Survey: Energy Security Pros Believe Smart Meters Vulnerable To False Data Injection

Survey sponsored by nCircle and EnergySec

April 9, 2012

2 Min Read

PRESS RELEASE

SAN FRANCISCO, CA— April 9, 2012— nCircle, the leader in information risk and security performance management solutions, today announced the results of a survey of 104 energy security professionals. The survey was sponsored by nCircle and EnergySec, a DOE-funded public-private partnership that works to enhance the cyber security of the electric infrastructure. The online survey was conducted between March 12 and March 31, 2012.

When asked, "Do smart meter installations have sufficient security controls to protect against false data injection?" 61% said "no".

Power grids connect electricity producers to consumers through interconnected transmission and distribution networks. In these networks, system monitoring is necessary to ensure reliable power grid operation. The analysis of smart meter measurements and power system models that estimate the state of the power grid are a routine part of system monitoring. False data injection attacks exploit the configuration of power grids by introducing arbitrary errors into state variables while bypassing existing techniques for bad measurement detection.

Patrick Miller, the founder, CEO and president of EnergySec noted, "Smart meters vary widely in capability and many older meters were not designed to adequately protect against false data injection. It doesn't help that some communication protocols used by the smart meter infrastructure don't offer much protection against false data injection either. Together, these facts highlight a much larger potential problem with data integrity across the smart grid infrastructure. Because our nation relies on the smart grid to deliver robust and reliable power, we need to make sure that all systems that process usage data, especially those that make autonomous, self-correcting, self-healing decisions, assure data integrity."

Elizabeth Ireland, vice president of marketing for nCircle, noted, "A false data injection attack is an example of technology advancing faster than security controls. This is a problem that has been endemic in the evolution of security and it's a key reason for the significant cyber security risks we face across many facets of critical infrastructure. Installing technology without sufficient security controls presents serious risks to our power infrastructure and to every power user in the U.S."

About nCircle

nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value.

nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at http://www.ncircle.com.

Read more about:

2012
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights