New tool spots hacking vulnerabilities in smart meters

LAS VEGAS — Researchers probing the security of smart-grid technology presented their results at the Black Hat Briefings, and released a tool to help spot vulnerabilities in new smart meters.

“People are going to be messing with the meters,” said Don C. Weber, senior security analyst at InGuardians. The software tool, called OptiGuard, can help equipment vendors and utilities spot the weaknesses before the bad guys do.

Advanced Metering Infrastructure — or smart meters — are being installed in millions of homes and businesses as part of a national program to develop a smart electric grid. The Energy Department has distributed millions of dollars in grants for the development and implementation of smart-grid technology.

Related stories:

Smart-grid tech outpacing security, in 'delicate dance with risk'

Smart-grid security delayed by questions of government regulation

Because the grid is critical to national security, DOE and the National Institute of Standards and Technology are identifying and developing standards for security and interoperability.

InGuardians has been working with utilities and equipment vendors since 2008 to assess security and identify weaknesses in the technology — sometimes without complete cooperation. An equipment vendor blocked Weber's presentation at an earlier security conference this year.

“Every technology has some vulnerabilities associated with it,” Weber said. “We're doing our best to identify these things up front.”

Smart meters have an optical port that is a back-up for analyzing and configuring the meters. Weber developed a tool that can use the port to probe the meter, identifying data components that can be read or reconfigured. Such attacks could allow someone to change the way they operate.

Utilities are more concerned with the impact of vulnerabilities on the grid than with individual meters, Weber said. “Right now this is a single attack,” he said. “I can use it on a single meter.”

But the work can help fix problems before they can be used to attack the grid on a larger scale. OptiGuard will be available to utilities, equipment vendors and to security researchers.

Weber said the government's effort to develop security standards for the grid with industry is going well. “The standards are moving forward as fast as they can,” he added. But standards-making is a complex and time-consuming process.


About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected