In the burgeoning age of the Internet of Things (IoT), the energy infrastructure has become increasingly complex. New players and private citizens are joining the ecosystem, deploying assets that tie into evolving grid infrastructures. As the smart energy ecosystem expands, so does the opportunity for cyber attacks and there has never been a more urgent need to secure Advanced Metering Infrastructure (AMI).
Unprotected smart meters, implemented for long periods exceeding 10 years, can easily be hacked to alter consumption data, to gain access to sensitive data, or even to cause physical damage to the global grid. The consequences of such attacks, such as the
Stuxnet attack, can be devastating: black outs across entire countries, access to nuclear plants and personal data breaches. For device makers, DSOs (Distribution System Operators ) and Utilities, the loss of customers, reputation and revenue can be difficult to recover.
Uninterrupted security is paramount to the success of smart energy systems.
Governments, led by Germany and the
BSI, in Europe, are launching initiatives that mandate specific protection protocols for smart grid deployments. In addition, other regulators as the
National Institute of Standards and Technology (NIST) recommends a policy whereby encryption keys and certificates stored in connected devices should be renewed every 5 years or sooner.
As smart meters have a lifecycle of 10 to 15 years, an advanced security mechanism to replace aging keys and to enable remote credential management is paramount. Strong encryption and authentication tools must be considered and implemented before meters are deployed. Without built-in security architecture that is reliable for the entire device lifetime, ecosystem partners are exposed to unnecessary and costly risk.
Ensuring end-to-end security for the smart grid
Leveraging decades of digital security expertise and the Gemalto Trusted Key Manager solution, Gemalto offers an advanced security solution, dedicated to the grid management and to utilities. The Gemalto metering security solution protects massive smart metering deployments and ensures integrity and reliability for the entire lifecycle of energy devices and the data they exchange.
The solution is comprised of cryptographic hardware products (Hardware Security Modules (HSM),
Secure Elements), which protect sensitive data in the smart grid. It also leverages leading-edge authentication and encryption technology with digital code signing certificates. This ensures metering data is received from a legitimate source while safeguarding against data tampering and fraud at all points.
The solution facilitates dynamic credential updates and authorizations, without costly service in the field.
Gemalto Trusted Key Manager - the smart grid security pillar:
Diversified Meter IDs
The Gemalto solution expertly manages key provisioning in energy assets, allowing meter manufacturers and utilities to focus on their core competencies. It securely provisions encrypted keys in smart meters at the time of manufacturing, which eliminates the need to send keys over the air and reduces the ecosystem´s cyber attack surface.
Before a device or application is allowed to send or access data, the Gemalto solution remotely authenticates and activates key credentials for authorized meters and applications that can prove their legitimacy. The process leverages standardized cryptographic algorithms and a highly reliable digital authentication handshake, between data sender and data receiver.
The Public Key Infrastructure (PKI)-based solution automates encryption and decryption mechanisms to ensure data confidentiality and integrity between smart meters, gateways and back-ends. Implemented at the core of edge devices, these mechanisms prevent data interception and tampering along the way, which would alter system validity or even endanger the grid.
Security Lifecycle Management
The smart energy ecosystem is dynamic with new players coming and going, with new cyber threats or regulations emerging. Gemalto provides continuous protection through remote device credential management enabling secure software updates and revocation/renewal of cryptographic keys when needed.