• Gemalto is now part of the Thales Group, find out more.

Securing the smart grid

The connectivity found in smart meters and smart grids offers enormous benefits but also brings new cybersecurity risks to the energy market​

First published on November 04, 2019
Energy smart meter

With the Internet of Things (IoT) bringing greater levels of connectivity, the  energy market is in transition as government policy, environmental commitments and new technologies combine to drive the deployment of smart meters and smart grids across  the globe. However, while this has the potential to transform how we consume energy, the transition needs to be managed in a safe and secure environment.

Empowering consumers with smart grids

According to GlobalData, global smart meter installations stood at 71 million in 2018. Able to collect remote data using IoT sensors across the home, smart meters are putting consumers in charge of their energy consumption. They can show in real time what is being spent on electricity (and gas) and which appliances are consuming the most energy, as well as allowing users to precisely program their heating or schedule the charging of their electric car battery around off-peak hours. 

Smart meters are the consumer face of a wider evolution in the way utilities companies and nation states are attempting to upgrade their energy grids. By using digital technology to track real-time energy usage, the grid can respond to fluctuations in local demand ever more precisely. The smart grid is also tied to the expansion in renewable energy – allowing utilities providers to prioritize renewable energy and switch between wind and solar, depending on how much energy each source is generating at that moment in time. In doing so, it allows for the production of low-carbon electricity, which is one of the goals of smart cities as they transition to smart energy.

How to protect the smart grid

With the spread of smart grids and greater connectivity, however, come new threats for the end user and their personal data. If a hacker breaks into a customer’s smart meter, for example, they could ascertain all sorts of valuable personal information. Hackers could also manipulate meter readings on a grand scale and turn all of them ofin a city – or even a country. 

All of this makes a structured approach to IoT security essential. Francis D'Souza, VP Strategy, Analytics & IoT, Thales, points to four areas that can make the smart grid more secure:

  1. Strong digital identities: All connected devices should have their own unique digital identity, which would be used to identify each device. If all devices contain their own unique identity, even if a device is hacked, only that device is compromised.
  2. Mutual authentication: This means that any two connected devices can only “speak” to one another after successfully answering a digital challenge that only those two devices know the answer to.
  3. Encryption: Data should always be encrypted when it is being passed between devices, as well as when it is not moving, in order to protect it from being tampered with.
  4. Constantly updating security: A secure smart grid should constantly evolve and update its security on a regular basis, with keys and digital mutual authentication challenges being updated every two to three years.

Smart grids and the role of regulation

Authorities are becoming increasingly conscious of the possible threats that weak cybersecurity in the smart grid may introduce. ESMIG (the European smart energy solution providers), which represents European metering companies, has defined a common set of security requirements for smart meters, based on the requirements found in EU member states. The meters produced by ESMIG members comply with these requirements. 

In December 2018, the EU agreed to the introduction of a new Cybersecurity Act, which will introduce standardization and certification for a wide range of internet-connected devices, including the smart grid. What’s more, the EU’s General Data Protection Regulation (GDPR) also introduces a range of requirements that affect smart meters and the kind of data they collect. 

Over in the US, California’s SB 327 Law, effective from January 2020, will require all connected devices to have a reasonable security feature. More widely, the North American Electric Reliability Corporation is responsible for the grid in the US and Canada and has introduced various rules for how utilities must protect the grid electronically. 

Smart meters and the smart grid can offer enormous benefits: cost savings; providing energy more efficiently; and meeting renewable energy targets. However, they also introduce risks that, in many cases, have not been fully prepared for. As D’Souza says: “Whenever you connect a device to the internet there are security tradeoffs. The important thing is to minimize those risks in order to maximize the potential benefits.”

TAGGED IN smart meters; smart grid; iot; smart cities; government; data security; cybersecurity