While Raj Samani and I were conducting researching for our recent book, “Applied Cyber Security for the Smart Grid,” there was a lot of interest, speculation, imagination and debate around a particular discovery. The original finding, by researchers Dario Carluccio and Stephan Brinkhaus, indicated that with a frequent enough polling interval, Smart Meter readings could identify not only specific appliances used within a home, but could identify enough detail to generate a unique signature for a specific movie or television show (because specific frames of video will require different levels of brightness, etc. and therefore a unique electrical demand). Our interest is easy enough to explain, as are our concerns about Privacy.
Note that this scenario, where would-be bank robbers use infrared interface scanners to safely hack smart meters from their car instead of sneaking into the lobby and scoping out the bank cloak-and-dagger style, would likely not go over well with Hollywood movie directors.
Of course, we’re not about to rob a bank — nor do we condone such activity. We’re simply speculating that with important information being stored in Smart Meters, and with easy access to that data — from the relative safety of a position outside of our fictional bank, and outside of the area being secured, surveyed, and also presumably guarded by trained men with automatic weapons — a lot of damage could be done.
Theft of “privacy” can often equate to more tangible sorts of larceny. The private data being stolen could be a valuable digital asset (PII, banking data, a pharmaceutical recipe), or it could be data valuable enough to someone else to justify extortion (compromising records, medical files, a guarded secret). Could meter data provide information needed to steal a physical asset. Theoretically, yes. It’s a frightening speculation, and like the research it is based upon, it is likely to spark a bit of controversy.