What is a smart metering device, and what kind of cybersecurity requirements does it have to comply with?

Smart meters are progressively being adopted globally for a variety of deployments, including electricity, gas, and water. Their two-way communication feature enables real-time tracking of utility usage by both the utility supplier and the consumer. Smart metering is a component of the smart grid infrastructure design, and its primary goal is to automate the monitoring of users' usage, as well as billing and accounting. 

The smart meter industry shipped roughly 136.45 million smart meter units globally in 2020, with a projected increase to 198.53 million units by 2026. Like any other smart device, as the number of smart meters grows, so does their exposure to cybercrime.

In our article below, you can learn about the most effective methods for screening the vulnerabilities of your smart devices while making them safer. 

What do we call a smart or intelligent metering system?

Smart meters are intelligent devices that record and monitor utility usage in real-time and provide accurate data. Smart metering solutions are the primary endeavors toward achieving smart grid objectives (SG). Smart grids handle essential challenges such as renewable energy balance, customer operations, peak management, and many more. Without a doubt, smart metering minimizes business losses, monitors energy in real-time, detects energy theft, improves grid resilience, and leads to improved revenue and tariff management. Furthermore, it implements modern pricing structures and sends accurate invoices based on the measured data, decreasing consumer frustration and enhancing customer loyalty.

‍As a result, smart meters play a critical role in fulfilling the goals of a smart grid.

‍

Main components of smart meters

A smart meter has two main physical components:

• The meter: a secure, smart data network connected to the supplier via a wireless connection that delivers information about consumers' energy use.
• In-home display (IHD): in some countries (e.g. UK) the supplier provides a monitor that resembles a tablet device on which users can monitor their energy usage in real-time.

How does a smart meter device work?

Smart meters are advanced versions of traditional power meters developed based on AMR (Automatic Meter Reading) and AMI (Advanced Metering Infrastructure). Smart meters have advanced ICT interfaces, making them highly sophisticated and comprehensive. Smart meters, in addition to metering, may analyze numerous metrics such as power factor or THD (Total Harmonic Distortion) and estimate power usage at specific intervals. The remote-control functions powered by MDMS (Meter Data Management System), allow customers to remotely monitor and operate their home energy management systems. 

Smart meters communicate via wireless networks: the Home Area Network (HAN) and the Wide Area Network (WAN):

• HAN links with the consumers’ devices and transmits encrypted energy data to an electricity meter. This link enables the users to view their real-time energy use via the monitoring gadget. 
• WAN, on the other hand, is comparable to the secure networks that smartphones use. Smart meters rely on the WAN to transmit data that is used to generate accurate energy bills, allowing a better understanding of energy consumption.

Which countries are leading the way in using smart meter devices? 

The United States and Western Europe are leaders in smart grid infrastructure investment and implementation due to increased rollout in recent years. Rollouts in these areas have been influenced in part by available financial resources, but also by public policy and commercial utility decisions. The European Union, in particular, has enacted some of the most ambitious smart grid regulations for member nations, resulting in significant investment. As the benefits of smart grid infrastructure become more widely recognized, many additional countries and areas are catching up. Significant investments have already been made in a variety of nations, including China, Japan, Malaysia, Saudi Arabia, Uruguay, Slovenia, and Jamaica, to mention a few. 

Switzerland is already one step ahead. Based on the Swiss Government regulation only smart meter devices that comply with the national Security Standard may be marketed in the country. Switzerland's example of regulations will certainly be followed by other countries soon.

What are the main threats of smart metering systems?

Ironically, one of the major threats to smart meters is what makes them smart: that they work connected to a network and the Internet. 

Cybersecurity issues of smart meters lie in their inherent vulnerabilities which expose the infrastructure configuration to different attacks. Vulnerabilities may exist in the firmware, system applications, hardware architecture, and network interface. Furthermore, the system is vulnerable to network-related attacks and protocol failure due to the bidirectional communication link between the metering unit and the main gateway.

Additional communication attacks include 

• Eavesdropping 
• Wireless scrambling 
• Man-in-the-middle attacks 
• Message modification
• Injection attacks

‍

‍

Furthermore, utility providers and/or customers typically engage with the metering system via online and/or mobile application interfaces. Using an application programming interface, web-based applications are integrated with the metering system application (API). An unpatched API may be vulnerable to a variety of attacks, potentially exposing the entire metering system to malicious assaults. Furthermore, a poorly designed interface might expose the smart metering system to injection and code execution threats.

These systems are built with security in mind, yet safety misconfiguration can happen at any level, and in any component of the application. Smart metering security standards are one of the most effective solutions to filter out these vulnerabilities and misconfigurations. 

What kinds of smart meter security standards exist?

For the smart meter industry, accurate data gathering and secure data transfer are essential. The more complicated technologies occur in smart metering, the harder it gets to keep these devices safe. This is where smart meter security standards come into the picture.

ISO15408 - Common Criteria for Smart Metering

This dedicated Common Criteria Protection Profile gives extensive explanations of all the basic security standards that every smart meter device on the market must meet. Smart Meter Protection Profiles address the needs of all stakeholders. The Protection Profiles are based on extensive industrial collaboration, but they are also practical and simple to implement.

Industrial Control System Security for Smart Metering (IEC 62443)

The IEC 62443 series was initially designed for Industrial Automation and Control Systems, which share architecture and functionality with IoT and Smart Cities. IEC 62443 addresses all elements of cybersecurity in each of its specialized sections. A relevant set of requirements is accessible depending on whatever specific element requires review. These span from entire system design to patch management quality assurance methods. 

Advantages of IEC 62443:

• Comply with the NIS directive
• Gained trust 

‍

‍

The Swiss model for Smart Metering Data Security certificates

Switzerland has made a significant step forward by defining the standards and data security evaluation methodology for Smart Metering Environments, according to the Electricity Supply Ordinance (Stromversorgungsverordnung).

Since 2019, smart metering systems in Switzerland must be METAS certified (METAS Zertifizierung) based on the so called “Prüfmetodologie zur Durchführung der Datensicherheitsprüfung für Smart Metering Komponenten in der Schweiz” published by SWISSMIG (Smart Grid Industry Switzerland industry Alliance). 

RED - Cybersecurity for Smart Metering

The Commission took steps in 2021 to strengthen the cybersecurity of wireless devices in the European market. The 2014/53/EU (RED) directive establishes additional legal criteria for cybersecurity protections, which manufacturers must consider when designing and manufacturing the relevant machines including smart metering devices.

How can CCLab help achieve better security with your smart metering device?

Getting your smart meter device cybersecurity certified comes with multiple advantages. It gains trust in your customers, improves network resilience, reduces the risk of monetary fraud, better protects your customer’s data and in some cases, it is an inevitable requirement of the market or the buyer. Besides, in some countries like Switzerland, it is mandatory to get your smart meter device data security certified to be able to enter the market with it.  

At CCLab we provide simple solutions to complex cybersecurity needs. We are proud to be one of the leading accredited laboratories in cybersecurity evaluations of Swiss smart meter devices for the energy industry since 2019. Besides others, we have significant experience in data security evaluations in Switzerland under the METAS certification scheme. Our professional colleagues can guide you through the entire process from readiness assessment to pre-evaluation and the official evaluation for certification. 

Contact us and we will help you find the most suitable solution to make your smart meter device safer.