What are smart meters, and what is their primary purpose?
Smart meters detect and record energy use in real time, providing precise data to utility companies for efficient and dependable energy delivery. Customers benefit from more accurate energy consumption data, which helps them save money and enables flexible pricing models such as time-of-use rates. Service providers gain from efficient energy distribution, demand management, and the ability to swiftly identify and remedy issues such as power outages.
Due to their interconnected nature smart meters pose a significant security risk if they are not properly secured, as cybercriminals can exploit vulnerabilities to gain unauthorized access to customer networks and sensitive data. Manufacturers therefore must prioritize securing smart metering and prevent potential breaches.
Best practices for securing smart metering devices for manufacturers
Manufacturers can take a number of different effective steps to secure smart metering devices. These include:
Regular firmware updates
Regular firmware updates are crucial for securing smart metering devices. They not only address security vulnerabilities but also improve functionality, fix detected bugs, and allow manufacturers to add new features. Maintaining up-to-date firmware is critical for ensuring device security and functionality.
To enhance smart meter security manufacturers should implement effective vendor management which includes: conducting rigorous background checks, installing vendor-specific security measures, as well as creating explicit vendor security policies and procedures. Regular vendor monitoring and audits may also assist reduce risks connected with third-party providers and protect against possible security breaches.
Complying with related cybersecurity standards and regulations to secure smart metering
Compliance with cybersecurity regulations, standards, and practices is required in certain countries and suggested in others, but it is always beneficial for strengthening the security of smart meters. Manufacturers can develop a solid security framework, protect against possible risks, and maintain user trust in smart technology by complying with related local or international standards and regulations.
Applicable cybersecurity standards, regulations, and methods for smart metering manufacturers
One of the most efficient ways to secure smart meters is to get the devices and related systems compliant with applicable cybersecurity standards, requirements, or methodologies. Depending on which country or market you want to introduce your smart metering device as a manufacturer, it might even be mandatory to get your device certified.
METAS – The Swiss model
The Electricity Supply Ordinance (Stromversorgungsverordnung) of Switzerland has recently adopted a substantial development in harmonizing the standards for Smart Metering Environments. This improvement is an important step toward providing a standardized and reliable smart metering cybersecurity framework across the country.
Smart meter manufacturers that want to sell their products in Switzerland must certify their devices before placing them on the market. To maintain strong data security requirements and secure smart metering, The Federal Institute of Metrology (METAS) serves as the federal centre of competence for all issues related to measurement and for measuring equipment and measuring procedures. It is the Swiss national metrology institute. As such, its mandate is to ensure the availability in Switzerland of measurement and testing facilities with the degree of accuracy needed to meet the requirements of the economy, research and administration. METAS, as the certification body, issues the metrology and data security certificates for the obliged Manufacturers.
METAS certifications are issued for eligible devices after a comprehensive and rigorous assessment procedure. The evaluation process is carried out by accredited laboratories that operate independently, ensuring that smart metering settings fulfill rigid security criteria. The assessment procedure is done in the so-called Testing Methodology (Die Prüfmetodologie) and its Annexes published by SWISSMIG, the Industry Alliance of Swiss providers of technology solutions for smart metering and smart grids.
As wireless technology becomes more prevalent, securing smart metering devices becomes increasingly important. The Radio Equipment Directive 2014/53/EU (RED) of the European Union mandates all radio equipment in the market, including smart meters, to comply with severe cybersecurity safeguards.
The regulation has been revised to include additional security requirements aimed at boosting network resilience, protecting customer privacy, and lowering the risk of financial crime. To comply with the new legal standards, economic operators in the energy sector must verify compliance with RED, and manufacturers must implement cybersecurity measures in the design and production of their devices.
Common Criteria for Smart Metering
The Common Criteria “Protection Profile for Smart Meter Minimum Security requirements” outline those obligations that smart metering products on the European market should meet. The aim of this PP is to come to an European approach for the security certification of Smart Meters. The Cyber Security Act of the European Commission, that comes into act in June 2019, asks for the development of European certification schemes for products, processes and services in order to prevent fragmentation of the market by various national certification schemes. The SM-CG Working Group on Privacy and Security is of the opinion that Common Criteria provide a cost effective and efficient method for an agreement between manufacturers, customers and security evaluators as to what assurance level a product shall be provided based upon a protection profile and a security target for Smart Meters. The WG believes that an approach based on Common Criteria EAL.3+ and the already existing mutual recognition of CC certificates among 17 European countries, is a valuable alternative for European countries that do not have an existing certification scheme for Smart Meters yet. The PP was developed through extensive industry collaboration and was designed to be practical and easy to follow and implement by all stakeholders.
Smart metering technology is anticipated to grow rapidly in the next few years, but it also exposes users and service providers to cybersecurity concerns. Manufacturers should emphasize securing smart metering by performing frequent firmware upgrades, efficient vendor management, and adhering to mandatory or recommended cybersecurity standards like METAS, RED, and Common Criteria.
By implementing these best practices, manufacturers can effectively minimize or even mitigate potential cyber security risks and secure smart metering systems.