Network Security, Vulnerability Management

Firm releases open-source smart meter assessment tool

An IT assessment firm announced Thursday that it is releasing an open-source framework that can be used to gauge the security of smart meters.

Cleveland-based SecureState, which is planning to demonstrate the tool, dubbed Termineter, next week at the Security B-Sides conference in Las Vegas, said the purpose of the release is to raise security awareness for smart meters.

Such devices, which can be connected to appliances and enable two-way communication between homes and the utility companies to offer more electrical efficiency and reliability, may provide entryways for malicious individuals, and result in privacy and cyber security risks.

In April, security blogger Brian Krebs, citing an FBI internal document, warned that affordable and easily obtainable tools on the web can be used to attack these devices to alter readings. Security experts also have said attackers could compromise meters to cause power disruptions.

According to SecureState, the framework provides testing functionality for meter makers as well as others to "identify and validate internal flaws that leave [the meters] susceptible to fraud and significant vulnerabilities."

According to a Pike Research report released in the second quarter of this year, in 2008, fewer than 4 percent of the world's 1.5 billion electricity meters could be considered “smart,” but now 18 percent are. This number is expected to exceed 55 percent by 2020.

"Smart meters and advanced metering infrastructure (AMI), terms often used synonymously, integrate embedded computing and two-way communications to transform meters from simple manual recording instruments into highly intelligent devices serving increasingly broad roles within the electricity infrastructure," the report said.

Smart meter security, or lack thereof, is a hot research topic these days.

One of the talks generating some excitement at next week's Black Hat conference in Las Vegas is "Looking into the Eye of the Meter" from Don Weber of security consultancy InGuardians.

Weber is expected to discuss how criminals would be able to harvest various kinds of information from smart meters. They are becoming ubiquitous, and the session will center on the insecurity of embedded devices that are being installed in front of every home and connected to a network.

Weber was scheduled to present the talk earlier this year at ShmooCon 2012 in Washington, D.C., but pulled it at the last minute in response to requests from a smart grid vendor and several utilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.