back to article Seattle Suehawks: Smart meter hush-up launched because, er ... terrorism

Smart meter makers are battling to keep Seattle's power grid designs under wraps – claiming that if the details are made public, they could be exploited by hackers to plunge the US city into darkness. Sysadmin-activist Phil Mocek requested documents from the city on its smart meter system under the Washington Public Records …

  1. John H Woods Silver badge

    Sounds like some people need to be whacked over the head with one of Kerckhoff's weighty tomes

    1. dan1980

      Yep.

      While keeping the details secret may provide an extra (thin) layer of protection, if the system is - as they identify - an attractive target to miscreants and worse, it shouldn't need to be hidden.

      In other words, if secrecy forms an integral part of the security of such a system, then it is not fit for purpose.

      1. Trigonoceps occipitalis

        System security is not binary. Big brains will be applying mathematical tools to make the system secure enough - in this case (I hope) extremely secure. Obscurity can be a factor in this calculation. Security by obscurity quickly breaks down when keeping the architecture, technology etc. "secret" is the only or a significant aspect of the system security design.

        To miss-quote Michael Cain: "Not a lot of people seem to know that."

        1. Sir Runcible Spoon

          "Big brains will be applying mathematical tools to make the system secure enough"

          And in the real world this would be closely followed by the bean-counters stating that full security measures are too expensive, re-do from start only this time spend 1/10th the amount you original said.

        2. Alan Brown Silver badge

          "Big brains will be applying mathematical tools to make the system secure enough - in this case (I hope) extremely secure. "

          You can hope all you want. The fact is that most smartmeter installations have been found to have NO security at all.

          Now, imagine the effect on the stock price of the meter supplier if someone publicises that and how to walk down the street remotely tweaking people's dials or shutting their power off.

          It's terrorism alright - the kind of terror induced in company boards and directors that comes from the unlimited liabilities associated with being caught knowingly supplying deficient systems that in some cases could affect safety of life (home dialysis or medical systems, etc)

      2. J__M__M

        Yep? Try nope.

        Hey popular know it all comment guy, unless you and your 27 friends would like to post your full, complete, and unredacted network documentation right here for everyone to see, you are full of crap.

        Not fit for the purpose? Whatever. You're not fit for the purpose.

        And don't call me shoeless.

        1. dan1980

          Re: Yep? Try nope.

          @J__M__M

          There's a slight difference between my network(s) and this situation, which is that I am not claiming that my network is a juicy target for hackers, nor that a breach of my network could affect a critical utility across an entire city.

          Secrecy is a security measure, but if you have already identified that your systems are an attractive target and that an attack could have critical, far-reaching reprecussions for hundreds of thousands of people and businesses, then you really should assume that the design details will get out somehow, at some point.

          Changing the meters from traditional ones to 'smart' ones creates a risk that is not insignificant; the devices and the network behind it needs to be exceptionally robust.

          1. Sir Runcible Spoon
            Facepalm

            Re: Yep? Try nope.

            @J__M__M

            I'm with Dan on this one, when you create a security design you have to assume that the full build documentation could be leaked/stolen at some point, and you have to preempt that and put necessary measures in place to mitigate the risk (note I didn't say eliminate).

            As far as I am concerned, especially with the nature of the organisations I usually design for, the biggest security risk to the environment is me. So I design safety measures into the system so that once it is up and running, should I suddenly go rogue and sell of the designs or even try to compromise it myself, there are measures in place to a) stop me and b) know that it's happening and how to stop it even if I do get in.

            Insiders are a massive risk, and whilst obscurity plays it's part (i.e. people don't know what to hack if they don't know it exists etc.) it isn't *actual* security - it's just an extra measure to take to reduce the risk surface, every little bit helps.

            Now, in the case of these meters, everyone knows they are remotely controlled and that the security on them is probably a joke. The obscurity measure is already lost. The only thing left to do is to ensure that all the other (actual) security measures are in place.

            If they aren't telling people that measures are there, then you can be fairly sure they aren't. We aren't talking about them releasing detailed diagrams with IP addresses, physical locations, specific details about the ports and protocols - we are talking about the generic things that go into the security soup.

            For example, their documentation mentions RSA and keys - has that actually been implemented or is it just sales blurb? Are they using encryption all the way? Are they using MAC address control? What level of monitoring is going on - are there tamper traps in the software that will start calling for help if the system detects unexpected activity?

            One major advantage of a closed system where you know everything that happens is that you can set it up as a white list only - everything else is blocked from even getting SYN, ACK back.

            I would bet my house that the meters being rolled out to the US are as secure as a sign on a 2ft fence saying 'please don't hack me, you'll make me cry'.

    2. g e

      Or perhaps

      If full details of the tender were made public someone(s) would get nicked for greasing the wheels of public office in a dodgy backhanded manner to get contracts awarded.

      1. Sir Runcible Spoon
        Mushroom

        Re: Or perhaps

        My argument would be that if installing these 'smart' meters could result in the power grid being taken down, then why are they fitting them at all?

        1. Hud Dunlap
          Coat

          @ Sir Runcible Spoon. One reason is because of the dogs

          http://www.breitbart.com/texas/2016/05/16/dog-attacked-wrench-centerpoint-energy-contractor-died/

          For some reason the building code is to put the meter behind the privacy fence where the meter reader has to go to read it. Even if you don't have a privacy fence if you have a pool you have at least a chain linked fence. A lot of rural meter readers carry quality binoculars to read the meter so they can avoid the dogs..

          With a smart meter you can read and turn them off remotely if the bill hasn't been paid. Of course you can turn them off during periods of high use for rolling black outs too. This is one reason cities are pushing Smart Thermostats. The City will install them for free and give you a whole ten dollars if you give them the right to adjust your thermostat when they want.

          1. Sir Runcible Spoon
            Stop

            Re: @ Sir Runcible Spoon. One reason is because of the dogs

            @Had, I realise that my post sounded like a question, I should have ended it with "Then why are they being *allowed* to fit them at all" :)

          2. Alan Brown Silver badge

            Re: @ Sir Runcible Spoon. One reason is because of the dogs

            "A lot of rural meter readers carry quality binoculars to read the meter so they can avoid the dogs.."

            In other words, just fitting the meters with bigger dials would be more than sufficient.

            It's the remote control aspect that most people find creepy as all hell - and the surefire certainty that consumers will be charged EXTRA for increasing the convenience of the supplier, not the other way around.

            1. Joe Gurman

              Re: @ Sir Runcible Spoon. One reason is because of the dogs

              No, actually, the certainty (fear implies some level of doubt) is that the utilities' databases with information on when one is home and when not will be hacked, Wikileaked, and used to aid breakers and enterers (government as well as more overtly criminal). Smart meters enable the destruction of a reasonable expectation of privacy.

          3. Number6

            Re: @ Sir Runcible Spoon. One reason is because of the dogs

            Our dog is big and loud and the meter is not visible from outside. Worse, you have to run up some stairs to the gage from where the meter is fitted. However, the pool is much further than the meter so there's no need for the meter reader to fall in that.

  2. wsm

    IOT

    Is it the Internet of Things or "everything is the Internet" that spells doom for humanity?

    1. ecofeco Silver badge

      Re: IOT

      Is it the Internet of Things or "everything is the Internet" that spells doom for humanity?

      Skynet has a plan...

  3. Old Used Programmer

    GEt a bigger "Gun"?

    I wonder how good the Washington state anti-SLAPP laws are? Besides, wouldn't a document filed with the city be a, you know, *public* *document*?

    1. Malcolm Weir Silver badge

      Re: GEt a bigger "Gun"?

      Unfortunately, Washington's anti-SLAPP law was _too_ good, and was struck down as unconstitutional last year. As far as I can tell, they haven't enacted a "fixed" version, so the state of play as of today is that Washington has no anti-SLAPP law. This is probably a fact well known to Landis + Gyr and the other contractors...

  4. Number6

    Security?

    They clearly aren't very confident about how well they wrote their software then, if they're worried that it's vulnerable to terrorists. Someone ought to push for an independent review of it all, just in case, before they're allowed to deploy the network.

    1. Malcolm Weir Silver badge

      Re: Security?

      That is, in essence, what the point of the records request was: so that an independent eye could review the system.

    2. J__M__M

      Re: Security?

      If you hire a contractor that isn't worried, both you and the contractor should be fired.

      ------

      They clearly aren't very confident about how well they wrote their software then, if they're worried that it's vulnerable to terrorists. Someone ought to push for an independent review of it all, just in case, before they're allowed to deploy the network.

      ------

  5. Malcolm Weir Silver badge

    Optional

    It's much worse than the article suggests:

    The suit is directed at Mocek asks for damages because he posted material *that was released by the city*, which they allege contain trade secrets of the contractors. The notion is that the city released documents before they could be vetted by the contractors... and therefore the contractors will suffer harm (potentially, fair enough). But the complaint should, surely, be addressed to the city (who released the docs) not Mocek, who received them?

    So (and this is based solely on the contractors lawsuit): the Mocek asked the city for documents; the city asked the contractors for redacted versions; the city provided Mocek those documents and (allegedly) accidentally some unredacted related docs; Mocek posted them; the contractors sued Mocek demanding that he not post any of the documents the city had given him; and would like a restraining order preventing the city from releasing the unredacted docs. Oh, and the contractors would like damages from Mocek for, apparently, posting the documents they prepared in response to his freedom of information request.

    The contractors make great play, as the article notes, the risk if CyberBadGuys get the information... but again, that's addressed to the wrong people: it's not Mocek's responsibility to maintain the cybersecurity of the city's power system, that's the responsibility of the city. So if this was a rational (rather than SLAPP) lawsuit, surely it should be the city suing Mocek...

    Finally, the contractors want to a complete list of everyone who has accessed the docs, which can be found at https://www.muckrock.com/foi/seattle-69/smart-meter-security-audit-plans-schedules-proposals-contracts-discussion-results-seattle-10378/, which is well worth a visit!

    1. diodesign (Written by Reg staff) Silver badge

      Re: Optional

      Ah yeah, the case is pretty messy - we tried to keep it succinct. I'll add some of that info into the mix. We're speaking to Phil in-depth tomorrow so expect some more info on Thursday.

      C.

      1. Malcolm Weir Silver badge

        Re: Optional

        Excellent! I'm sure you've seen Section 38 of the contract between Landis + Gyr and the city, signed by a senior VP of L+G named William Weidenbach, which explicitly discusses Washington State's Public Records Act, and explains how the city isn't going to protect L+G's information for them...

      2. diodesign (Written by Reg staff) Silver badge

        Re: Re: Optional

        Update: We'll run the follow-up on Friday because everyone's distracted by this afternoon's Oracle-Google news.

        C.

    2. MachDiamond Silver badge

      Re: Optional

      Very bizarre. I've designed and quoted many systems and never delivered confidential company data in any of them. Any bids by a contractor for a public project should be 100% available to any member of the public to examine. It's our money. These products and services are being purchased for us by our elected representatives (via their staff).

      1. Sparks_
        Angel

        Re: Optional

        Interestingly, according to the article, city officials claim they are not capable of censoring/redacting documents, so how did they choose from the proposals in the first place? Was it the technical assessment of cheapest bid wins? If so, is the cheap design so badly engineered that it is inherently a risk? Thus keep it covered up because there's no security in obscurity...

      2. Sir Runcible Spoon

        Re: Optional

        One of those documents states that the system has been designed to comply with standards x,y,z etc. and that RSA and HSM's are involved, plus info that open standards are being used etc.

        Then, at the very bottom, it states that the information in the pdf is trade secret!! Looks like a standard footer message to me and obviously not related to the information in the document body, as all it mentions are the standards that were used in designing the system, hardly trade secret.

    3. Number6

      Re: Optional

      What do they plan to do with that complete list of everyone who's accessed the docs? It makes me want to go visit every public library I can and click on the link.

  6. William Higinbotham

    Check this out:-)

    https://patents.google.com/patent/US20090243869A1/en?q=sensus

    Now read some white papers

    http://sensus.com/resources/white-papers/

    1. Voland's right hand Silver badge

      Re: Check this out:-)

      How the f*** did this get granted in the first place?

      This is just a boilerplate design for a generic gateway which has been produced by various manufacturers for years. Sagem was shipping such a device 7+ years ago (with a slightly different protocol set, but pretty much identical designwise).

      There is absolutely _NOTHING_ inventive here. It fails the novelty test, it fails the prior art test, which f**** cretin has granted this and why are our fees (and for USAisians - taxes) being used to pay his salary.

      Oh... I geddit... Search and replace with software defined - same as it was done by plugging mobile everywhere 5 years ago and Internet everywhere 10 years ago. In any case - a Eu patent examiner will laugh his arse off if you submit this as an application and slap you on the head with it.

  7. Dan 55 Silver badge

    The city's officials claim they are not qualified to censor the files

    So how have they vetted the security of the proposals and chosen the most secure one?

    That was a rhetorical question by the way...

  8. Anonymous Coward
    Anonymous Coward

    Wow, this is a timely article!

    Just saw on the news tonight that downtown Seattle had a blackout at around noon yesterday that lasted about an hour. They said it was related to a failure at a substation, though this article says the cause hasn't been determined. Interesting...

    http://www.seattletimes.com/seattle-news/downtown-seattle-loses-power/

  9. Doctor Syntax Silver badge

    Hello, Sensus. Is Ms Streisand in the office?

  10. Brian in Seattle
    Coffee/keyboard

    Mmmph! HAHAHAHA!

    Ok, um. . . .

    "Smart meter makers are battling to keep Seattle's power grid designs under wraps – claiming that if the details are made public, they could be exploited by hackers to plunge the US city into darkness."

    That line made me laugh out loud in a restaurant as I was waiting for my take out tonight, causing the rest of the guests in the restaurant to turn and stare at me. News flash: Seattle's power grid doesn't need hackers exploiting it to go down. All that's required is a wayward racoon:

    http://www.king5.com/news/local/seattle/raccoon-de-energized-power-to-38000-in-seattle/185341641

    Or, today, some unidentified equipment issue that plunges the entire downtown core into "darkness." (It's really hard to call it darkness at noon. Maybe "a darker shade of gray"?):

    http://www.king5.com/news/local/equipment-failure-causes-large-power-outage-in-seattle/214886559

    I've lived in other large cities in the US, and this has to be one of the most unstable power grids around. One wonders how much duct tape is really keeping it all together.

    1. Number6

      Re: Mmmph! HAHAHAHA!

      I've lived in other large cities in the US, and this has to be one of the most unstable power grids around. One wonders how much duct tape is really keeping it all together

      Based on the outages, clearly not enough.

  11. Crisp

    Oh good, security by obscurity.

    If obscurity is that important, I'd hazard a guess that there's next to no security at all.

  12. Anonymous Coward
    Anonymous Coward

    How else are the NSA going to put backdoors in these products...

    ....if they let the great unwashed have a look under the covers?

    Get back to your drudgery citizen - you will comply or be dealt with.

    OOOoooohhh say can yooooou seeee.....

  13. Alistair
    Windows

    We can't tell you about that

    You might break it if you knew.

    <It in this case being our kneecaps>

    I have dealt with a manager who freaked out when a process I set up and ran sent MD5 sums of transferred files in a separate email to both ends. "It tells them what we use".

    Urr, no, no it doesn't.

    In all cases like this, it would be management/C suite non techie types pulling the kneejerk "Oh crap I don't know what that means, so we must be giving away the farm". I *hope* that the techies that built it did so with a modicum of security in mind, however, given what all of the big corporates are up to these days, lowest cost, shortest turnaround, etc etc .... It likely will give away the farm.

    <grumpy bastard this morning, despite decent coffee>

  14. dmacleo

    irony was just thinking about the money NOT using smart meter costs me today.

    I pay about 12$ (US) to NOT have smart meter, I am in area with constant power blinks, etc (rural Maine) and do not want anyone to have the ability to remotely shut my power off to reduce load.

    have some physical issues that make it keeping house at 71-72F a necessity as well as multiple ML350G5 servers running.

    ah well I digress..

    1. Anonymous Coward
      Anonymous Coward

      smart meter does not automatically = remote disconnect meter. Some smart meters include remote disconnect, a technology originally developed for the benefit of a utility that had lots of seasonal disconnects (turn on the power at the cabin in May, shut it off in September or so). Others include ability to load shed certain loads (which, if *properly designed*, have no impact on the customer).

      If keeping your house at 71-72 degrees is critical, wouldn't it be beneficial to you if the entire region allowed for 15 minute windows of load shedding air-conditioners (yes, yours included). The typical load shedding regime calls for rolling or staging of heavy loads in order to prevent outright (lengthy) blackouts. It's more of a load synchronization than anything else. The alternative is to build the grid to supply worst-case loads and to buy spot power to cover said loads, the result of which shows up on your power bill.

      1. dmacleo

        our meters would have been the type that allows remote shutoff from power company.

        and no it would not be beneficial to me.

        its very rural area and the load is not that high, the power company just refuses to trim trees that hit lines so I lose power (blink or minute or 2 outages) usually 5x a week. bad enough I need to have UPS on my on demand water heater and water softener just to keep programming and give me time to fire up generator if longer than an hour.

        I have enough issues keeping stuff running w/o having to deal with someone else deciding I don't need the power.

  15. hellwig

    Destruction?

    I don't need a document to destroy these devices, just give me a sledgehammer!

    I remember a story about a utility company that used "smart meters" that reported home over 3G data connections. People figured out (without any documentation I'm sure) that they could remove the SIM cards from the meters and use them to make all sorts of phone calls and browse all sorts of data.

    I mean, if you'er only using these meters to report usage data back to home base, WHY would they have ANY calling plan in the first place?

    Sensus probably just doesn't want you to find that switch labelled "Stop Metering but continue to supply power" they put in each unit.

  16. ecofeco Silver badge

    Smart meters?

    Not so smart now, are they?

  17. Herb LeBurger
    Unhappy

    I'll bet the FBI has set up a Stingray

    ... to find out what other shenanigans this Mocek character is up to. Even if they had to get a warrant, I'm sure telling the judge that he requested documents from the city would be enough to get it signed.

    And while I'm betting:

    "The information Sensus has redacted contains specific details that, if publicly released, would increase the risk of both cyber-intrusions and physical attacks on the utility grid," Sensus says in its filing.

    Anyone else think these specific details are "The default password is 'password'. And the default password can't be changed." ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like