While the multiple benefits of \u201cadvanced\u201d meters that track energy consumption for utilities are well advertised, little is said about the down side of installing these gizmos. Wireless automation and transport of information from the customer\u2019s site to data banks frees up utility resources and is expected to curb energy use during times of peak demand. But, it also creates a potential pathway for cyberattacks that could wreak havoc on the system. Various versions of these so-called smart electric and gas meters are being installed by Pacific Gas & Electric, Southern California Edison, San Diego Gas & Electric, as well as the cities of Burbank, Anaheim, and a number of other public power agencies. This infrastructure is set to allow automated meter reading for billing, as well as remote control over connections and disconnections. The new meters also are supposed to provide two-way real time data on energy use and customer pricing. Ratepayers and utilities expect the devices to enable the remote control of appliances, including heaters and air conditioners, to lower demand when energy use is surging and supplies are short. The California Energy Commission, however, shot down rules on January 30 that would have allowed utilities to remotely control residential thermostats because of fears of \u201cBig Brother\u201d intrusions into privacy. Looking at the bright side, there really isn\u2019t a whole a lot to dislike about the advanced meter systems--not factoring in some of the programs multibillion dollar costs, that is. Yet, little attention is focused on the new technology\u2019s down side--not too different from the myopic approach to opening the energy market to competition during the heady days of deregulation. Advocates and regulators assumed competition would create a one way pricing street, that is, downhill. They failed to pay sufficient attention to the fact that prices can go up as well as down. The less than rosy side here is the added vulnerability this wireless communication channel brings. \u201cWhenever you make it easy for administrators to handle, you make it easier to hack into,\u201d warned David Hall, professor of cybersecurity at Montgomery College in Maryland. Cyberattacks from the outside or inside can result in intruders sending signals that disrupt operations, including ones to shut down power plants that disrupt voltage and the grid. Regulators and ratepayers should feel even more nervous given the \u201cblack box\u201d treatment of power system cyberattacks. So far, details of intrusions that have occurred are kept under wraps. Thus, as utilities develop new systems they may build weaknesses into a system that could be avoided with adequate information. For example, the European Union\u2019s transmission system was said to be hacked into a couple months back but specifics are difficult to track down. In 2003, a worm infected a private computer network at the Davis-Besse nuclear plant in Ohio. It disabled a safety monitoring system for five hours and \u201caffected communication on the control networks of at least five other utilities,\u201d according to the Cyber Security Industrial Alliance, based in Virginia. Some suspect that the huge Northeast Blackout in August 2003 was caused by a cyberattack. Last month, a rash of attacks on utility and other companies\u2019 power systems were alluded to during a conference of international security officials from the electric, gas, oil, and government sectors. \u201cWe do not know who executed these attacks or why, but all involved intrusion through the Internet,\u201d said Tom Donahue, a CIA cybersecurity analysis, according to a Washington Post report. This made me curious about possible break in attempts at the California Independent System Operator. \u201cNothing has successfully breached our production system,\u201d grid spokesperson Gregg Fishman told me. Knowing that a new meter was coming to the side of my home, I wanted to get a grasp on what is at stake so I started calling cybersecurity experts--both information technology (IT) and utility systems folks. First off, the utility sector is not unique. The vulnerabilities it faces are the same as those faced by the oil and gas, water, and sewage sectors--all of which use industrial wireless control systems. In addition, the stand-alone smart meters are probably the least of our worries at this point because they come with heavy encryption. Here\u2019s the catch, they say: The far bigger problem lay in the vulnerability caused by unprotected connections from the meter to the pole and substations. \u201cA lot of work has been done to protect pricing signals from meters to the connection point,\u201d said Joe Weiss, managing partner at Applied Control Technologies. However, he adds that there are all kinds of ways to get into the utility system, including commands to a power plant via the distribution system. Part of the issue is that the type of data sent, and speed at which it is transported, is very different from that of other internet-based activities, such as credit card transactions. \u201cEven new equipment is not very well protected,\u201d Weiss warns. According to the Cyber Security Industrial Alliance, \u201cMost utility companies are finding it difficult to deploy security measures such as anti-virus and firewalls because of the technical challenges with current systems in place.\u201d Some utility managers agree. \u201cThe vulnerabilities in our system make me sick,\u201d said Fred Fletcher, Burbank Water and Power\u2019s assistant general manager. Cyberattack concerns got the attention of the Federal Energy Regulatory Commission, which is not exactly a cutting edge high-tech regulatory agency. Last month, it passed a number of cybersecuirty measures to help protect the bulk power system. After the January 17 approval of the rules, which were developed by the North American Electricity Reliability Corporation, commissioner Phil Moeller noted the nation\u2019s transmission system \u201cwas a lattice of interconnections.\u201d However, these standards do not apply to distribution systems or meters. In addition, utilities, according to Weiss, never really thought about security and assumed it would be there. Protecting the system takes money and planning from the very beginning. \u201cAdding it in later is a fool\u2019s approach,\u201d Fletcher said. Thus, it is essential for the state regulators to step in and fill the void. The California Public Utilities should mandate cybersecurity protections for utility systems. Utilities also need to develop policies and procedures to thwart possible intrusions into their systems. Then again, any whiz can intrude into a system with enough time and resources. The goal is to make it as difficult as possible. It\u2019s kind of like being with a group of friends in the wilderness, when a bear approaches. You don\u2019t need to out run the bear, just your camping buddies. Or as Hall noted, \u201cThe security game is about decreasing vulnerability.\u201d Regulators must acknowledge the threat of cyberattacks and put in place meaningful measures to protect ratepayers and the system upon which we all depend. The CPUC should also realize that secrecy can both hinder the efficiency and viability of new meters. I don\u2019t worry about the system going on the fritz once in awhile. But, I do worry about getting a $1,500 bill because of cyberspace adulteration.