The company surveyed 544 IT respondents in the IT security industry, including senior management, IT operations, security professionals, and risk and audit managers.
"It's not surprising that the majority of respondents is concerned. The smart grid initiative involves aggressive deployment of a network device -- in this case a smart meter -- to nearly every household in America. That's quite a target surface for a Stuxnet-type attack", said Tim Erlin, director of product management for nCircle, a automated security and compliance auditing firm.
In a recent interview with Infosecurity, Ulf Lindqvist, program director at SRI International’s Computer Science Laboratory, identified a number of cybersecurity vulnerability points in the smart grid, including smart meters and power plant control systems.
“When you introduce computers everywhere in the grid – in the generation, transmission, distribution, and metering in homes – then you also introduce security risks. Unfortunately, it is very common that when new infrastructure is introduced, security is more of an afterthought”, Lindqvist said.
Lindqvist agreed that smart meters are vulnerable to attack. Hackers could take control of millions of smart meters and wreak havoc on the electricity grid. “If there are vulnerabilities that allow these attacks to be sustained over time, that could be costly and even extremely dangerous.”
He also warned that many types of power plants use industrial control systems, so they could be vulnerable to a Stuxnet-like cyberattack. “Malware is really just limited by the imagination and resources of the attacker. Once you have software that can spread through vulnerabilities in systems, you can make it do whatever you want.”