The Massachusetts Pirate Party submitted the following commentary for DPU Docket 12-76-A, “Investigation by the Department of Public Utilities on its own Motion into Modernization of the Electric Grid.”
January 17, 2014
Mark D. Marini, Secretary
Department of Public Utilities
One South Station, 5th Floor
Boston, MA 02110
Re: Comments on DPU Docket 12-76-A: Electric Grid Modernization
Please note: this comment submission is under the umbrella of the extension granted by Alison Lackey, Hearing Officer on January 15, 2014.
I’m writing to express my concerns about mandated smart meter deployment, as part of power grid modernization efforts. Power grid modernization is a worthwhile endeavor, but I believe that mandating smart meter deployments at individual residences is neither necessary, nor in the best interest of the public.
Smart meters obviously come with privacy concerns: highly granular meter readings provide an accurate picture of when an individual is home, away, asleep, awake, and even a general idea of what that individual is doing. Beyond basic privacy, there are issues of data retention (how long are the meter readings kept?), data security (how is the data protected, and who has access to it?), and residual data use (can meter readings be shared or sold; to whom, under what circumstances, and for what purposes?).
That said, I’d like to focus on issues that are closer to basic computer and network security. A smart meter is a small computer that’s attached to a wireless communications device; in other words, a smart meter is an exposed computer, and a potential attack surface. I’m concerned that a smart meter mandate would create a large number of remotely exploitable network devices, that could be taken over and controlled by a malicious third party. For an example of this sort of thing, see which describes a cyberattack that
… involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.
It would not be in the commonwealth’s best interest to mandate the use of smart meters, only to have them turned into a large botnet.
Let me elaborate on my security concerns:
- How would the content of transmitted readings be encrypted, so that they could not be read in transit? What encryption algorithm(s) will be used?
- How will the electric utility verify that the data it received matches the data the meter sent? In other words, suppose a meter transmits “192”, and the electric company receives “912” (corrupt data) or “19” (truncated data). Will there be measures in place that allow the electric company can detect corrupt or truncated transmissions?
- If the electric utility receives a transmission that claims to come from my meter, how will they verify that the transmission did in fact come from my meter (as opposed to coming from a malicious third party)?
- If the meters use encryption keys, what is the remediation plan for when those keys are compromised? (Please note that I have used the phrase “when those keys are compromised”, and not the phrase “if those key are compromised”.)
- In addition to sending data, can meters accept remote commands? If so, what is the meter’s remote API? If you’re asking me to install a remotelycontrollable computer in my home, then I will have many questions (and many concerns) about the facilities provided via that remote interface.
- If the meter has a remote API, how will the meter verify that remote API invocations came from the electric utility, and not from a malicious third party?
- Have the meters been subject to independent security audits? Will utility customers have the opportunity to review those audits?
- Will the meters receive remote software updates? If so, how will the meter distinguish between software updates transmitted by the electric utility, and a software updates (i.e., exploits) transmitted by a malicious third party?
- Will customers be able to obtain a copy of the meter’s source code? Please note that this is not a security risk, provided that the software and communications protocols are properly designed. Making the source code public allows one to verify the system was built properly; this kind of transparency is in the best interest of the general public.
These are my concerns. My questions have been somewhat technical, but I would not feel comfortable using a smart meter until these questions were nswered to my satisfaction. Furthermore, I believe that the legislature should require utilities to answer these sorts of questions in advance of any smart meter deployment.
Finally, I feel that individuals should be allowed to opt out of smart meter use. I applaud the commonwealth for its efforts to improve the efficiency of our electric distribution system; however, I’m not convinced that placing smart meters in every home is a required part of such efforts (i.e., if you’re trying to obtain more granular data about power consumption, then instrumenting step-down transformers should be sufficient – though the security concerns still apply).
Thanks for your time and attention.
Stephen A. Revilak
Massachusetts Pirate Party PAC