Smart Grid Report: Meters Remain Insecure

Wednesday, August 4, 2010 @ 05:08 PM gHale


When it comes to power management in the future, it seems the talk is all about smart meters as deployment continues to pick up speed in nearly all regions of the world.
But the catch is, in the rush to get the meters out to industry, manufacturers seemed to not include cyber security into the mix.
Now, utilities, governments, systems integrators, device manufacturers, and nearly everyone else involved understand smart meters and their surrounding networks can become victims of an attack and cyber security measures are necessary to protect the meters and their environment.
That new investment in smart meter security will total $575 million worldwide during the period from 2010 to 2015, representing an average of about $3.00 per meter during that period, according to a new report from Pike Research.
“Smart meters are one of the weakest links in the smart grid security chain,” said industry analyst Bob Lockhart. “Home area networks, commercial building networks, and utility networks all perform well in terms of keeping data encrypted within their domains. However, these domains terminate at the smart meter, and the only way for data to pass from one network to the other is for the smart meter to decrypt the data from one side and re-encrypt it on the other. Consequently, the data are, for a short while, unencrypted on the meter and could be successfully eavesdropped.”
A solution to this security gap is unlikely to be in place before 2012, and in fact vendors in the industry show little interest in solving this problem, as long as they can protect data within their own domains, according to the research. Yet, solving this problem could present a significant business opportunity, Lockhart said.
The report, entitled “Smart Meter Security,” assesses the security risks to Smart Metering, using ISO27002:2005 as a baseline to identify topics for consideration. The study reviews Smart Metering against all 11 security clauses of ISO27002:2005 to identify six key security opportunities including event correlation improvements, security software on meters, identity management and authorization, network resiliency, meter worm prevention, and end-to-end data encryption.



Leave a Reply

You must be logged in to post a comment.