Jon Geater, Thales Information Technology Security
Smart metering will affect how the world consumes energy. Consumers will be able to dynamically monitor and adjust their energy use to reduce costs and lower their carbon footprints.
Engineers charged with developing smart metering networks, however, must consider the inherent security risks and privacy implications that accompany this new technology. Consumers’ ability to converse electronically with energy suppliers carries a significant economic and operational impact that could be exploited.
Smart metering security challenges include the risks inherent to the aggregation of individual households’ energy information before it gets communicated to energy companies, a practice popular in many smart metering architectures. While such aggregation is sensible from many perspectives, it raises privacy and data cleanliness issues that have been seen recently in information systems and data centers. Those information systems are subject to increasing regulation and compliance mandates, and consumer information and billing data in smart metering networks likely will be held to the same standards.
Smart metering that lacks proper controls also presents concerns about billing integrity and accuracy. If smart metering eventually will eliminate energy bill estimates and human readings, consumers, utility companies and others involved must trust the information they receive.
Applying security to the smart metering network needn’t be overly complicated. New, customized security solutions will be designed specifically to take advantage of the smart metering boom, but many established information technology security technologies, techniques and best practices can adapt to secure this new infrastructure.
A smart metering system is an information network deployed in a new area; so, smart metering data protection strategies should be based on best practices and technologies used in current security-conscious data centers. It is unnecessary and potentially risky to implement new security solutions. Instead, information technology managers can rely on established protection schemes for smart metering because they enable robust information security and create a strong, flexible system that allows for seamless expansion—specialized technologies built for today’s smart metering networks might prove too restrictive and unable to adapt to future demands.
What’s more, deploying reputable security solutions benefit utility companies’ bottom lines. Adding proper controls from the outset represents a minimal percentage of the overall cost to deploy smart metering, and it is far less expensive than retrofitting security as new regulations emerge. Integrating just-fit, customized technologies to meet only the current requirements likely will result in much higher long-term costs as systems are upgraded to meet future requirements.
Smart metering has considerable benefits to energy suppliers and consumers, but, as with any new technology, potential risks must be addressed. Integrating proper data protection methods should not add significant cost, resources or layers of complication if engineers view this new form factor as they do other existing information technology systems. Energy suppliers and customers should avoid new, untested security technologies to tackle long-standing data protection concerns. Instead, adapting experienced vendors’ tried technologies will accelerate smart metering adoption.
Jon Geater is director of technical strategy at Thales Information Technology Security (http://iss.thalesgroup.com), a leading international encryption and key management solutions provider. Geater has more than 10 years of technical experience as a software architect and chief architect in the information security industry. As technical evangelist for the information technology security activities of Thales, Geater represents Thales at academic conferences and standards bodies, and is the co-founder the OASIS KMIP key management group.