funsec mailing list archives
Re: Oh, please ...
From: "Hauber, Wayne [ITSEC]" <wjhauber () iastate edu>
Date: Mon, 24 Oct 2011 12:16:39 -0500
I attended a lecture by Rebecca Herrold, the chair of a NIST committee. Her lecture was about this topic. She made a compelling case for some sort of national policy to cover the issue of privacy and the smart grid. She also argued that privacy is an ill-defined term and is especially ill-defined in terms of a smart grid. There were many law enforcement officers in the audience. They asked very alert questions about trend lines in electricity use. Specific questions about grow lamps were discussed as well. It is clear that they were very interested in electricity usage patterns. Here is more information than you want to read about the topic from NIST: http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol2.pdf The NIST committee did a great job with this paper. Wayne Hauber (515) 294-9890 Iowa State University Information Technology Services IT Security and Policies 297 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu
-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Valdis.Kletnieks () vt edu Sent: Sunday, October 23, 2011 2:15 PM To: rmslade () shaw ca Cc: funsec () linuxbox org; infosecbc () yahoogroups com Subject: Re: [funsec] Oh, please ... On Sat, 22 Oct 2011 15:44:29 PDT, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" said:How horrendous! If someone can crack the encyption, figure out the band being used, and figure out how to trigger the meter dump, they can find out whether you've been using a lot of electricity!But that's not the actual problem. Unless it reveals that I use *so* much electricity that I'm probably growing pot plants in the attic, a one-shot number doesn't reveal much. When it gets interesting is if I do it every hour or every 15 minutes. I can build up a nice plot of energy usage - and then use that to infer other things, like when you're running major appliances, when you go to sleep, when you wake up, when you leave the house, and when you return. Suddenly it becomes a lot more interesting data for the enterprising burglar or stalker.(Surely it would be easier to read the dials on the existing meters ...)Yes, but if I'm trying to figure out what hours you are and aren't at home so I can burgle you or otherwise do something nefarious, it's a heck of a lot safer to ask your electric meter every hour from a remote location than sneaking up to your house and looking at it every hour. Plus I can easily automate naving a PC do a network probe every hour, even when I'm asleep or cooking dinner or something. Getting my PC to sneak up to the meter every hour and read the meter is a bit of a challenging robotics project. ;)
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Oh, please ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 22)
- Re: Oh, please ... Jeffrey Walton (Oct 23)
- Re: Oh, please ... Joel Esler (Oct 23)
- Re: Oh, please ... Valdis . Kletnieks (Oct 23)
- Re: Oh, please ... Hauber, Wayne [ITSEC] (Oct 24)
- Re: Oh, please ... Jeffrey Walton (Oct 23)