Re: Oh, please ...

["Hauber, Wayne [ITSEC]" <wjhauber () iastate edu>]

I attended a lecture by Rebecca Herrold, the chair of a NIST committee. Her lecture was about this topic. She made a 
compelling case for some sort of national policy to cover the issue of privacy and the smart grid. She also argued that 
privacy is an ill-defined term and is especially ill-defined in terms of a smart grid.

There were many law enforcement officers in the audience. They asked very alert questions about trend lines in 
electricity use. Specific questions about grow lamps were discussed as well. It is clear that they were very interested 
in electricity usage patterns.

Here is more information than you want to read about the topic from NIST:

http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol2.pdf

The NIST committee did a great job with this paper.

Wayne Hauber (515) 294-9890
Iowa State University
Information Technology Services
IT Security and Policies
297 Durham Center, ISU, Ames, Iowa 50011
wjhauber () iastate edu

> -----Original Message-----
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
> On Behalf Of Valdis.Kletnieks () vt edu
> Sent: Sunday, October 23, 2011 2:15 PM
> To: rmslade () shaw ca
> Cc: funsec () linuxbox org; infosecbc () yahoogroups com
> Subject: Re: [funsec] Oh, please ...
>
> On Sat, 22 Oct 2011 15:44:29 PDT, "Rob, grandpa of Ryan, Trevor, Devon &
> Hannah" said:
>
> > How horrendous!  If someone can crack the encyption, figure out the
> > band being used, and figure out how to trigger the meter dump, they
> > can find out whether you've been using a lot of electricity!
>
> But that's not the actual problem.  Unless it reveals that I use *so* much
> electricity that I'm probably growing pot plants in the attic, a one-shot
> number doesn't reveal much. When it gets interesting is if I do it every hour
> or every 15 minutes. I can build up a nice plot of energy usage - and then use
> that to infer other things, like when you're running major appliances, when
> you go to sleep, when you wake up, when you leave the house, and when
> you return.
>
> Suddenly it becomes a lot more interesting data for the enterprising burglar
> or stalker.
>
> > (Surely it would be easier to read the dials on the existing meters
> > ...)
>
> Yes, but if I'm trying to figure out what hours you are and aren't at home so I
> can burgle you or otherwise do something nefarious, it's a heck of a lot safer
> to ask your electric meter every hour from a remote location than sneaking
> up to your house and looking at it every hour.
>
> Plus I can easily automate naving a PC do a network probe every hour, even
> when I'm asleep or cooking dinner or something.  Getting my PC to sneak up
> to the meter every hour and read the meter is a bit of a challenging robotics
> project.
>
> ;)


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.