Oops. Who Forgot Smart Meter Security?
Smart electric meters are being deployed in increasing numbers around the world, but only now is the utility industry addressing the concern that the new meters may represent a weak link in the integrity of the electrical grid. Smart meters, which utilize two-way communications to improve energy management, automation and control on the grid, have often been rolled out to customers with little forethought about the potential security risks. This initial oversight is now being addressed with greater urgency within the industry, and a recent report from Pike Research forecasts that global investment in smart meter security will total $1.6 billion during the period from 2010 to 2015. This forecast represents an upgrade of Pike Research’s previous estimate of a $575 million during the same period, published in August 2010, based on new research about the urgency that utilities are placing on smart meter cyber security issues.
“It would be naïve to think that smart meters will not be successfully attacked. They will be,” cautions senior analyst Bob Lockhart. “In fact, smart meters represent a worst-case scenario in terms of security: the devices lack sufficient power to execute strong security software; they are placed in physically non-secure locations; and they are installed in volumes large enough that one or two may not be missed. Therefore, the only valid cyber security approach for smart metering is to assume from the outset that some devices will be successfully attacked and create sufficient resiliency to allow the remainder of the network to survive.”
Lockhart adds that, while he does not believe that anyone has completely solved this problem, in the course of his analysis, he has encountered quite a few enterprises that admit to it and are actively working toward a solution.
Pike Research anticipates that the two largest business opportunities in the smart meter security sector during the period from 2010 to 2015 will be network resiliency and security software on meters. Other smaller, but still significant, categories will include end-to-end data encryption (beginning in 2012), meter worm prevention, identity management and authorization and event correlation improvements.
Pike Research’s report, “Smart Meter Security”, assesses the security risks to smart metering, using ISO27002:2005 as a baseline to identify topics for consideration. The study reviews smart metering against all 11 security clauses of ISO27002:2005 to identify six key security opportunities including event correlation improvements, security software on meters, identity management and authorization, network resiliency, meter worm prevention and end-to-end data encryption. It includes examination of the market issues and technology issues related to smart meter security, along with market forecasts for key world regions through 2015. An executive summary of the report is available for free download on the firm’s website, www.pikeresearch.com.