Tamper-proofing the smart grid

RSS

Introducing smart meters is making the electricity grid increasingly electronic, which saves time and money for utilities since they don’t have to send a person to read the meter. But this increasing ‘digitalisation’ also adds a lot more opportunities for tampering with the meters in some way, resulting in security vulnerabilities. These vulnerabilities obviously need to be considered before introduction of the smart meters to make sure everyone is paying their way when it comes to electricity.

Chris Neil, Senior VP for Industrial and Medical Solutions Group at Maxim Integrated summarised the problem on the slide below.

 

At the very earliest stage, meter SoC ICs could be replaced with fakes, but there are various measures already in place in the supply chain to try to combat this problem.

At the factory, the meters are programmed with their software/firmware before being sent out into the field. There’s a small possibility that this software could be stolen to clone a meter, or that someone could introduce bad software into the manufacturing process. A secure bootloader and cryptographic code validation is necessary, which uses digital signatures to prove the code is valid.

After leaving the factory, the whole meter units could be replaced with fakes.

When in the field, the meters could be recalibrated by utility employees, presumably to reduce the rate of accumulation or to zero it altogether. Proper authentication for anyone installing or reading meters is required. Are they who they say they are? Utilities will also have to be extra vigilant in detecting ‘inside jobs’.  Unscrupulous persons could also try to physically tamper with the meter unit, that is, they could take them apart to run wires in to try to change settings. For me, this is the most likely scenario. There are various tamper detection options available, such as tilt sensors to detect when the case is opened or anti-tamper meshes. The smart meter SoC should also use cryptographic techniques to protect itself from this sort of physical attack.  

The data is also at risk when it leaves the meter – it’s usually transmitted wirelessly and there is a possibility that it could be intercepted. Obviously, it should never be transmitted unencrypted.

Maxim Integrated released a smart meter SoC called Zeus at the Metering, Billing/CRM Europe show over here earlier this month. Zeus, of course, contains a built-in cryptographic module to secure communication, a secure bootloader to prevent unauthorised firmware modification, and tamper detection measures to assure providers that any attempts to physically attack the meter will be detected, recorded, and reported.

So, will the introduction of smart meters overall increase security of the electricity grid, or will the increased opportunities for electronic attack overall reduce security? And without a person coming regularly to physically read the meters, will physical tampering be able to go unnoticed for longer?

Security is going to be an issue for all utilities that adopt smart metering, so I hope they have given it due consideration.

 

Newsletter Signup

Please or Register to post comments.

What's Crosstalk?

Blogs covering all areas of the European electronics industry, particularly in wireless communications and displays technology

Contributors

Sally Ward-Foxton

Sally Ward-Foxton is Associate Editor of Electronic Design Europe. Her beat covers all areas of the European electronics industry, but she has a particular interest in wireless communications and...
Commentaries and Blogs
Guest Blogs
Nov 11, 2014
blog

How to Outsource Your Project to Failure 4

This article will address failure to carefully vet a potential manufacturing or “turnkey” partner and/or failure to transfer sufficient information and requirements to such a partner, a very common problem I have seen again and again with my clients over the years, and have been the shoulder cried upon by several relatives and clients in the past....More
Nov 11, 2014
blog

Transition from the Academe to the Industry Unraveled 1

There have been many arguments here and there about how short-comings of universities and colleges yield engineers with skill sets that do not cater to the demands of the industry. There have been many arguments here and there about an imminent shortage of engineers lacking knowledge in the sciences. There have been many arguments here and there about how the experience and know-how of engineers in the industry may vanish due to the fact that they can’t be passed on because the academic curriculum deviates from it....More
Nov 11, 2014
blog

Small Beginnings 5

About 10 years ago I received a phone call from an acquaintance. He had found a new opportunity selling some sort of investments and he wanted to share it with me in case I was interested. Ken had done fairly well for many years as a contract software developer primarily in the financial services sector. His specialty was writing RPG code. (RPG is often referred to as a write only language.) But he was seeing the handwriting on the wall as the industry moved on to other methods, and saw himself becoming a fossil....More

Sponsored Introduction Continue on to (or wait seconds) ×