Imagine if your thermostat led to a region-wide power blackout.
It’s a scenario that’s looking increasingly plausible. Argentina isn’t ruling out a cyberattack as the possible cause for the mass outage that affected millions of people in five South American countries over the weekend. Even if that incident turns out to have a more innocent explanation, the U.S. government is stepping up digital incursions into Russia’s power grid, the New York Times reported Saturday, citing unnamed officials.
The growing threat from hacking is somewhat inevitable given the way our power systems are changing. Electricity networks are traditionally highly centralized, with limited ability to monitor and control supply and demand in real time, leaving grid operators dependent on forecasting unusual consumption spikes to prevent the system from falling over.
The spread of smart metering and automated control systems has changed that landscape, with more than 10% of global grid investments – equivalent to some $30 billion a year – now dedicated to digital network infrastructure. The grids of the near future are likely to be increasingly decentralized: Owners of domestic refrigerators, air conditioners and industrial facilities will be compensated for switching off to smooth out demand peaks; home, vehicle, and utility-scale batteries will buy cheap electrons and charge up in times of excess generation.
The problem here is the vast amount of infrastructure needed to support such a setup. Any smart electrical grid needs a parallel telecommunications network to collect and harness the volumes of data it will generate, and that makes every connected thermostat or smart refrigerator a potential entry point for cyber intruders.
About 588 million smart meters will be installed worldwide by 2022, according to a report last year by GlobalData UK Ltd., a consultancy. Once you include other connected devices and grid operators’ own control systems, that’s only the tip of the iceberg. Stuxnet, the worm that crippled Iran’s nuclear enrichment facilities in 2010, appears to have been initially spread via an infected USB drive smuggled into one of the plants and plugged into a computer.