[vz-dev] Ein guter Grund ...

[Peer Janssen]

Na, ist das keine Motivation, was Eigenes zu bauen und die 
E-Werk-E-Meter zu vermeiden?


July 29, 2010
Security Vulnerabilities of Smart Electricity Meters

"Who controls the off switch?" by Ross Anderson and Shailendra Fuloria.

     Abstract: We're about to acquire a significant new 
cybervulnerability. The world's energy utilities are starting to install 
hundreds of millions of 'smart meters' which contain a remote off 
switch. Its main purpose is to ensure that customers who default on 
their payments can be switched remotely to a prepay tariff; secondary 
purposes include supporting interruptible tariffs and implementing 
rolling power cuts at times of supply shortage.

     The off switch creates information security problems of a kind, and 
on a scale, that the energy companies have not had to face before. From 
the viewpoint of a cyber attacker -- whether a hostile government 
agency, a terrorist organisation or even a militant environmental group 
-- the ideal attack on a target country is to interrupt its citizens' 
electricity supply. This is the cyber equivalent of a nuclear strike; 
when electricity stops, then pretty soon everything else does too. Until 
now, the only plausible ways to do that involved attacks on critical 
generation, transmission and distribution assets, which are increasingly 
well defended.

     Smart meters change the game. The combination of commands that will 
cause meters to interrupt the supply, of applets and software upgrades 
that run in the meters, and of cryptographic keys that are used to 
authenticate these commands and software changes, create a new strategic 
vulnerability, which we discuss in this paper.


Mehr hier: 
http://www.schneier.com/blog/archives/2010/07/security_vulner.html