HP develops security audit assessments for smart energy grids

Announced at HP's Executive Energy Conference 2009 in Budapest late last month, the HP Smart Grid Security Quality Assessment (SGSQA) service is aimed at utility companies and smart grid operators.

According to HP, the service is based on existing security audit methodology the company has used internally for over six years to test its own software and hardware in sectors such as defence.

As a result, HP says, the methodology is both mature and sophisticated.

Ian Mitton, HP's worldwide director of utilities, said that there is a lot of concern about the security in this field.

"Recent successful hacking attempts against some smart meter technology had led some energy company's to reconsider the security aspects of the technology", he said.

"That has caused a lot of concern in the market and this is our response to that."

HP said that its new security service is currently being trialled with three utility companies, two of which are in the US. Early reports suggest that the security audit works in multi-vendor environments.

As reported in the UK press this last week, plans to install gas and electricity smart meters in every home by 2020 pose a "national security risk" because the devices could be hacked into.

In a weekend report in the Daily Telegraph, one of the government's own data security consultants has warned that the smart meters could "be programmed to cripple the national grid or to steal valuable household data, breaching the privacy of millions."

Ian Watts, head of utilities with Detica, the data security firm, was quoted in Saturday's Telegraph that there are already around 40 million smart meters in use worldwide and, "even at this early stage, we have seen a number of security breaches."

"These have included insecure meters, hacking of customer details, denial of service attacks and suspected infiltration by foreign intelligence services."

According to Detica's Watts, the utilities network has been defined by the government as a key part of the critical national infrastructure.

"The impact of any large-scale power cut could not only put lives at risk but be potentially paralysing for the economy. Whilst there are many potential benefits of smart meters that justify their introduction, we must be aware it also brings new risks and should therefore 'design in' security from the outset to guard against this", Watts said.


What’s Hot on Infosecurity Magazine?