Infrastructure Security: Securing the Grid of the Future

Jul 13, 2020
This content is adapted from its original appearance on IT Security Pro's blog.
 

When it comes to how we live our lives in the Twenty-first Century, nothing may have an impact on our daily lives more than the ability to have access to electricity to run our homes, and our businesses. This ability to have access to reliable and consistent power is especially true to those of us who depend on it for powering machinery or healthcare devices.

Technical Upgrades

Evolving technical developments continue to affect the management of this vital resource. Software applications and hardware have been developed in order to provide better management of these services to the end consumer---whether it is the integration of renewable energy into the grid, or rerouting resources during an outage. Other applications include AMI (advanced meter infrastructure), which informs a utility about the timing and amount of electricity or gas consumption. Nexant has used this interval data to help utilities with grid and portfolio planning and identify unregistered solar use.

These meters are also necessary for utilities who are investigating or implementing Time of Use (TOU) billing, in which customers are charged different rates at different times, more accurately reflecting the costs of providing electricity during periods of high usage. Meter data also informs Home Energy Reports, which typically show residents how their usage compared to neighbors and can help utilities target customers with tools and tips to better manage energy costs. Nexant uses Advanced Analytics algorithms and machine learning to identify customers most likely to participate in energy programs and achieve energy savings, among many other applications.1 While these technological advances continue to help improve our lives, they come with some inherent security risks as well. 

Hardware Vulnerabilities

"Smart" meters can provide the energy company with real time information about their distribution network, including the amount of power you use or any interruptions to service. This means that these devices are not just connected to the power lines running to a business or a residence, but also to a computer network. It’s this network that collects the data and routes it to the utility or service provider. It is also where security vulnerabilities may exist. ​The meters have firmware that is installed by the manufacturer which interfaces with the service provider’s network. This firmware provides for the functionality of the device and enables software to interface with it for the end consumer to manage their usage over time. 

Grid Threats

The growing number of connections to computer networks and the Internet offer enhanced functionality, but also greater vulnerability to cyber-attacks. Whether it is disrupting service, or causing a mass outage, hackers are exploring ways to impact consumers in a way like never before. Additionally, the data that is collected by those smart meters may allow hackers to infer private information about the connected household, like:

  • When the family is home
  • Number of people in the home
  • Equipment that is dependent on electricity (electric vehicle, pool)

This information can be obtained by the metadata that is collected as part of the grid management and "smart" meter system and the specific details can be inferred by analyzing the data and correlating it to known behaviors of the occupants or equipment.

 

Securing the Data

One of the things that electricity providers can do is to secure the data that they collect from the smart meters. Here are some ideas about how to secure this data:

  1. Encrypt all communications over a network between the consumer’s smart meter and the service provider. This will allow the data to be transmitted securely and prevent the data from being intercepted.
  2. Store only minimally required data necessary to manage the network or the delivery of services.
  3. Disassociate the data in the databases that are kept by the service provider from user/household specific information
  4. Separate networks that store customer data from those used by the service provider in order to segregate the data from the Internet.
  5. Encrypt the physical systems that the data resides when at rest.

Whether the service provider is using the smart meters to manage the distribution of the electricity to its consumers or just monitoring the delivery of those resources, it is still collecting data about its consumers. Companies can and should protect that data in order to protect the end consumer's privacy and electricity reliability. Nexant takes data security very seriously and complies with all recommendations and requirements from our clients and security experts.

Promise of the Future

The benefits of "smart" meter and grid technology are considerable. Advanced analysis of this data provides insight into how energy is being used and when the need for more resources should come online. Demand Response devices (e.g., thermostats that can set back the cooling temperature during a heatwave) can help reduce the need to build more infrastructure and reduce consumer costs, by giving utilities the option to lower demand to meet the available supply. Additionally, rerouting of the grid to provide services during an outage may be one of the biggest benefits that these technologies enable. Also, the ability to integrate green-energy initiatives into the grid will help to provide redundancies where there were none before. This allows for additional capacity without having to create more power generation facilities.

​Summary

The use of smart meter and grid technology is an ever growing field within the electrical delivery industry. Whether it is used to monitor usage or how the electricity is delivered, the smart meters are collecting data that can be used maliciously if it is compromised. By taking some of the steps mentioned above, utilities and their service providers can ensure that the customer's unique usage data is protected.

 

 

1Advanced analytics of customer AMI data allows for targeting informed by load shape cluster, end-use disaggregation, weather sensitivity, billing analysis, and more.