A US based white hat security expert says the Smart Grid is constantly under threat of real attack and potentially no amount of investment in securing it will help.

According to the EE Times, senior research engineer Joe Loomis blasted through the buzz on smart grid and smarter energy technology, exposing the risks of hacking.

Smart Grid

“It’s critical infrastructure and society depends on it, making it a prime target for attack,” said Loomis

Indeed, as smart grid technology develops year by year, so too do the opportunities for hackers with malicious intentions on national infrastructure.

Loomis pointed to the recent Stuxnet computer worm discovered in June 2010, which took out a large portion of Iran’s nuclear centrifuge control and disrupted the delivery of nuclear fuel with its payload.

That worm, whose origins are still not officially known, exploited multiple zero-day vulnerabilities, said Loomis, spreading quickly across the world and even ending up in a few systems in the United States, despite Iran being the clear target.

“What made Stuxnet more scary than anything else is the order of magnitude of sophistication over everything that came before it,” said Loomis adding that the success of the worm was proof of concept that cyber warfare was real and dangerous.

“Before, if someone wanted to shut off power to my home, the electricity company would have to send someone around, physically, to cut me off. Now, it’s all being networked and can be shut off remotely, which creates a dangerous risk,” he said.

With $3.4bn in funds having been funnelled into smart-grid technologies by the U.S. government, more and more American households and businesses are getting connected up to smart meters, with over 60 million predicted to be deployed this year alone.

Loomis claims there are already “multiple credible threats” out there, before adding,

The most difficult thing, said Loomis, was for individuals and firms to evaluate the risks and invest in protection accordingly. “These are systems that were never designed to be secured,” he said, noting that any investment may also ultimately prove worthless.

“No system is 100 percent secure,” he said. “Given enough time and access, you can reverse engineer the whole thing.”

Loomis added that even if the country, or individual businesses spent a great deal of money to secure the power infrastructure, it would still be open to compromise, and that it was thus up to every individual to determine how much money they wanted to spend on trying to plug up the security holes.

For more Smart Grid news