Most Ohio Utilities have Installed Smart Meters. Do You Know About Their Cybersecurity Risks?

by Vince Welage, SWORT board member

Cyber Security Vital to Smart Metering Deployment

As the adoption of “Smart Meters” and advanced metering infrastructure (AMI) has become more widespread, its appeal to cyber attackers has increased significantly.

This means that utility companies must address security vulnerabilities across multiple layers from the start. For the most part, utilities often rely on service providers and vendors to comply with cyber security regulatory requirements.

For this reason, many security compliance efforts have neglected the newly built “smart” infrastructures in power grids which suggest that electric utilities should expect them to have weaknesses.

In regard to cyber security – Duke Energy – has already been the target of cyber attacks and had to pay fines because of cyber security violations. Duke reported 650 million attempted cyber attacks in 2017. Another Ohio utility, First Energy, has confirmed the need for frequent replacement due to the meters being computers.

Because AMI allows for 2-way communication and remote management of in-field devices, security breaches could allow unwanted changes to be made to device configuration and settings. IBM has reported that millions of Smart Meters are already vulnerable and could be wrecked by hackers. If Smart Meters move to 5G networks, there is a more significant cyber security risk because the 5G technology is software based. This means the meter is subject to hackers using backdoor or calling home mechanisms that can go undetected when installed during regular software upgrades.

An electric Smart Meter is much the same as other Internet of Things (IoT) based products like a Smart TV or Smart refrigerator wrapped in privacy and security concerns. Federal IoT Guidelines that establish minimum security standards for IoT devices procured by the federal government is moving closer to becoming law. However, the Smart Meter can’t be disconnected and discarded unless the homeowner wants to lose total electric power to the home. Residential Smart Meter installations result in both unwanted and forced surveillance. Currently, utility Smart Meters aren’t safe. They don’t have surge protectors and are prone to fires and explosions. Advanced meters must be properly grounded and have surge protection that is adequately rated in order to divert a lightning strike or some kind of short-circuit incident.

All of these new power grid infrastructures are essentially large, distributed networks of computers that can be hijacked for financial gains. This means that criminal organizations have an ongoing mission to steal utility assets and sell them back to the utility. These bad actors go after what a utility relies on the most to operate: data and grid infrastructure.

Malware can be developed to target Smart Meters, launch it, and take control of tens of thousands if not millions of Smart Meters. The attackers then change the targeted utility security keys, pushing the utility out of their own infrastructure. Utilities are accepting of these types of security risks via remote software update because they expect the newly built computerized infrastructures will gain new capabilities, thus increasing the return on investment.

Smart Meters are often not just used for billing consumers for energy and water they use. Electric utilities use Smart Meters to remotely switch power off or use Smart Meter data in a series of business processes that base their decisions on information received from the Smart Meters in the field – such as signal and power quality levels used for fault detection and load balancing. By manipulating this data, attackers can directly change the view of a grid to their advantage.

In addition, Smart Meters are increasingly being used as grid sensors in Smart Sewers through real-time monitoring and control of overflow conditions inside the sewer system. This is an extremely insightful data point from a Smart Grid perspective.

Like other Smart infrastructure, there have been problems with Smart Sewers. For example, in South Bend IN, Smart Sewers have been overwhelmed which has led to sewage being directed into the river.

The Need for Early Detection and Response Planning

Despite the risks, Smart Meters are installed into the grid in an effort to keep companies competitive in the race to the Smart Grid. The switch-over to Smart Meters is in part due to federal mandates that promote Smart Grid projects which established a national policy for grid modernization. Efforts to secure these new technologies have largely focused on trying to prevent attacks from being successful. Therefore, utilities must invest in early detection and incident response, especially for their newer technologies that may not be procured, developed, or operated with a bad actor in mind. Attacks can be significantly hampered by early detection and pre-planned disaster response playbooks.

However, as of right now, solutions aren’t being applied quickly enough to the latest grid technologies. In May, President Trump issued an Executive Order to make the Smart Grid more secure. He ordered beefed-up efforts to secure the U.S. grid saying, “The unrestricted foreign supply of bulk-power system electric equipment constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”  However, new stories of cyber attacks hit the headlines almost every day which portends that not every attack can be blocked.

For more details on problems that persist with other Smart Meter components, read my August article in the OSHN archive.

Editor Notes: What to do if you have a smart meter and you don’t want it.

Make a Call (or better yet, write a letter via certified mail) to your utility and tell them you demand an analog meter.

If you have been made ill by your “smart’ meter,” tell them about it in detail. Tell them you know of the people who have gotten analogs. Tell them you are going to the press if they don’t do the same thing for you they have done for others.

Do not accept a digital non-transmitting meter— be aware they also have problems, and are not stable and secure like analog meters.

Do not take “No” for an answer.

11 thoughts on “Most Ohio Utilities have Installed Smart Meters. Do You Know About Their Cybersecurity Risks?”

  1. Thank you for another informative article about Smart Meters!

    Ohio utility customer bills have been increased to install Smart Meters which aren’t safe and violate our right to privacy. Ohio residents and businesses should be given the right to have traditional analog meters without paying expensive fees to opt-out.

    In 2017 a medical letter signed by 3 doctors was submitted to PUCO for the Duke Energy opt-out case. PUCO was instructed to include this letter to all state utility opt-out cases. Ohioans concerned about radiation emissions from Smart Meters should send a copy of this letter and this article to their legislators and consumer protection agencies along with a request that they take action to protect Ohioans.

    1. We had a smart meter installed unknowingly and it was located behind my husband and I’s bedroom wall. We slept terribly that month before we realized what had happened. We called duke and got them to switch back to the regular meter and we slept better immediately upon removal of the smart meter. Thanks for this informative article!

  2. When will the elected officials of our great state put our citizens first, ahead of greed, power and politics. Out governments primary purpose is to protect and support us in all ways. Let’s rethink our purpose and practices.

  3. I know many people that were offered the digital analog meter and told that its the only one they offer! These electric companies evil.

  4. This article is right on time for me! While installing a wood stove, I was wondering if i could get the smart meter removed as gas will no longer be needed. Great to know I have some ground to stand on in requesting the removal, or at least conversion to analog.

  5. While the legislative branch can rule on issues related to Smart Meters, it should be noted that the judicial branch can rule on the matter as well. Kentucky governor, Andy Beshear, stopped the “rollout” of Smart Meters while he was Attorney General stating that they cost too much and weren’t needed.

    In the case of Ohio legislators, it’s not too harsh to suggest corruption is possible given what has been exposed in the recently uncovered HB 6 federal bribery scandal involving the ousted Ohio Speaker of the House in Columbus.

  6. The surveillance state is getting ridiculous. And it is positively not worth it to be terrified of covid but to put yourself at a high risk of cancer and allow anyone to snoop on you.

  7. I had my “smart” meter removed and replaced with a digital “opt out.” I feel much better! I still wish I could have an original analog meter, but the utility company says they don’t have any, which I seriously doubt.

  8. I was told I cannot get an analog meter as they were no longer making them. I can say my electric bill has decreased since using a non transmitting digital.

Comments are closed.