May-June 2010

Trust in the Smart Grid: A Model for Information Security in Smart Metering

As the global energy industry becomes increasingly conscious about consumption, smart metering has emerged as an innovative technology for reducing energy costs and overall carbon footprint for consumers and commercial organizations.

Deploying in-home smart meters opens up a wealth of possibilities to both energy suppliers and consumers. Depending on the features of the particular meter, customers can monitor and adjust their energy use dynamically, giving them greater flexibility and control over consumption. In the not-too-distant future, smart meters will enable consumers to submit accurate energy readings, adjust billing rates, and even change suppliers in a fraction of the time it takes today, perhaps even in real-time.

And while there is little debate about the current and future benefits of smart metering technology, it is important to recognize and address the inherent security risks and privacy implications that it brings. The ability for consumers to converse electronically with energy suppliers has a significant economic and operational impact on both parties that could be exploited for nefarious purposes.

Fortunately for engineers charged with developing smart metering networks, many of the same technologies, techniques, and best practices used for protecting other information technology (IT) systems can be adapted to this new challenge.

Aggregating Data Creates Risk
The most commonly discussed smart metering infrastructure calls for aggregating each household’s energy information before it gets communicated to the energy company. The smart meters in a block of homes send their data to a relay station—perhaps assigned to a neighborhood or sub-division—and then the data is sent on to the energy supplier.

This setup, which is similar to many existing distributed IT infrastructures, is much more efficient and cost-effective than trying to connect each individual meter to the energy supplier’s network. But aggregating personal information about consumers—including account information, energy use patterns, and billing data—involves certain risks and shakes consumer confidence.

Some of the inherent risks associated with aggregating consumer information at a central neighborhood relay are similar to established technology systems that utilize a similar architecture. It is therefore not unlikely that personal consumer information and billing data generated by and stored on smart meters will likely be subject to the same data protection compliance regulations and IT security standards as information handled elsewhere.

Along the same lines, the data being fed through the smart metering systems must only be accessible by authorized parties. For example, in Germany, the smart metering structure is such that information about consumers’ water, heat, electricity, and gas usage can all be fed through a single aggregate meter, even though different companies may be supplying each form of energy. While this helps maximize efficiency and reduce cost, it is critical that each piece of information is transmitted to the correct organization—especially as smart metering evolves to allow consumers to switch suppliers.

Smart metering also presents new risks, mainly associated with privacy. Consumers tend to be comfortable with sharing information if they are assured of exactly how it will be used (both now and in the future). However, they often become wary when it is unclear and if they perceive their privacy to be in jeopardy.

For example, smart metering precisely divulges energy consumption at a given time of day. If an adversary were able to hack into the meters or relay station, he would be able to monitor an entire neighborhood of households to determine whether or not anyone was at a particular home. It is reasonable to assume that if little or no electricity is being used during the day, the house is probably empty.

In addition, the mere existence of this new information presents any number of possibilities for future use. Similar to the way the authorities can subpoena telephone records to tell whether a certain call was made or if a phone was in a particular region at a given time, it could, in the future, also be possible to access power usage information for evidential purposes. While this is as much an ethical and legal debate as a technical one, it makes clear the potential value of this information and why it must be protected at all times.

Ensuring the Integrity and Accuracy of Billing Information
Beyond the security and privacy risks associated with aggregating consumers’ personal information, a critical issue posed by smart metering technologies that lack proper controls is the integrity and accuracy of billing information.

One of the most significant benefits of smart metering—and a concept that will essentially help pay for systems to be designed and implemented—is the elimination of estimated and human readings for energy bills. Smart metering allows for precise energy readings, which prevents consumers from overpaying, underpaying, or having to foot the bill for the energy suppliers retaining the meter-reading services. The downside to this, however, is that all parties must be sure that the readings are accurate and have not been tampered with.

Consumers need assurance that the information they are transmitting to the energy company is being faithfully transferred. At the same time, the supplier needs to ensure that all meter readings are being delivered and customers are not hacking into the system to mask their true consumption and reduce their bill. In addition,
advanced automated systems must contain reliable controls to make certain that the readings and other information being sent to energy suppliers are correct and irrefutable.

New Form Factor, Same Protection Schemes
The concept of implementing a process for reliably testing the veracity of information should be quite familiar for IT managers who have worked on information security and public key infrastructure (PKI) projects in the past.

A smart metering system is essentially a basic information network that happens to be deployed in a new area. Therefore, energy suppliers should draft their smart metering data protection strategies based on best practices and technologies used in current security-conscious data centers. It is unnecessary, arguably even risky, to invent new security solutions and constructs for this area, because new concepts always come with difficulties. Even discounting the likely possibility of design error, new technologies bring with them a learning curve, and not even experienced personnel can manage them effectively. While operators climb the learning curve, there is a significant opportunity for both technical and human error.

Conversely, adopting tried-and-true data protection schemes for smart metering purposes will not only enable robust information security in the short term, but it will also create a strong, flexible system that allows for seamless expansion. Scaling up established information-centric PKI architectures, for example, is a process with which engineers are quite familiar and can easily be replicated and applied to smart metering. On the other hand, highly specialized technologies built explicitly for today’s smart metering networks may prove too restrictive and be unable to adapt to future demands.

Finally, deploying reputable security solutions can have significant benefit to a utility company’s long-term bottom line. Adding proper controls from the outset represents a minimal percentage of the overall cost of deploying smart metering, and it is far less expensive than trying to retrofit security to poorly architected designs as new threats and regulations emerge. Integrating “cheaper,” highly specialized technologies to meet current requirements at a given moment in time will likely result in much higher long-term costs associated with upgrading systems to meet future requirements.

Conclusion
Without question, smart metering carries considerable benefits to both energy suppliers and consumers. Energy customers will have greater flexibility and control over their energy consumption. For suppliers, the cost of physical meter reading will be reduced and they will also significantly improve their account management operations.

However, these benefits are accompanied by risks, as billing accuracy and privacy must be assured, high-resolution usage data must be protected at all times, and all information must reach the correct supplier intact. Deploying a smart metering network involves standard security concerns such as spying, account fraud, and protecting customer information, but there are also possibilities for new issues such as the subpoena of usage information and attacks on the power supply itself.

But while smart metering introduces a new form factor for fraudulent activity, energy suppliers should avoid new, untested security technologies to tackle what are, essentially, longstanding data protection concerns. Instead, adapting tried-and-true technologies that satisfy existing IT security best practices and compliance regulations will help accelerate the adoption of smart metering as secure process for controlling energy consumption.