Do you remember the movie Colossus - The Forbin Project? It probably dates me a bit but I thought of it when an energy customer that I was talking to started telling me how they are TCP/IP enabling their power meters. In one of my previous posts I discussed how I set up a wired LAN connection in my home by using "ethernet over powerline" technology. That same technology will enable the electric (and water and gas) utilities to retrofit their meters so they can talk to them.
Now, on the surface of things my immediate reaction was "cool!". I assumed that would mean that the utility could do things like:
- in real-time know when someone or an area actually lost power
- turn on or off someone's service without needing to send a truck out
- get a better view of consumption across their network
- run diagnostics and the like
Then I started to use Goggle to read up about this area and that's when I started to get worried. Some of the other benefits I have seen espoused on various websites include:
- enabling devices within the home to communicate with the utility meter
- enabling the utility to communicate with the meter to limit usage in certain situations like peak times or an emergency
- enabling the meter to communicate with the devices in the home to turn them off or lower usage
Apparently I am not the only one concerned about this because Homeland Security has a working group that studies our country's infrastructure and the concept of utility disruption by terrorists concerns them. I'm much more concerned about the teenage hacker around the corner or on the other side of the country figuring out how to turn off my home's power at a whim.
I couldn't find a single article or technical document out there that talked about the security of this technology. It's TCP/IP-based. Will it implement IPSec? How will the utility prevent the hacker from spoofing them or preventing man-in-the-middle attacks? Southern California Edison is in the process of implementing advanced metering infrastructure (AMI) for 4.6 million customers. I guess it's a good thing Enron isn't running the show down there anymore - I'd be really worried.
I also have a pile of just geek-boy type questions like:
- Does AMI use IPv6?
- Does AMI support multi-casting?
- What security does AMI implement? Who has tested and certified it?
- How will meters be "provisioned"?
- Can I "tap" my electrical outlet to watch my household devices talking to each other?
- Will other utilities be able to ride the wires?
Anyway, lots of questions and few answers that I could find. Let me know if you stumble across anything. This is an awesome project but I'm worried about the security of it and I have a bit of the Colossus syndrome: What happens when these devices start talking with each other??
I'm sorry Dave, but I had to reduce the power consumed by the refrigerator which is why your cold beer isn't really a cold beer...Please enjoy the football game on the radio tonight as the TV is not functioning because of current power demands across the state...
There will be no hot water today due to the cold weather in Ohio as we have diverted your home's (town's/city's/state's) gas supply. Please enjoy a hot shower tomorrow!Technorati Tags:
identity management, IPSec, advanced metering infrastructure