WikiLeaks and Stuxnet - Smart Grid Wakeup Calls

By Jon Arnold (ICP) December 02, 2010

The past couple of weeks have been pretty seminal for anyone concerned about the state of Internet security and the bigger picture as to how much we could – do – and should – trust the Web. These two strange words – WikiLeaks and Stuxnet – have suddenly entered our lexicon and there is a lot to be concerned about in the world of smart grid.

WikiLeaks has garnered more attention simply due to its scale and breadth of coverage. By exposing the unvarnished realities of global politics using the very tools that diplomats assumed would protect them, they make the security issues around social networking sites like Facebook seem trivial. The very fate of the free world rests in the hands of a few, and with some simple keystrokes, WikiLeaks has laid human nature bare for everyone to see. The intended effects have been achieved, not just by embarrassing the upper echelons of power, but by showing how vulnerable the Web can be.

By the way, I am in no way trying to minimize the privacy issues around Facebook. They are equally troubling giving how popular these sites are, and while Facebook serves far less noble purposes, they also show how fragile trust and privacy really are in the Internet world. WikiLeaks has far deeper consequences, but whether the players are highbrow or lowbrow, a great deal of collaborative activity can be quickly undone by a handful of clever and determined people.

Stuxnet is far more sinister, but given its most public incarnation, the lines between good and evil are less clear. Pretty much everyone in both the West and Arab world wants to stop Iran from acquiring nuclear power. No country has more to lose than Israel, and all the players know that Iran cannot practically be stopped from outside-in. Attempts to physically bomb these reactors as the Israelis bravely did in 1981 would be folly now, as Iran has learned its lesson from Osirak. Without veering into a geopolitical narrative, I’ll just say that the smarter way to go is from the inside-out, and that’s where Stuxnet comes in. It’s quite brilliant, really, and coming back to the good versus evil debate, the desired results can be achieved this way without loss of life or messy mass destruction.

In its native state, technology of course is amoral, and simply follows instructions. Stuxnet and WikiLeaks are great examples of this, and serve as timely flashpoints for smart grid. Whether good or evil intentions, they show the fragile state of Internet and software security. So many aspects of our lives depend on these elements, and until a major breach happens, we don’t realize how much we take these things for granted. In some ways, they are as basic to modern life as simple necessities like water, and look how easy it is to compromise our water supply. If you favor chemical or biological warfare, water is a very easy target, and could quickly bring our world to a standstill in a worst-case scenario. Software or Internet sabotage is no different – there is always someone out there smart enough and/or evil/angry enough to use these as vehicles to achieve a desired outcome.

This brings me to smart grid. After water and oxygen, energy is the most important life force for the modern world, and as smart grid evolves, software and the Web will play an increasingly central role. Just like we don’t build huge fences around every source of water, we don’t normally think of power stations as targets for attack. Of course, this thinking is prevalent in the telecom world, but as voice moves deeper into IP, all kinds of new vulnerabilities arise. Smart grid is on the same path, and as we’ve seen now with Stuxnet and WikiLeaks, threats can come from some very unlikely places.

Historically, power producers haven’t had much to worry about, as most energy generation has been local. Efforts to destabilize or incapacitate electricity would typically be on a small scale, and that doesn’t provide much leverage for someone looking to gain something. Smart grid, however, sets the stage for something grander, especially if the vision of a U.S. national grid is achieved. Clearly, the more centralized the grid becomes, the more attractive it is as a target. The power grid cannot be made redundant in the spirit of Arpanet, which was designed for this very purpose (to survive a nuclear holocaust).

I’m not a security expert, but the proximity of these two recent events – Stuxnet and WikiLeaks – should make these concerns a pressing issue for utilities. For starters, security cannot be minimized or assumed, and to protect yourself from the malicious doings, you have to think maliciously and expect that these forces are out there. Waiting to develop security safeguards only after a malicious event is not a winning strategy, especially for such costly infrastructure as smart grid. While smart grid offers great upside for utilities, there is a lot of new risk as well, and to mitigate that they should be probing Stuxnet and WikiLeaks for lessons learned any way they can.

Jon Arnold is co-founder of Intelligent Communications Partners (ICP), a strategic advisory consultancy focused on the emerging Smart Grid opportunity. To read more of his Smart Grid articles, please visit his columnist page.

Edited by Erin Monda

Founder, Intelligent Communications Partners

Related Articles

An Issue of Scale: How Numerex Soothes the Savage IoT Beast

By: Ken Briodagh    11/25/2015

The IoT is a simple beast, really. Plug smart device A into cloud B and try your best to make sense out of what you find, while keeping evildoers from…

Read More

Hey Health Care Professionals! Let's Solve Security

By: Ken Briodagh    11/25/2015

I love how readily the health care industry has taken to the IoT. You folks are leading the way in both enterprise and consumer-facing M2M technology,…

Read More

Ingenu Launches National IoT Machine Network in US

By: Ken Briodagh    11/24/2015

Ingenu, a connectivity provider exclusively for machine networks, recently announced the initial rollout of its Machine Network, which will cover 30 m…

Read More

The Shopping Mall of Things: A Black Friday in the Life of the IoT

By: Special Guest    11/23/2015

While we have seen examples of some high-end retailers closing their doors for good, such as Blockbuster and Borders, brick and mortar retailers have …

Read More

Atmel Brings Improves WeChat's IoT Capability

By: Frank Griffin    11/17/2015

As more of the things around us become smarter, the information they transmit must be secured to protect the data. One of the largest social media com…

Read More