Smart metering – a new security consideration for service providers

Last month saw the UK Department for Environment and Climate Change (DECC) outline its plans for the installation of smart meters across the UK, gearing up to ensure it is on course for the scheduled 2014 mass roll out.

Despite the obvious benefits that this implementation of smart metering will bring, such large-scale operations are bound to come with major security management challenges.

The prime issue is how to secure digital communications between smart metering systems and utility service providers. This will expose a new set of vulnerabilities which will need to be addressed from the start with robust and efficient security solutions.

A significant vulnerability is the amount of sensitive data that smart meter data traffic could potentially reveal about a household. For instance smart meters can store information on the number of electronic devices used, how many people live in the household and what their energy consumption habits are. This information can be useful to energy suppliers but also to hackers who could use this data to commit utility fraud, changing customer information and distorting billing amounts.

An additional even greater threat that could emerge is if the smart grid system were to be compromised, causing widespread service interruptions and a severe blow to a service providers’ reputation.

Clearly it is vital that the risk of any security breaches is mitigated if the industry is to build a reliable utility infrastructure and trust in how they collect and use such personal data.

In order to meet the challenge of securely managing hundreds of millions of connected devices and securing the data transmitted between them, organisations will need Public Key Infrastructure (PKI) solutions that combine comprehensive security with scalability and reliability. PKIs, simply put, use digital certificates that can be embedded within devices, giving them the authorisation needed to access different networks.

While PKI is an established technology, smart meter security is a new application and will need a set of PKIs that enable service providers to identify connected meters, verify that they are configured correctly and validate these meters for network access.

This security infrastructure should be resilient enough to support large-scale deployments, while ensuring comprehensive data encryption and a minimal impact on systems performance. Fortunately the latest PKI solutions are well-suited to extensive deployments as they provide both cost-effective and flexible solutions.

In building a PKI infrastructure for smart metering, it is critical that the industry looks to secure the security infrastructure itself and learn the lessons from recent data breaches of major digital services.  An essential consideration should be what strategies are in place to protect the digital keys and certificates themselves from attack.

One of the key pieces for protecting the certificate infrastructure is through the use of Hardware Security Modules (HSMs). Unlike software based security measures that leave the certificate system open to vulnerabilities, HSMs safeguard the keys in hardware, performing like a security vault by protecting the keys against unauthorised access, and preserving the integrity of a PKI system

HSMs are dedicated systems that physically and logically secure the cryptographic keys and cryptographic processing that are at the heart of digital signatures. They secure the servers so the generation of keys, the storing of the private key, and the signing of zones is performed on a server that is physically secure and whose access is restricted to essential personnel only. HSMs also allow the secure storage of a backup private key copy in a centralised, security-hardened device.

Furthermore to maintain this high level of security it is essential to make sure that the right people are in control of the key information. HSMs are not typically located in the same site as the highly trusted individuals whose responsibility it is to protect an organisation’s integrity. By enabling secure remote access to HSMs, security administrators can manage them from anywhere. This saves significant costs as trust holders do not have to be sent to multiple remote locations and single individuals are prevented from compromising the keys within the HSM.

In order to be prepared for this large-scale deployment, utility providers need to have considered the major security implications that will inevitably occur. Any movement, such as this, that involves the gathering of personal data needs to be securely protected against potential exploitation from hackers. Fortunately the solutions to protect against this are readily available, as well as being both effective and economical. Therefore there is no reason for smart metering, with its many benefits, to be overshadowed by potential security threats.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.