Will the Smart Grid Become the Annoying, Vulnerable Grid?

Washington, D.C., July 3, 2014 – Do you want a future in which you have to plug in your username and password on your smart phone to open you refrigerator? Talk about an annoyance.

This thought came to me when reading a new report in the June 30 issue of MIT’s Technology Review magazine. Much of what the electricity industry is touting as the smart grid – which it is pushing because it will make money for them, which is fine with me – comes down at the consumer end to another trendy term, the “internet of things.” Among those things could be not just your glasses, but your toaster, fridge, and dishwasher.

The Technology Review article notes that both Apple and Google (owner of the Nest smart thermostat and smart smoke detector) are pushing new software for consumers to communicate between home appliances and the users’ smartphone. They are competing to be the portal to your smart home and smart appliances. Presumably that will also include communicating with whatever vision of the smart grid emerges from the distribution utility that also aims to control your home energy use.

The article by Simson Garfinkel says, “The visions of Google and Apple will require a lot more than new frameworks and developer conferences to be truly transformative. They will require heretofore-unseen levels of reliability, security and usability. Otherwise we’re in for a frustrating and possibly dangerous networked future.” Garfinkel is a computer security research scientist examining digital forensics, security, personal information management, privacy, and terrorism.

That future likely will be built around Wi-Fi, Garfinkel observes. But as anyone with a home Wi-Fit network knows, Wi-Fi has a disconcerting habit of going South unpredictably. Getting it working again is generally a fraught endeavor. It also has a habit of inexplicably not covering some areas (mine doesn’t ever work in my downstairs bathroom).

Then there is broadband Internet, the Wi-Fi backbone. It also doesn’t meet the reliability measures common for electricity service. And the ways that consumers get Internet differ considerably, with implications for reliability. Some homes get Internet from their landline phone suppliers (Verizon’s FIOs), others from cable providers (Comcast), and others (including me) from satellite providers.

As the Technology Review article points out, these conditions raise two issues: usability and security. Both Apple and Google are contemplating tying their communications with smart appliances to personal accounts, i.e., username and password. “Families shouldn’t be forced to decide if the dishwasher is bound to Mom’s Gmail account or Dad’s.”

Then there is the problem of what to do about “babysitters, housecleaners, maintenance workers, and building superintendents. If these people need some way to interact with your smart devices, there should be some way to give them that access without sharing your username and password. And there should be some way to review their actions after the fact.”

Then there is grid security. The article acknowledges that “the smart home will be an attractive target for hackers and malware….Smart things will be attacked, almost certainly in ways that we can’t anticipate today.” The article focuses on the security of the consumers’ systems and devices. But the smart home also gives hackers and attackers a portal to exploit the home systems to launch attacks on the greater grid, which the article does not discuss. Obtain the home IP address, username and password, and the clever hacker is in position to exploit the grid itself.

At the same time the MIT article appeared, Bloomberg ran an article observing that smart meters – another moneymaker for distribution companies – offer another entry point for hackers to make mischief and maybe pare off some of the money flowing from the new technology. Bloomberg quotes Gavin O’Gorman, a Symantec analyst, “Anytime you introduce more software, you introduce more complexity and inevitably more potential holes to the system.”

The Technology Review article concludes that “the coming wave of smart devices will rely on technology that is ill-equipped to guarantee reliability, and will also introduce completely new ways for things to go wrong. So the companies that make them will need to put far more focus on security, usability, and privacy to earn both customer acceptance and trust.”