Securing the smart meter supply chain


The need for security in smart metering is well understood. But ensuring security end-to-end means addressing potential issues at each stage of the meter’s lifecycle, writes Elster’s Michael John, solutions manager.


Security issues have attracted more attention as smart meter rollouts have progressed. Consumers have expressed concerns about their data privacy, which has delayed smart metering programs in the US and the Netherlands. As this was not an area of focus before and therefore without specifications, there have in Europe been instances of smart metering implementations with older or unsubstantial security features.

The industry is currently working closely with governments and consumer groups to address meter security. Technical specifications continue to evolve, while new or revised security and data privacy mandates may be introduced. The European Commission’s Smart Grids Task Force now requires that security and privacy be addressed from pilot stage of a smart metering program, while more governments are taking a lead on smart metering, meaning more involvement from the regulator or national ministry.

Information security must therefore be a core focus for smart metering rollouts from the start. Utilities can avoid scenarios where infrastructure must be upgraded or replaced if end-to-end security is embedded within system design. With utilities in Europe nearing an installed base of a million smart meters or more, it is important they recognize security is not just enabling  technical features on the smart meter, but ensuring the underlying processes are managed in a secure and trusted way across the supply chain.

Smart metering lifecycle

The lifecycle of the smart meter begins at the design and engineering phase. It is then manufactured and delivered to the party responsible for consumer installation, at which point it moves into the operational phase and becomes part of the smart metering network. Finally, at end-of-life, the smart meter must be decommissioned; ensuring personal data is disposed of securely.

At each phase of the smart meter lifecycle, an unauthorized third party might attempt to gain access to sensitive data and use it to maliciously attack a consumer or an organization. For example, if architecture design is not robust, an attacker could manipulate the smart meter, data concentrator, or gateways to disconnect the supply of electricity. A large-scale disconnect across multiple households would not only inconvenience residents in those locations, but may also lead to issues with the grid itself.

Other potential security threats include tampering with meter data in order to manipulate the outcome of billing, or the leakage of personal information and utility-related data known as a ‘consumption signature’.

Security by design

Secure firmware engineering will be essential for meter manufacturers moving forward. As recent history has shown, attackers are more likely to target the means of production. As such, even if a product is certified as being functionally compliant to the relevant standards, it doesn’t necessarily mean it is secure.
This is why a ‘security and data protection by design’ approach is recommended, whereby data security features are built into smart metering systems. In the world of IT, robust security design is based on end-to-end communications where the receiver can prove the identity of the sender and knows that the message has not been tampered with during transit.

Building a Trust Provisioning model

Manufacturers are trusted to produce secure and reliable products. To assure all stakeholders that production processes are secure, manufacturers can obtain a dedicated certification, for example ISO 27001, the international standard for information security management. In Europe, Elster, who was recently awarded ISO 27001 certification, has created a secured cell within its factory. As shown in Figure 1, the meter enters one end of the cell as un-trusted and unsecured, and emerges at the other fully-provisioned with unique key material and its ‘trust anchors’. This way, the smart meter is supplied to the utility as a ‘trusted’ device with authentic firmware and credentials. Elster has also developed a secure process for exchanging the provisioned information with its customers.


Figure : A secured cell for the factory environment. Source: Elster

Once the meter is installed, ownership transfers to the utility or the party responsible for operating the meter. At this point, it is critical that the appropriate data security protocols are already enabled. Decommissioning is just as important, as there may be security relevant data stored on the meter that could allow unauthorized parties to decrypt previous communication or any personally identifiable information left on the meter. Similarly, a secure process is required for re-provisioning devices.

Roadmap and ramp-up plan

Although there are no standards designed to address the smart metering and grid supply chain specifically, there are existing standards that provide a baseline and others that are being enhanced to meet further requirements. In the UK, the central data and communications company (DCC), established to manage the gas and electricity smart meter data in households over the wide area network (WAN), will rely on external assurance and certification. This will be achieved via the CESG – the UK Government’s National Technical Authority for Information Assurance (IA).

Meanwhile, in Germany the Federal Office of Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) has specified the smart meter protection profile (PP for the Gateway of a Smart Metering System). It is based on the international Common Criteria (CC) and secures the communication between the smart meter in each household and the smart grid, as well as addressing Germany’s privacy laws.

Certainly, it is clear that all stakeholders must have confidence in the standardization and specification process, that the markets be better educated about the tools and technologies available, and that government and industry agree a sufficient set of security requirements. Otherwise, the commercial introduction of certified devices can prove challenging.

With a current understanding of threats and the required architecture, it is possible to agree on a roadmap that gets rollouts underway and a ramp-up plan to assure manufacturers achieve volume. Utilities yet to commence smart meter rollouts now have the opportunity to address security from the outset, specify options that are well aligned with the EC and relevant industry bodies, and avoid the complexity and expense of implementing security in retrospect.