Please decide how to spell meter / metre and stick with it throughout, one is a measuring device the other is a unit of measure. They are not interchangeable...
Smart meters are "dangerously insecure," according to researcher Netanel Rubin – who claimed the gear uses weak encryption, relies on easily pwned protocols, and can be programmed to explode. The software vulnerability hunter derided global efforts to roll out the meters as reckless, saying the "dangerous" devices are a risk …
It's particularly bad that it's wrong in the headline (and still is at the moment of writing). Do subeditors scan only the body and ignore the headline despite it being in massive font?
Be glad I'm not the subeditor. I'd do this deliberately and sprinkle some other mistakes in the article, just to wind up the grammar Nazis.
The guy needs to know what is really dangerous.
Explode is meah.
Turning it on/off in a large enough area all at the same time is a different story. Depending on level of grid optimization you are looking at between 5 and 15% capacity being flipped on/off at the same time for the grid to start falling apart. >15% is a pretty much guaranteed collapse.
It is getting more difficult to do that nowdays as a lot of the load does not come immediately up after you flip the switch - incandescent, old high power tvs with hard switches, etc are no longer around. Still doable though (and may become more doable as people switch from gas to heat-pump and HVAC).
Back in the day I lived in a desert environment entirely powered by Caterpiller generators.
All the accomodation blocks had through the wall aircon units (those hideous Westinhouse things) into each room.
One day one of the Gennies packed up because of a diesel fault and had to be repaired.
Once repaired, they had great difficulty restarting it as all those a/c units were still switched on and the startup load kept bringing it to its knees.
"all those a/c units were still switched on and the startup load kept bringing it to its knees."
1) That's what a no-volt disconnect is for. Various other names may apply. When the power fails, a relay drops out, disconnecting the load from power. When power is restored, manual intervention is required (e.g. a button must be pushed) to re-apply power to the load. Dead simple, dirt cheap, cost effective. You've just described why they're important sometimes.
2) Some datacentre dinosaurs may remember disk drives with significant power consumption (washing machine size, maybe, maybe 500W or maybe even 3KW per drive). The no-volt disconnect may not have been appropriate here, hence some of the designs came with a power sequencing connector (an "in" and an "out") to provide an automated equivalent.
You daisy chain the power sequencing connectors+cables and the drive electronics ensures that only one drive on the chain will ever demand startup current, all the rest are either disconnected or in steady running (relatively low power) state.
By "grid" you mean "tiny tiny section of the grid hanging off your local pole-mounted transformer", presumably, not "the national electrical supply grid". I'm no electrical engineer but I remember reading at the time of the great NE US outage in 2004 that the UK grid (and other developed countries' grids) are segmented to prevent cascading failures knocking down large chunks of the network simultaneously.
"the UK grid (and other developed countries' grids) are segmented to prevent cascading failures knocking down large chunks of the network simultaneously."
Depends on the circumstances and on the particular failure(s).
You might like to read about what happened in 2008 when Sizewell and Longannet both had unplanned significant outages within a few minutes of each other. I posted a link to (and an extract from) a BBC news article earlier in this thread.
By "grid" you mean "tiny tiny section of the grid hanging off your local pole-mounted transformer"
No, I think he does mean the NATIONAL grid - and yes it's quite feasible to cause some serious disruption to it.
... the UK grid (and other developed countries' grids) are segmented to prevent cascading failures knocking down large chunks of the network simultaneously.
Actually, the UK grid is a single network - the North American grid is segmented by a few DC links, partly for stability reasons (it's a lot harder controlling a single grid of that size than one the size of the UK), and partly because for some long distance lines it's more efficient (less losses) to use DC.
We did have a national outage in the UK back in the 40s IIRC (or could have been later than that, can't find any references online). I recall my late father telling me about it, and how they found that there was a flaw in just about every power station design - an assumption that they would always have grid power during startup !
Each power station was designed on the assumption of there being grid power available for running all the machinery etc needed to run the power station. When the whole grid went dark, they found a catch 22 situation of not having the power to start up the power stations to generate power. I assume there was some carefully managed switching done to get some bits of the grid live and so allow the main stations to be started up. After that, they had a program of retrofitting gas turbine generators at most power stations to give them a black start capability - and they also came in useful for fast reacting peak lopping (ie coping with the peak when people go and switch the kettles on during the ad breaks on telly.) But I digress ...
As an AC has mentioned, we've had relatively recent experience with loss of significant generating capacity - have a read of this report.
The flip side is, what happens if someone can hack the control system and cause a massive disconnection of loads - perhaps at a peak time like the 6-7pm teatime slot on a cold winters evening, or thinking a bit more, it might be more effective if you can do it when they are already at a point of having to dial back the big plant at times of low demand. There's scope for some modelling there methinks ...
Answer, if you can drop a few GW off the grid, both voltage and frequency are going to go up VERY fast. That's probably going to cause some generating capacity to trip automatically* - that alone is going to cause some chaos. Then, when some of the big generators have tripped - turn all the loads back on. You've not got something similar to the 2008 incident above - but with some generating capacity tripped out and probably taking some time to get back into operational state. Rince and repeat a few times, I think you'll find it has "quite an impact" on the National Grid - and yes, I do think there is potential for significant blackouts (though probably not a complete national one.
* Hint - what do you think happens in a nuclear power station if it's running at full load, and it's generators trip out on over-voltage/frequency ? Well that's one hell of a kettle, and there's going to be an emergency shutdown on the nuclear side - there's no safety risk as there should still be power for all the safety and cooling systems to continue working as normal while it cools down. I strongly suspect that if the grid calls up 10 minutes later and asks for full output, they won't get an "OK, be on in the next few seconds" answer. They can probably get a significant output going quite quickly - but it takes time to ramp up the thermal output of the reactor so full power will take a while.
Similarly, in a coal plant, they'll shut down the coal feed immediately - putting the fires out. I don't know if they have any minimum time before they can attempt a relight - anyone have any inside knowledge on that ?
Fast (very fast if required) response frequency control? Dinorwig.
Short term operating reserve (a few hours at a GW and a bit)? Dinorwig.
Grid-scale black start? Dinorwig.
"the North American grid is segmented "
In addition to the two valid reasons you mention, there's another one in North America not applicable in geographically smaller grids - the inevitability of another "Carrington event" one day, where larger than usual solar activity causes circulating low frequency (DC?) currents to be induced into large loops (perhaps unintended ones) in the grid. The larger the area of the loop, the larger the circulating current, and the greater the risk of severe effects as protection breakers trip etc. Segmenting the grid (via AC/HVDC/AC interconnects) is one tactic to reduce the risk and the impact.
Here's a non-technical starting point:
On the evening of Monday, March 12 1989, the vast cloud of solar plasma (a gas of electrically charged particles) finally struck Earth's magnetic field. The violence of this 'geomagnetic storm' caused spectacular 'northern lights' that could be seen as far south as Florida and Cuba. The magnetic disturbance was incredibly intense. It actually created electrical currents in the ground beneath much of North America. Just after 2:44 a.m. on March 13, the currents found a weakness in the electrical power grid of Quebec. In less than 2 minutes, the entire Quebec power grid lost power. During the 12-hour blackout that followed, millions of people suddenly found themselves in dark office buildings and underground pedestrian tunnels, and in stalled elevators. Most people woke up to cold homes for breakfast. The blackout also closed schools and businesses, kept the Montreal Metro shut during the morning rush hour, and closed Dorval Airport.
The Quebec Blackout was by no means a local event. Some of the U.S. electrical utilities had their own cliffhanger problems to deal with. New York Power lost 150 megawatts the moment the Quebec power grid went down. The New England Power Pool lost 1,410 megawatts at about the same time. Service to 96 electrical utilities in New England was interrupted while other reserves of electrical power were brought online. Luckily, the U.S. had the power to spare at the time…but just barely. Across the United States from coast to coast, over 200 power grid problems erupted within minutes of the start of the March 13 storm. Fortunately none of these caused a blackout.
I think in the context here - namely a sudden oversupply, the purpose of Dinorwig is slightly different to it's conventional usage, namely in replenishing it's top reservoir it is a massive energy sink. The only downside I can see is that I doubt Dinorwig can sink a power oversupply at the same rate as it can generate power...
My understanding is that in normal circumstances Dinorweg sinks 1.0 power stations worth of power by pumping continuously. If one power station is lost from the grid Dinorweg stops pumping, leaving the total generation capacity of the Grid the same. If a second station is lost Dinorweg starts generating while they get around to running up another.
Of course if more than two were lost simultaneously ....
"We did have a national outage in the UK back in the 40s IIRC (or could have been later than that, can't find any references online)."
Circa 2010(ish), something (a bridge?) in Germany caused a cascade effect that took out a huge chunk of Western Europe. We went out (Brittany) for several hours.
So, yeah, I think screwing with the grid in calculated ways could have a tremendous effect. Remember - if they're into the meter with that degree of control, it's probably trivial to read out how much load is actually present (so can turn on and off the greatest loads for the greatest impact). Remember also, night time is when cheaper rate appliances kick in and people are going to be less likely to notice a washing machine being repeatly power cycled until it (or the meter) fails in unpleasant ways.
"So, yeah, I think screwing with the grid in calculated ways could have a tremendous effect..."
Is there any particular reason screwing with (already networked) substations wouldn't achieve the same effect? If you've so comprehensively compromised a nation's utility networks surely it's going to be just as achievable.
"Is there any particular reason screwing with (already networked) substations wouldn't achieve the same effect?"
For that matter, it might be easier, more certain, and cause more lasting damage to dynamite a few power pylons. There are lots of potential targets that are in rural areas where activity would be unlikely to be noticed. The Northeast US blackout in 2003 was initiated by a few high voltage lines sagging into untrimmed trees on a hot day, so this is clearly a point of vulnerability. Or shoot holes in the oil tanks of a few big substation transformers. There's lots of room for far less exotic disruption on a system that widely distributed.
I think most fuel-fired boilers, including coal, require a lengthy purge with forced air before they can be relit. The danger here is if the shutdown wasn't totally "clean" there may be an explosive fuel/air mixture hanging around in the firebox. I gather the risk of firebox explosion if ignition isn't even and immediate makes lighting large coal boilers kind of hair raising, not something you want to attempt every day.
On the whole I think the rapid connection/disconnection scheme might successfully produce an outage, although maybe only on part of the grid, depending on how alert operators were. (It's said the Northeast US Blackout of 2003 could have been stopped if grid operators had cut off part of Cleveland in the first hour or so of the failure cascade: https://en.wikipedia.org/wiki/Northeast_blackout_of_2003)
Is there any particular reason screwing with (already networked) substations wouldn't achieve the same effect?
Better in fact, you can switch more load at once.
But, which are you most likely to compromise ?
On the one hand, a network with a small number of nodes, under active monitoring, where if you do manage to compromise the network, it is relatively easy for the operator to upgrade.
On the other hand, a network with around 50 million nodes (if the idiots get their way), where obtaining a sample meter is trivially easy without raising any suspicion, and which is connected via a public network.
I gather the risk of firebox explosion if ignition isn't even and immediate makes lighting large coal boilers kind of hair raising ...
Ha ha, that reminds me of an amusing tale. Many years ago when I was an apprentice in a local outfit, we still had a small coal fired power station just up the road. It was common for each years group of instrument tech apprentices to be taken there to get a look at instrumentation and control on real plant. Now, the fireboxes of said plants have big flaps which will flap open (and let the pressue out safely) should such an ignition problem happen, and the apprentices were walking across a gantry not far from them when they were doing a light up ... at which point I suspect most of you are ahead of me already.
I think it's not hard to imagine just how much black dust there is in and around a coal fired plant, especially when you are grinding it up and blowing it into a fluidised bed. Apparently that group of apprentices arrived back at the training centre wearing nothing but CEGB boiler suits having been sent to the showers to clean up.
Well gosh, who could have guessed that ? I'm certain that ab-so-lutely nobody had the slightest inkling of a notion that these newfangled government-imposed thingamabobs hadn't been entirely reviewed with the utmost stringent security measures in mind.
After all, it's a government project, not a third-party, private company, snouts-in-the-trough revenue exercise. Government is responsible. Government knows about vulnerabilities. Government has years of experience with all its IT projects.
Oh, wait . . .
(Yeah, I know it's EU-mandated. It's still the UK Government imposing it, and you can bet that Brexit won't stop that project)
> If your electricity meter is outside your house, your electrictiy co is doing it very very wrong.
I don't know where you live, but every single property I have lived/rented/been in, had the electricity meter outside the property.
The only place where I didn't see this was an old victorian house. There the wiring entered in the cellar, and the electricity meter was in there, with wiring going off everywhere else.
I think most post victorian built buildings have the meter outside, so the electricity man can check/repair/alter the meter without needing entry into the house.
Bonus: You don't have to be in for the electricity engineer to come work on the meter or read off the values.
Downside: You can't stop them working on the meter by denying them entry to your home. In theory if the government decide in future, they can replace your meter with a smart one with nothing more than a notification. If it is in the house, they would need your permission to enter to do the install, and you could refuse.
"If [the meter] is in the house, they would need your permission to enter to do the install, and you could refuse."
Are you sure? Got a reference?
The former UK monopoly utilities used to have a statutory right of entry for times when they needed to get access to their assets (eg the meter) without the occupant's/owner's permission. Sometimes they'd need a warrant, which would usually be readily available under the Rights of Entry (Gas and Electricity Boards) Act 1954 (as amended) (“the 1954 Act”).
Their private monopoly (distribution co.) and private cartel (retail co.) successors may well have inherited those statutory rights - I'd be surprised if they didn't, but sometimes I'm surprised.
If they've got that power, then the general meter reading guys don't seem to use it. I turned down entry to them many times in my old house, because they'd knock on the door, and ask to read it. I said I'd let them if they could tell me who I was. Every time they gave the name of the previous occupant, who left several years before. They always seemed happy enough though after being politely told to go away.
The meter readers will happily not give a damn, because they're just subbed-out guys so have to check 300 houses a day or more.
The PDV, or PreDisconnection Visit, as we call them (one company has now renamed to something "less aggressive" but hey, it is what it is) will also happily leave if you are an arse, but generally get it resolved face to face.
The Warrants team however, are coming in, locked door, dog, whatever. Maybe not the first time, maybe with police, maybe with, in a couple of cases over many thousands I've done, a disc cutter and sledgehammer, TASER team and 10+ police.
So your mileage may vary.
"Bonus: You don't have to be in for the electricity engineer to come work on the meter or read off the values."
I don't know about the UK, but here in France they are rolling out a smart meter called Linky. It goes inside the house in place of the spinning-disc meter. The thing it, it communicates directly with ErDF. I'm not sure if it is by some sort of transmission piggybacked on the old pager network, or if it blasts data into the electric wiring like CPL on acid. Either way, IT talks to the provider. Nobody has to come and read anything.
"The only place where I didn't see this was an old victorian house. There the wiring entered in the cellar, and the electricity meter was in there, with wiring going off everywhere else."
It doesn't need to be quite that old for the meter to be in a cupboard under the stairs. My parents moved into a "modern" estate in the very early 60's and that's where the leccy meter was. IIRC the houses were about 5 years old when we moved in. I don't remember much of moving day, what with being 6 months old at the time!
I think most post victorian built buildings have the meter outside, so the electricity man can check/repair/alter the meter without needing entry into the house.
Not my experience. Every house I've owned or lived in was built during the 60s or later. They've all had internal electricity meters (usually under the stairs). My current 1985 property has the meter(*) in the garage, two metres up the wall. Perfectly positioned to give you a crick in the neck while you try and decipher the quaint dials. In the sixteen years I've lived there I think it's only been 'officially' read twice and one of those was a specially arranged Saturday reading so I'm getting quite good at reading it myself. Apart from the neck ache :(
But all the properties I've lived in have had a gas meter outside along with the shut-off valve.
(*)and a fuse wire distribution panel. If someone wants to upgrade something then upgrading that to RCD would be more useful than a smart meter.
Interesting differences between countries here.
I live in the US and I've never seen an electric meter inside the house. They're always outside, underneath where the utility drop is anchored to the roof. My current house has the circuit breaker panel out there, too.
Gas meters are also always outside, along with their attendant pressure regulator. Water meters can be inside, outside, or down in a hole by the curb depending on the climate and local practice.
The normal way of cutting power to a house in the US -- either in an emergency or due to non-payment -- is to remove the electric meter from its socket and install a glass cover plate. Besides utility workers, fire fighters are sometimes trained to do this so they can cut power to a burning house.
Given that last year I have seen an application talking to a smart meter via XML-SOAP over HTTP it would be difficult to surprise me. Yes, this is not a typo, HTTP, not HTTPS. One is left to wonder whether anyone considers wiretapping in a residential inherently difficult.
I've just moved in to a house, two weeks ago, and to my dismay found the owners had smart meters in; I guess they were a sucker for gimmicks.
However that aside, I can't think of anything that could connect to the meter inside the house. I mean surely we'd have to be stupid enough to then purchase enabled fridges and the like and for what purpose would anyone want that?
You are under NO legal requirement to have one of these white elephants against your will.
And the electricity co is under no legal requirement to take instructions from you about what equipment to deploy or offer you options. You get what you're given.
the whole story appears to be bullshit
These things do seem to be monumentally insecure, so breaking into the meter is probably quite easy. But why the original researcher seems to think that means unfettered access to everything the meter does eludes me, as does why even that access might meant you could make it explode...
He seems to have demonstrated some crap security, and then turned the hype meter up to 11 in a desperate attempt to get people to take this seriously - thereby doing the exact opposite.
Biting the hand that feeds IT © 1998–2019