When it comes to guaranteeing resistance against determined, long-term intruders, most security experts will shy violently away from any substantive predictions of long-term viability. And that doesn't matter whether you're talking about hardware or software applications (how long did DES last?)
In mid 2009, iTWire spoke with Gabriel d'Eustachio, Security Consulting Lead at CSC to gain his thoughts on the state of play with Smart metering (also known as Advanced Metering Infrastructure) - this conversation happened a little after the Victorian Government had called a halt to the meter roll-out avalanche; Gabriel was speaking more generally on the overall project.
The Victorian Government has made a bold decision in this space. They have mandated the implementation of one of the most advanced systems in the world. This is a double edged proposition: this system will give Victoria a long-term edge in both energy efficiency and reliability; on the other hand, something this complex brings on incredible amounts of risk. The standards and guidelines for security and privacy are not formally defined to any detail, and the power companies are compelled to fly "seat-of-the-pants" until some standards are produced. Very interesting time to be involved in this industry.
In the weeks before d'Eustachio spoke with iTWire, there were three presentations at BlackHat (the Las Vegas hackers' conference) dealing with how to break into Smart Meters - not bad for brand-new technology intended to survive for a generation or more.
At around the same time, iTWire reached out to the Victorian Department of Primary Industry - the department responsible for Smart Meter roll-out for their thoughts on the various security issues already announced.
iTWire: Every meter is essentially a computer; what will be done to ensure that these meters are installed untampered and also are provided with regular security updates (should later 'issues' be identified)?
Read on for DPI's response and also the latest ways to cause mischief to Smart Meters.