"...to common security vulnerabilities such as protocol tampering, buffer overflows, persistent, and non-persistent rootkits and code propagation. These vulnerabilities could result in attacks to the Smart Grid platform, causing utilities to lose momentary system control of their Advanced Metering Infrastructure (AMI) Smart Meter devices to unauthorized third parties. This would expose utility companies to possible fraud, extortion attempts, lawsuits or widespread system interruption. If security is not addressed in the design and implementation of these emerging technologies, it may prove cost prohibitive to address them once the devices are fully deployed."

Lock photo CC licensed by Flickr user subcircle.

A security firm has warned that the Smart Grid for delivering and managing energy is rife with security holes, and could easily become a hacker's playground, endangering the nation's entire power-delivery infrastructure. Because the Smart Grid will also be used by IT pros to manage electricity use in the enterprise and the data center, it also means that the grid could be used by hackers to crawl their way into company networks as well.The security firm IOActive warns that the Smart Grid, as currently being built, is so insecure that it's vulnerable to the kind of attacks that have bedeviled Internet sites and ordinary users for years. In fact, from the company's description of the dangers, it sounds as if ordinary users may be more secure than the grid itself, because users at least have installed security software.The report concludes that the grid is vulnerable:In other words, hackers could bring down parts of the grid, or possibly the entire grid itself, and could resort to extortion or blackmail. Left unsaid was that terrorists could attack the grid as well.The Smart Grid will be used not only by power companies, but by enterprises as well. Intelligent devices will live inside corporate firewalls and communicate via the grid and with each other, and be used to manage power and resources. If the very fabric of the grid is insecure, it won't matter how well a corporation protects itself --- hackers can make their way inside enterprise firewalls via the Smart Grid.The solution, according to IOActive, is that the grid from the beginning should be built for security. Joshua Pennell, President and CEO of IOActive, told the Committee of Homeland Security and DHS in a presentation that the grid needs to include best practice security assessments and that the industry should "follow a proven formal Security Development Lifecycle, as exemplified by Microsoft’s Trustworthy Computing initiative of 2001, to guide and govern the future development of Smart Grid technologies."There's no doubt that IOActive has an axe to grind here --- after all, it specializes in security, and so stands to gain if more security were embedded in the grid. But the company is also absolutely right: If security isn't baked into the Smart Grid from the beginning, it spells potential disaster.To get a copy of the press release about the study, click here