The rest of the world uses 3G/4G modems in their smart meters, they are usually also connected to a different APN than generic mobile data. Sometimes multiple meters are connected to a central hub with a physical wire (in apartment buildings for example). The hub is then the only gateway to the internet.
The hack in question is only viable because of the weird way US smart meter collection is done.
US Smart Meters use RF to shout out their values everywhere like an RF beacon. A power company vehicle drives around the neighbourhood, collecting the values, storing them and moves on.
Source: I did smart metering software for L+G.
Yes. I guess it's worth stressing this, as it seems taken for granted by people experienced with cellular M2M/IoT but maybe not so well known in the general public.
A cellular modem is first connected to an operator network. For mainstream subscriptions it is then connected from there to the Internet, making a device behind the modem reachable over the Internet, with all the security issues associated.
But for business customers the telcos offer "private APN" subscriptions, with a VPN connection to the customer. Then the modems are connected to the customer and not to the internet, and the devices behind are not publicly reachable.
Support of private APNs is part of cellular data since 2G GPRS, so from the very start. One can expect industrial cellular users to use them.
Upgrading the modem in a smart meter requires visiting every location you serve. That's not something a utility would like to do more than once every few decades. With 3G and 2G now being phased out, will utilities have to replace all their smart meters?
What the fuck
(I believe that at least some of the blatant inequity in the Texas blackouts was necessary for this type of reason. There were various critical facilities (gas pumping stations, for example) that, if shut down due to rolling blackouts, would have further reduced grid capacity.)
SDG&E uses encrypted Zigbee to transmit data. AFAIK, it has not been cracked.
It's a good solution for a nation with a low population density. In higher density locations, meter readers and cellular connections are used.
Maybe it used to work this way, or some uncommon types of meters work this way, but I've never seen them. The only ones I've seen broadcast to collectors that are usually on street lights, which are then connected to the power company's network. If you go to the wiki that's linked at the end of the article, they've even got pictures of one: https://wiki.recessim.com/view/Landis%2BGyr_Collector
The connector on the front would have an antenna, and they're usually placed right before the light on the pole facing down.
I wonder how long it is until Uber or Amazon, or the postal service, strikes a deal with the power company to power this last mile sneakernet.
> Source: I did smart metering software for L+G.
How long ago? I believe that was how the earliest meters that did not require someone to actually look at the dials worked, but many or most have moved on.
For example the meters that Puget Sound Energy is in the middle of upgrading too (they did mine a couple months ago) (Landis+Gyr meter using their Gridstream RF system) form a mesh network to communicate with the mothership, which they describe thusly [1]:
> At the center of the Gridstream RF Mesh solution is a true mesh, peer-to-peer network where each endpoint, device and router communicate in a peer-to-peer fashion, extending the coverage and reliability of the network. The asynchronous, multi-channel communication structure allows for increased data throughput and opens more paths to the data collector.
> The self-healing network features dynamic routing messages that automatically adjust for changes to endpoints and the introduction of obstructions, such as foliage or new construction. System routers utilize one Watt of power to increase transmit distance and throughput, while data collectors support up to 25,000 meters, further minimizing infrastructure and maintenance costs.
The documents tab on that page has PDFs with product sheets for the various components (endpoints, collectors, routers).
The previous meters PSE used looked like traditional analog meters, but my account page at PSE showed my daily usage, updated daily, so they definitely had some kind of remote reading capability. I'm sure it was not someone driving around the neighborhood daily because it continued updating even whenever weather made it so it was very difficult to get a vehicle into my area for several days. I don't know if those were a mesh network--they were installed sometime in the very early 2000s I believe which seems a little early for that. Could have been cellular or power line networking. I know that both of those techniques have been used fairly widely--I just don't know what my particular meter was using.
Meshnets are the newer system, but still use RF and have their own issues (like car keyfobs in the same frequency either freezing completely or randomly opening/locking car doors :D)
https://texasmonitor.org/settlement-reached-on-austins-made-...
Actually, most is collected now via Internet connected reception points typically installed on traffic lights and electrical poles strategically stationed near neighborhoods.
The Germans would have a fit about that. It's illegal to measure electricity with under 24 hour granularity in Germany and IIRC in Switzerland. And there are really specific rules on what can be measured and how much of the data can be stored in the meter.
I believe a union was involved but don't quote me on that.
This is what someone told me, I am not presenting it as fact. If you know differently, please debunk.
Some countries (like France or Spain), use communications via PLC which are encrypted to the local transformer. They are then sent to the distributor via 4g/whatever
Water meters in our area do the same, but since it is near the street and below-grade I can only see a few of those.
After having looked around for a while in disbelief, I now filter the capture from the SDR to just the ids of my meters. And I accept the fact that someone sufficiently-motivated could figure out when we're on vacation based on the broadcast consumption values...
Germans did royally fuck this up at one point and they had a provider that measured power consumption at so high a frequency that you could detect what TV show people were watching based on the power consumption. [0]
[0] https://nakedsecurity.sophos.com/2012/01/08/28c3-smart-meter...
I thought they transmitted over the power line? https://en.wikipedia.org/wiki/Power-line_communication
But when it works, it's a lot more reliable than the RF abomination some networks are doing =)
Check out yaantc's comment. tl;dr it's a completely separate network with no internet access. Basically a VLAN inside the cell network.
The metres themselves have a 10m range (one for gas, usually outside, another for leccy, usually inside) so a receiver outside of that won't function.
I think most electrical utilities in the US would balk at being dependent on a cellular telephone company. Many of them won't even lease fiber from the telcos, insisting on stringing up their own instead.
(Source: employer locked up the thermostat to keep us frigid to save money, but I just put an ice pack on top of it)
I'd suspect this is an exaggeration. I've been plenty of places in the world (yes, even Europe) with no cellular connectivity. So clearly "the rest of the world" is a generalization.
That's a problem.
Re-frame the problem in terms of rich vs. poor. Now it makes sense because power companies (which are privatized in Texas) will prioritize fixing infrastructure for their reliable, paying customers over fixing infrastructure for more unreliable customers (which poor people tend to be). And it happens that some minorities have a higher probability of being poor (because of inter-generational poverty, or just being an immigrant coming from a poor country).
from the article
I'd clarify this as "needed be attributed to intentional, malicious racism."
A system can be racist in terms of outcome without having been intentionally designed to be racist. That still might be a problem. A sibling comment posited low-income areas are both more likely to have monitory residents and older infrastructure. That seems possible. But doesn't make it a non-issue.
1 - Critical infrastructure (hospitals, etc);
2 - Interconnects on the T&D infrastructure;
3 - Population density.
This is actually heavily regulated.
When that storm hit, ability to pay meant absolutely nothing. Poor and rich alike all lost power. When the generating stations and lines all freeze, it becomes impossible to get energy out, whether anyone can pay or not. Money doesn't magically make capacity appear when the delivery network itself fails. That was really the downfall of the Texas approach. Naive economics assumes you can deal with shortages by just rationing using price, and higher prices will incentivize producers to produce more. But if the delivery infrastructure stops working, it makes no difference what the producers' incentives are. They can't deliver anything whether they want to or not, no matter what you're willing to pay them.
Not that I necessarily disagree with this but do you have any data to back this claim up?
What was also interesting is that it correlated with altitude of the meter which indicates a preference for wealthier neighborhoods.
The problem is that the data Hash collected is incomplete and hard to draw conclusions from:
* It’s a war driving effort of a small strip of Dallas * The data becomes impossible to capture as normal interruptions happen and reset the uptime counter.
It’s also unclear to me if these uptime counters are affected by having a generator or other backup power supply. One of the examples he noted was a Chase Bank that hadn’t experienced an interruption at all.
Also “over [N] times higher” is usually a marker that you’re being misled. Four times 0.00001 is still an extremely small number, not even statistically significant.
Also, TFA: "Income status of areas did not appear to be a strong factor"
who knew that 'uptime' would be such a security potential?
ERCOT and utilities didn’t even to know which circuits not to shed to keep gas pipeline infra (compressor stations) running during the spring winter event.
Local permit data around electrical infra and ground truth from open data sources will take you far if you want to identify these loads. Folks answer a lot of questions they shouldn’t if you roll up with a hard hat, clipboard, and hi viz vest from your non descript pickup truck if you’re more bold.
In my area the chance of an outage can vary considerably between one neighborhood and an adjacent neighborhood. It would be nice when considering buying a house to be able to know if it is one of the lower outage neighborhoods or not.
Can't you just ping a couple of servers at a centre and get an extremely accurate readout of a data centre's uptime?
Since the meters broadcast in the clear I would not be surprised if war driving becomes standard practice for the retail electricity providers. Yes that's right. When you sign up with a REP they don't know your habits: how much power you're actually going to use or when. Having historic meter data is a competitive advantage in building your pricing models.
I'm getting really tired of people who have no idea how the system functions in Texas making strong assertions based on errors and sweeping generalizations from journalists that don't have a clue how things work either.
I have two U.S. ISO's, multiple REPs, and a large generator as clients. I know people on the board of ERCOT and get the back story on everything, especially things the public will never hear about. This business has nothing in common with anything you've probably read unless it comes from industry insiders.
I know they stopped accepting zigbee device pairing starting this year, and only allow authenticated API based requests which is delayed by 24 hours. Right now there is no way for customer to get real time data from the meters themselves.
http://www.ercot.com/committee/board
Contact Information Chair: Vacant Vice Chair: Vacant
There's something else they are hiding IMHO. Perhaps it includes answers to how the few million without power is either a BS number, or an explanation as to why my city alone(which owns a power company and had enough power generation for its citizens/owners) had 1-2/3 of the resident without power for days.. If only about 1/10th of the state was without power why did the rolling blackouts stop rolling for so many people? We essentially "took one for the team".
My guess is they are hiding layers of yet-uncovered incompetence.
I'd call you Captain Obvious(tm), but this is the Texas Laboratory for Shitty Government (to paraphrase Molly Ivins) we're talking about.
Things they are likely hiding:
1) The grid is shit and has no control granularity.
The granularity is sufficiently high that they couldn't disconnect enough load. Too many things are on the same circuits as the essential things. To fix this requires new power feeds (read: expensive copper wire) and the controls to run the smaller granularity. Nobody wants to to pony up the cash to fix this, so this will not get fixed.
2) Factories aren't connected with controls
ERCOT couldn't summarily disconnect manufacturing plants with controls and had to fiddle with pricing games to finally force the plants to disconnect. The fact that people were without power but manufacturing plants still had power will make some people upset. But, don't worry, they'll still vote for Republicans.
3) The "critical" portions of the grid are now larger than the "non-critical"
At least in the winter, residential simply just isn't pulling enough load to be able to stop a grid collapse. People have energy efficient residences. Consequently, essential things like your water treatment plant are consuming an amount of energy that takes a lot of residences to match. The only way to fix this is to keep fuel and backup turbine generators on-site to allow the plant to keep working after it disconnects. This costs money, so nobody will do it.
The whole point of Texas not being on the national grid is so that the pieces of the grid don't have to spend money and be useful when things go to shit.
Nice neighborhoods were powered down. Poor neighborhoods were powered down. Maybe some had essential infrastructure. Maybe they didn't. There's a possibility that poor or minority majority neighborhoods were unfairly targeted. The inverse is also possible.
The bottom line is, you and I both have NO idea who was affected, how, or how that decision was made. So stop trying to pretend racism or inequality can't exist. There literally is a grand mystery here because the companies responsible won't inform anyone.
And yes, I fully accept that while it can exist that doesn't mean that it does exist in this situation but you have to also accept that with incomplete data you can't prove it doesn't.
this is a brilliant bit of knowledge that I had somehow slightly understood and had never seen verbalized anywhere previously. as a bonus, it is perfectly worded.
he is exactly right; to use an analogy: an immune system that is never attacked cannot defend against any attack, because only attacks can teach the immune system how to defend. it's the same (mostly) for computer security concerns.
If the ERCOT Grid was really concerned about cyber attacks they wouldn't be partnering with Bitcoin mining companies that have access to the grid, and have a special partnership with ERCOT.
https://www.prnewswire.com/news-releases/layer1-launches-bit...
If the same people are always forced to endure the burden of blackouts, and elites are not they will keep happening.
I’ll assume since the user pays for it, there’s no consideration for this cost of equipment that saves the utility money.
