Smart meters: standards and security

Background

Energy is a factor that affects our lives in many ways. From our domestic day-to-day to our industries an even businesses. It is therefore considered a key economic driver. Growth in digital innovation in the 21st century depends on an efficient and well established energy infrastructure. This makes it imperative that we make our energy production and delivery smarter and hence more efficient, reliable and transparent. The conventional ways of metering energy have been deemed inefficient since they do not allow any interaction between user and provider. Smart meters on the other hand not only record electricity usage but also monitor for anomalies such as voltage drops and spikes and communicate this to the utility provider . A utility provider can use these smart meters to monitor the electricity circuit, remotely read the smart meter data and disconnect power services. The users too can be provided with this data to allow them to properly manage their consumption.

Why use a smart meter?

The smart meter infrastructure allows for real time sharing and exchange of data between customer and service provider. The end goal is to monitor the consumption of energy and improve overall efficiency within the grid. It can also help steer the consumer behavior towards more environmentally-friendly consumption habits by showing them their real-time consumption patterns and even use of financial incentives such as cheaper rates during low demand periods.

What about privacy?

Any instance where there is constant exchange of data there commonly arises privacy concerns. Though the key purpose for collecting energy consumption data is billing, smart meters enable utility providers to record energy inputs and outputs more precisely than with traditional meters and easily share this digital data with interested parties. These can analyze the consumer data sets and hence know about the end-user’s lifestyle, habits, and activities. For example, the daily measurements reveal whether a household is inhabited or not, and hourly measurements reveal lifestyle patterns such as when individuals are typically waking up or coming back home from work.

How do we secure the data?

Policymakers and regulation stipulates that utility providers to be transparent and inform customers about the electricity data collection via smart meters and that data subjects shall have access to data regarding their own energy consumption and “shall be able to, by explicit agreement and free of charge, give any registered supply undertaking access to [their] metering data.” customers must be “properly informed of actual electricity consumption and costs frequently enough to enable them to regulate their own electricity consumption.” No additional costs can be charged to the consumer for such services. smart meters and the data communication infrastructure must be secure. This applies to measuring instruments for electricity, gas, heat, or water. There are also requirements related to the protection of meters against corruption, inadmissible external influences, and manipulations. Requirements are that data protection should be implemented at legislative, technical, and organizational level

What are the standards?

The IEEE 1686–2013 standard gives the basic security requirements that smart electronic devices, such as smart meters, must implement. These include:

• smart meters should be protected by a user-created password coupled to a unique user ID. a secure password is defined by: at minimum eight characters long, containing at least one upper or lower case letter, one number, and one non-alphanumeric character. There should be no means to defeat or circumvent the user-created ID/password. Mechanisms such as “embedded master password, chip-embedded diagnostics, routines that automatically run in the event of hardware or software failures, hardware bypass of passwords such as jumpers and switch settings” are not allowed. Another included security measure is a time-out feature that “automatically logs out a user who has logged in after a period of user inactivity.”
• The IEEE 1686–2013 provides a list of the cryptographic requirements of intelligent electronic devices. These requirements include things like block ciphers, digital signatures, and hashing techniques. The standard further mandates that smart meters that communicate over IP-based networks implement technologies including but not limited to Hyper Text Transfer Protocols Secure (HTTPS) for web server functionalities, Secure File-Transfer Protocol for file transfer functionalities, and Virtual Private Networks (VPN) for secure tunnel functionalities.

CONCLUSION

Privacy in smart energy systems not only concern security but also include monitoring consumers’ habits, lifestyle, and activities by analyzing electricity consumption data. Aggregating smart meter data before utility providers receive and process it could help to overcome these privacy concerns on creation of individual consumption profiles. In this case, rather than receiving data from a single household, the provider obtains multiple, aggregated metering data from different households. The aim of this aggregation is to reduce the amount of individual data while still providing data useful for specific business purposes. However, although this will tackle the issue of privacy, it creates a new challenge whereby solutions like dynamic load management, load forecasting, or direct energy feedback, might be inhibited. There are however protocols that can be used to overcome this.

References

Beckel, C., Sadamori, L., Santini, S. & Staake, T. (2015). Automated Customer Segmentation

Based on Smart Meter Data with Temperature and Daylight Sensitivity

Botero, O. & Chaouchi, H. (2010). RFID Applications and Related Research Issues. In H. Chaouchi

(Ed.), The Internet of Things: Connecting Objects to the Web (pp. 129–156). London: ISTE Ltd.

/ New Jersey: John Wiley & Sons

Fhom, H.S. & Bayarou, K. (2011). Towards a Holistic Privacy Engineering Approach for Smart

Grid Systems. Proceedings of International Joint Conference of IEEE TrustCom11, 234–241.

Cavoukian, A., Polonetsky, J. & Wolf, C. (2010). Smart Privacy for the Smart Grid: Embedding

Privacy into the Design of Electricity Conservation. Identity in the Information Society, 3(2),

275–294.