Security relies upon good programming and correct adherence to well-designed standards. If the standards are sloppy, then security has been compromised from the outset. Smart grids, which include the smart meters being rolled out to millions of homes and the upstream equipment used by electricity suppliers, are often secured by the Open Smart Grid Protocol (OSGP), developed by the Energy Service Network Association (ESNA). It’s estimated there are more than 4m devices using OSGP. If there’s one rule about cryptography it’s that it is difficult to prove there are no weaknesses. Newly developed ciphers and methods are subjected to thorough cryptanalysis and peer review – and it’s not advisable to try and re-invent the wheel and develop a new form of cryptographic method or cipher. And yet the ESNA did just that. Ever since OSGP was standardised in 2012 ESNA has been under fire for its decision, and now researchers have discovered just how bad that decision was.
Buchanan, W. J. (2015). When amateurs do the job of a professional, the result is smart grids secured by dumb crypto