The first comment notes that the security risk is in the protective relays. Well, maybe. It also carries an implication that digital relays are in and of themselves a security risk. I intern at a major manufacturer of digital protective relays, so I know how these communicate. (None of this, as far as I'm aware, is trade secret.)
The purpose of a protective relay is to detect a line fault (lightning strikes, arc flash, the distribution line is knocked down). Upon detecting a line fault, the relay trips a circuit breaker to protect the rest of the grid from voltage irregularities. Relays are located along major distribution lines, and to find the substation these relays are located in, all you really have to do is find a major distribution line (easy enough from the air) and follow it until you reach a substation. There are maps of the major electrical distribution lines, and they're not difficult to find.
The "smart grid" depends upon digital relays, but the grid has been smarter than we've given it credit for because digital relays have been around for 25 years. The power industry is very conservative—electromechanical relays worked for decades—so digital relays were a hard sell in the first place. So certain features were added to them. The first was fault location—a microprocessor-based digital relay, even in 1984, could calculate the location of a fault and store that information upon detection. Digital relays were and remain significantly less expensive than electromechanical relays, so they were originally sold simply as fault locators. (Due to cost, power consumption, testability, and maintainability, digital relays have advantages over electromechanical relays anyway, but these advantages weren't enough to convince power companies 25 years ago. Even now, 60% of North American relays are electromechanical, and 90% of world relays are electromechanical.) Over time, more features were added. One feature, developed largely in response to the New York blackouts a few years ago, is synchrophasors. Synchophasors allow a control station to monitor the voltage angles on distribution lines and maintain better control over them. This is a very, very time-sensitive process, but it also requires relays, synchrophasor processors, and computers loaded with control software to be networked together over large geographical areas. I'm not an EE so I don't have a full appreciation of what this means, but it's important.
A typical protective relay from a top-of-the-line manufacturer accepts connections over an RS-232 serial connection, but it also supports TCP and telnet over an ethernet interface. Relays will often be connected to a single communications processor that will allow several relays at once to communicate over large areas. These comprocs, again, support RS-232 serial connections as well as networking.
If you can access a comproc, you can access any of the relays, clocks, or other devices connected to it. That means you can cause trips, alter settings, and do all sorts of nasty stuff. Which makes it vitally important that power companies do things like change the default passwords and secure their communication networks—something largely outside the manufacturer's control. It's possible (and encouraged) to implement it securely but in practice it's not always done.
I really appreciate the time you took to reply, and feel like I have a much improved understanding of the landscape.
And now: a short thought on default passwords!
It feels like default passwords should not mean "operate normally". When you have the default password set on a router, it ought to keep bugging you to change it before it works as expected.
It'd need to be an industry standard to avoid companies touting theirs as "easier" because it doesn't require setting a password.
Though this would make it harder to steal a neighbor's wi-fi while one waits for one's own installation after moving into a new apartment.
The purpose of a protective relay is to detect a line fault (lightning strikes, arc flash, the distribution line is knocked down). Upon detecting a line fault, the relay trips a circuit breaker to protect the rest of the grid from voltage irregularities. Relays are located along major distribution lines, and to find the substation these relays are located in, all you really have to do is find a major distribution line (easy enough from the air) and follow it until you reach a substation. There are maps of the major electrical distribution lines, and they're not difficult to find.
The "smart grid" depends upon digital relays, but the grid has been smarter than we've given it credit for because digital relays have been around for 25 years. The power industry is very conservative—electromechanical relays worked for decades—so digital relays were a hard sell in the first place. So certain features were added to them. The first was fault location—a microprocessor-based digital relay, even in 1984, could calculate the location of a fault and store that information upon detection. Digital relays were and remain significantly less expensive than electromechanical relays, so they were originally sold simply as fault locators. (Due to cost, power consumption, testability, and maintainability, digital relays have advantages over electromechanical relays anyway, but these advantages weren't enough to convince power companies 25 years ago. Even now, 60% of North American relays are electromechanical, and 90% of world relays are electromechanical.) Over time, more features were added. One feature, developed largely in response to the New York blackouts a few years ago, is synchrophasors. Synchophasors allow a control station to monitor the voltage angles on distribution lines and maintain better control over them. This is a very, very time-sensitive process, but it also requires relays, synchrophasor processors, and computers loaded with control software to be networked together over large geographical areas. I'm not an EE so I don't have a full appreciation of what this means, but it's important.
A typical protective relay from a top-of-the-line manufacturer accepts connections over an RS-232 serial connection, but it also supports TCP and telnet over an ethernet interface. Relays will often be connected to a single communications processor that will allow several relays at once to communicate over large areas. These comprocs, again, support RS-232 serial connections as well as networking.
If you can access a comproc, you can access any of the relays, clocks, or other devices connected to it. That means you can cause trips, alter settings, and do all sorts of nasty stuff. Which makes it vitally important that power companies do things like change the default passwords and secure their communication networks—something largely outside the manufacturer's control. It's possible (and encouraged) to implement it securely but in practice it's not always done.