More bad news on the security front for the Smart Grid: The Wall Street Journal reports that the electric utility industry is negotiating with a defense contractor to determine whether spies from China and elsewhere have already hacked into the U.S. power grid.
 
According to the Wall Street Journal:
The electric-utility industry is planning a pilot initiative to see whether Chinese spies have infiltrated computer networks running the power grid, according to people familiar with the effort.

Officials of the North American Electric Reliability Corp., an industry regulatory group, are negotiating with a defense contractor for the job of searching for breaches by cyberspies, according to people familiar with the plans.
The newspaper notes that the contract is just one part of a larger effort to improve the security of the power grid, particularly because the Smart Grid will essentially be powered by a giant computer network, and will be connected to the Internet and many private enterprises.

There's even more potential bad news for the Smart Grid as well. The Register reports that smart meters being introduced into millions of homes may contain security holes so large, they could allow hackers to shut down the Smart Grid. According to the Register:
The newfangled meters needed to make the smart grid work are built on buggy software that's easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse.
Davis said that he and others at IOActive have already created a worm that attacks one manufacturer's smart meter, and that propogates itself to attack others. He will demonstrate it at next month's Black Hat Security conference.

All this is scary stuff, but it's actually good news. Sniffing out the holes now and fixing them makes it more likely that when the Smart Grid is deployed, it'll be safe. Better find the vulnerabilities now, when it's on the drawing board, rather than when it's deployed and too late.

Photo CC-licensed by Flickr user Life @ f2.8.