring your usage to learn about your daily habits.
These are concerns that arise as we become more advanced in our regulation of energy through complex cyber networks – and the worries don’t stop there.
At a recent gathering of Canada’s energy and utilities regulators, delegates voiced their greatest fear: a coordinated physical and cyber-attack on critical infrastructure.
“It’s not a question of if but when we are going to have some sort of cyberattack on the grid,” said Philip Jones, former president of the national regulators’ association in the United States, according to The Globe and Mail.
Worries about cyberattacks mounted yet again a week later, when a U.S. district court indicted five Chinese military officials for hacking into the computer systems of Pittsburgh-area companies such as U.S. Steel, Westinghouse Electric, Alcoa and Allegheny Technologies.
“It’s a growing concern in Canada—we’re still evolving toward a highly connected cyber-enabled system,” said Professor Deepa Kundur (ECE), an expert on smart grid cybersecurity in The Edward S. Rogers Sr. Department of Electrical & Computer Engineering. “As we move into the future, we will start seeing greater dependence on information systems providing greater opportunities for cyber attackers to cause disturbances.”
But why would anyone want to hack into the Canadian grid? What could they learn from doing so?
Plenty, explained Professor Kundur. Whether they’re vandals, local criminals, or shadowy foreign agents, cyber-attackers could act on three possible motives:
“Energy theft is a strong motivation for many. Someone could hack into smart meters in their neighbourhood to potentially shift their usage onto a neighbour’s,” said Kundur. Grow-ops could distribute their energy usage to neighbourhood premises to avoid drawing attention to their unusual consumption. “High energy usage is often an identifier of nefarious activity by local authorities. To hide, they will need to push their consumption onto another party.”
Obtaining real-time usage records
You can learn a lot about an individual’s daily routines and preferences by examining their energy consumption patterns. Modern meters sample data at high frequency, some as often as every 15 minutes, so any spies would clearly be able to tell when you leave the house and come home again, roughly how many people’s electricity is being used, and even which appliances you own—certain types and even brands of smart refrigerators, televisions, washers and dryers give off unique energy signatures.
Learning the system topology
“It’s always interesting to know the topology of a system, because it will help identify its strengths and its weaknesses,” said Kundur. Consider that a majority of the power used in the U.S. flows through a small fraction of the country’s transformers—disruption of those devices, if their location were known, would have a devastating effect on energy delivery.
You may also have a business reason for wanting to know the magnitude of a country’s investment in renewable energy, or the market penetration of smart meters—maybe you own a factory in China that manufactures those meters, or solar panels. And knowledge of a nation’s nuclear activity and capabilities is of high interest.
Are we ready for these attacks, and many more we haven’t thought of yet? We’re getting there, said Kundur. The ‘smarter’ we make the grid and our homes, the more opportunities we create for cracks to appear at the intersection of cyber and physical systems.
“That’s why my group’s looking at security vulnerabilities now, before it evolves,” she said. “It shouldn’t be an afterthought.”