Monday, June 08, 2015

Email Proof of Criminal Conspiracy at the Arizona Corporation Commission Information & Perspective by Warren Woodward

Email Proof of Criminal Conspiracy at the Arizona Corporation CommissionInformation & Perspective by Warren Woodward

Sedona, Arizona ~ June 7, 2015

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated ….” ~ 4th Amendment, U.S. Constitution

           As part of my recent complaint to the Arizona Ombudsman that the Arizona Corporation Commission (ACC) is in violation of Public Records Law, I had to revisit the 2,899 pages of emails and documents that I received from the ACC last January as a result of my Public Records Request.

           Going through the emails, I came across one I had noticed before but had not realized its true significance at the time. Perhaps I was scanning and not really reading.

           Reading the email again I was both shocked and angered to find that certain individuals at the ACC knew full well, and as early as August of 2013, that “smart” meters are surveillance devices.

           These individuals knew “smart” meters invaded the privacy of ratepayers, and they knew it – not from anything the public had sent them – but from Elster itself, the company that manufactures the “smart” meters that APS and some other Arizona utilities use.

           That these individuals, these regulators, kept silent and did nothing to stop invasion of privacy is nothing short of a criminal conspiracy.

           That these individuals, these regulators, kept silent and did nothing to stop APS and other utilities from lying and misleading the public about the surveillance capability of their “smart” meters is nothing short of a criminal conspiracy also.

           Those of us who have complained about “smart” meter surveillance have been called “the Black Helicopter Crowd” by a previous ACC commissioner. We have been called “Kooks.” Our complaints that “smart” meters are an invasion of privacy have been ignored by the ACC and we have been made to feel as though we are “conspiracy theorists” when in actual fact the real conspiracy has been a criminal one of silence, dereliction of duty and willful negligence at the lawless ACC.

           On August 15, 2013, Laurie Woodall, a lawyer who is the “Policy Advisor” for ACC commissioner Susan Smith, sent an article (reproduced in full below) to ACC Utilities Division Director Steven Olea, ACC Utilities Division Assistant Director (and lawyer) John LeSueur, and ACC Utilities Division Engineers Del Smith, Ed Stoneburg, Margaret Little, and Ray Williamson.

           The article appeared at Energy Central, an online electric power industry information clearing house, and was written by Michael John. John's bio is posted at the Energy Central website and I have reproduced it below in full to show that he holds an important position at Elster. His words should not be taken lightly.

Michael John is Solution Manager at Elster. He is committed to ensuring Elster’s Smart Grid and Smart Metering applications are secure by design and fully compliant with the latest EU standards for security and privacy. He has played a key role in developing Privacy Enhancing Technologies (PETs) for Smart Grids at Elster.

In addition to his role at Elster he is also actively involved in the European Commission’s Smart Grids Task Force Expert Group 2, which focuses on the regulatory recommendations for privacy, data protection and cyber security in the Smart Grid environment. He is also involved in ESMIG’s Security and Privacy Group. Michael is furthermore engaged in several related groups at member state level in Europe.

Michael John has a strong telecommunications and information security background. Prior to joining Elster in 2010, he was a Network Engineer at Nortel. He also holds an MSc in Computer Science.

            Woodall copied and pasted the Michael John article into her email and sent it to the other ACC conspirators along with the article's URL. Woodall wrote nothing of her own in her email but she did highlight various parts of the article. Among the highlighted bits:

Other potential security threats include tampering with meter data in order to manipulate the outcome of billing, or the leakage of personal information and utility-related data that could provide attackers with insight into a householder's behavior. Known as a `consumption signature', this type of information can be used to work out the times of day the householder is absent from a property, as well as the types of electronic appliances they own.

            Contrast that highlighted bit with the following from APS's “Myth vs Fact” sheet, which is a compilation of APS “smart” meter lies and propaganda that APS has posted at its website and has sent to customers since at least 2011 when I got my copy:

Myth: APS will use automated meters to monitor the
actions of its customers.

Fact: Automated meters do not have this capability. Like
the old mechanical meters, automated meters measure
how much energy customers use, not how they use energy.
The automated meter does not store or transmit any
personal identification information. The automated meters
give APS no indication of who our customers are, what
they are doing, nor can they determine what appliances
customers are using.

            Not only is APS lying about not being able to determine appliance usage, APS is lying about this as well: “The automated meter does not store or transmit any personal identification information.” Here's a sentence from the Michael John article Woodall did not highlight but it is worth calling attention to now since it proves APS is also lying about “smart” meter storage of personal information, and that the ACC conspirators knew it.

“Finally, at end-of-life, the smart meter must be decommissioned to ensure remaining sensitive data such as security credentials and personal information is disposed of securely.”

            In conclusion, I could not be more furious that the ACC has played dumb all these years when in fact the ACC knew all along that “smart” meters are a very real invasion of privacy. The current corruption scandal investigation of the ACC by the Arizona Attorney General's office needs to be broadened considerably. Some people at the ACC belong in jail.

            Here is the full article Woodall emailed, highlighted exactly as it appeared in Woodall's email. In her email, two sentences were also put in bold and underlined in addition to being highlighted.

Securing the smart meter supply chain

Posted on July 30, 2013
Posted By: Michael John
Topic: Metering

Security issues have attracted more attention as smart meter rollouts have progressed. Consumers have expressed concerns about the privacy of their data, which has led to delays in smart metering programs in the US and the Netherlands. As this was not an area of focus before and therefore without specifications, there have in Europe been instances of smart metering implementations where the necessary features have not been enabled or older forms of encryption are used.

The industry is currently working closely with governments and consumer groups to address the issue of security. Technical specifications continue to evolve, while new or revised security and data privacy mandates may still be introduced. The European Commission's Smart Grids Task Force now requires that security and privacy be addressed even at the pilot stage of a smart metering program. There are also more governments taking the lead on smart metering programs, which often means more involvement from the regulator or national ministry.

This is why information security has to be a core part of smart metering rollouts from the start. Utilities can avoid scenarios where infrastructure must be upgraded or replaced to meet new requirements if end-to-end security is embedded within system design. With several utilities in Europe nearing an installed base of a million smart meters or more, it is important they recognize that security is not just about enabling the technical features on the smart meter, but ensuring the underlying processes are managed in a secure and trusted way across the supply chain.

Smart metering lifecycle

The lifecycle of the smart meter begins at the design and engineering phase. It is then manufactured and delivered to the party responsible for installing it at the premises of the consumer, at which point, it moves into the operational phase and becomes part of the smart metering network. Finally, at end-of-life, the smart meter must be decommissioned to ensure remaining sensitive data such as security credentials and personal information is disposed of securely.

At each phase of the smart meter lifecycle, an unauthorized third party might attempt to gain access to sensitive data and use it to launch a malicious attack on either a consumer or an organization. For example, if architecture design is not robust, an attacker could potentially manipulate the smart meter, data concentrator, or gateways in order to disconnect the supply of electricity. A large scale disconnect across multiple households would not only cause inconvenience to the residents in those locations, but may also lead to issues with the grid itself - such as a power outage.

Other potential security threats include tampering with meter data in order to manipulate the outcome of billing, or the leakage of personal information and utility-related data that could provide attackers with insight into a householder's behavior. Known as a `consumption signature', this type of information can be used to work out the times of day the householder is absent from a property, as well as the types of electronic appliances they own.
The attacker would need to be highly sophisticated and have significant resources at their disposal. However, given that data concentrators might not be located within secure premises, there is the potential for unauthorized parties to gain access to the sensitive data they hold by physically breaking into them.

Security by design

From the outset, the smart meter engineering process must be suitably robust. If a meter crashes (or is made to crash), attackers could potentially exploit this possibility either by injecting code or executing existing code that would allow them to manipulate the meter. Likewise, the engineering of firmware - i.e. software closely tied to the hardware components of the device - must be robust. Here, functional testing is necessary to ensure it is resistant to malware disguised as standardized communications protocols.

Secure firmware engineering will be essential for meter manufacturers moving forward. As recent history has shown, attackers are more likely to target the means of production, and there have been several cases of USB sticks shipping direct from offshore factories that contained malware. As such, even if a product is certified as being functionally compliant to the relevant standards, it doesn't necessarily mean it is secure, or indeed that there is authentic firmware on it.

This is why a `security and data protection by design' approach is recommended whereby data protection and security features are built into smart metering systems before they are rolled out. In the world of IT, robust security design is based on end-to-end communications where the receiver can prove the identity of the sender and knows that the message has not been tampered with in transit.

Building a Trust Provisioning model

Manufacturers for example, are trusted for engineering and producing secure and reliable products. To assure all stakeholders (utilities, meter network operators, consumers) that engineering and production processes of manufacturers are secure, manufacturers can express conformity by obtaining a dedicated certification, for example ISO 27001, the international standard for information security management.

In Europe, Elster, who was recently awarded ISO 27001 certification, has created what is effectively a secured cell within its factory. As shown in Figure 1, the meter enters one end of the cell as an un-trusted and unsecured device and emerges at the other end fully sealed and provisioned with unique key material and its `trust anchors'. The smart meter is therefore supplied to the utility as a `trusted' device - i.e. loaded and pre-configured with the correct, authentic firmware and credentials. Elster has also developed a secure process for exchanging the provisioned information with its customers.

Figure 1: A secured cell for the factory environment
Source: Elster
A key benefit of the trust provisioning approach is that it is agnostic of market design and the smart metering infrastructure, given that every Member State chooses its own model of smart metering implementation and will be at a different stage of liberalization.

Once the meter is installed, ownership transfers to the utility or the party responsible for operating the meter. At this point, it is critical that the appropriate data security protocols and privacy protection are already enabled. Further down the line, the decommissioning is just as important, as there may still be security relevant data stored on the meter that, if obtained, could allow unauthorized parties to observe or decrypt previous communication or any personally identifiable information left on the meter.

Similarly, a secure process is required for re-provisioning devices. Utilities will need to ensure they have unique keys for all of their smart meters, and have a management process to update them, and to alter access controls should a smart meter be re-provisioned for a new tenant.

Roadmap and ramp-up plan

Although there are no standards designed to address the smart metering and smart grid supply chain specifically, there are existing standards that provide a baseline and others that are being enhanced to meet the requirements of smart metering and smart grid programs.

In the UK, the central data and communications company (DCC), the function established to manage the data that travels to and from gas and electricity smart meters in households over the wide area network (WAN), will rely on external assurance and certification. This will be achieved via the CESG - the UK Government's National Technical Authority for Information Assurance (IA).

CESG is developing Commercial Product Assurance (CPA-Foundation) security characteristics for smart metering equipment. Once approved by DECC and CESG, they will be published to enable equipment manufacturers to have their equipment tested against the characteristics.

Meanwhile, in Germany the Federal Office of Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI) has specified the smart meter protection profile (PP for the Gateway of a Smart Metering System). It is based on the international Common Criteria (CC) and secures the communication between the smart meter in each household and the smart grid, as well as addressing German privacy laws. In meeting these rigorous requirements and being focused around a `single device' however, there is the possibility for further delays to roll-out.

Certainly, it is clear that all stakeholders must have confidence in the standardization and specification process, that the markets be better educated about the tools and technologies available to them, and that government and industry agree a sufficient rather than minimum set of security design requirements. Otherwise, the commercial introduction of certified devices can prove challenging.

With a current understanding of threats, and a current understanding of the required architecture, it is possible to agree on a roadmap that gets rollouts underway and a ramp-up plan to assure manufacturers achieve volume. Utilities that have yet to commence commercial smart meter rollouts now have the opportunity to address security from the outset, specify options that are well aligned with the recommendations made by the EC and relevant industry bodies, and avoid the complexity and expense of implementing security in retrospect.

No comments:

Post a Comment