Tamper-proofing the smart grid


Introducing smart meters is making the electricity grid increasingly electronic, which saves time and money for utilities since they don’t have to send a person to read the meter. But this increasing ‘digitalisation’ also adds a lot more opportunities for tampering with the meters in some way, resulting in security vulnerabilities. These vulnerabilities obviously need to be considered before introduction of the smart meters to make sure everyone is paying their way when it comes to electricity.

Chris Neil, Senior VP for Industrial and Medical Solutions Group at Maxim Integrated summarised the problem on the slide below.


At the very earliest stage, meter SoC ICs could be replaced with fakes, but there are various measures already in place in the supply chain to try to combat this problem.

At the factory, the meters are programmed with their software/firmware before being sent out into the field. There’s a small possibility that this software could be stolen to clone a meter, or that someone could introduce bad software into the manufacturing process. A secure bootloader and cryptographic code validation is necessary, which uses digital signatures to prove the code is valid.

After leaving the factory, the whole meter units could be replaced with fakes.

When in the field, the meters could be recalibrated by utility employees, presumably to reduce the rate of accumulation or to zero it altogether. Proper authentication for anyone installing or reading meters is required. Are they who they say they are? Utilities will also have to be extra vigilant in detecting ‘inside jobs’.  Unscrupulous persons could also try to physically tamper with the meter unit, that is, they could take them apart to run wires in to try to change settings. For me, this is the most likely scenario. There are various tamper detection options available, such as tilt sensors to detect when the case is opened or anti-tamper meshes. The smart meter SoC should also use cryptographic techniques to protect itself from this sort of physical attack.  

The data is also at risk when it leaves the meter – it’s usually transmitted wirelessly and there is a possibility that it could be intercepted. Obviously, it should never be transmitted unencrypted.

Maxim Integrated released a smart meter SoC called Zeus at the Metering, Billing/CRM Europe show over here earlier this month. Zeus, of course, contains a built-in cryptographic module to secure communication, a secure bootloader to prevent unauthorised firmware modification, and tamper detection measures to assure providers that any attempts to physically attack the meter will be detected, recorded, and reported.

So, will the introduction of smart meters overall increase security of the electricity grid, or will the increased opportunities for electronic attack overall reduce security? And without a person coming regularly to physically read the meters, will physical tampering be able to go unnoticed for longer?

Security is going to be an issue for all utilities that adopt smart metering, so I hope they have given it due consideration.


Please or Register to post comments.

What's Crosstalk?

Blogs covering all areas of the European electronics industry, particularly in wireless communications and displays technology


Sally Ward-Foxton

Sally Ward-Foxton is Associate Editor of Electronic Design Europe. Her beat covers all areas of the European electronics industry, but she has a particular interest in wireless communications and...
Commentaries and Blogs
Guest Blogs
Mar 6, 2015

Programming Efficiency: Part 2 2

A number of years ago I did some work on a PABX. The device was electromechanical and far from state of the art, but the owner had been talked into spending a bunch of money expanding it and couldn’t justify scrapping it....More
Jan 21, 2015

How To Dumb Down Smart Electronics 6

In our generation of microcontroller-enhanced everything, it has been frustrating at best to see how often the capability of smart hardware has been foiled by the design of poorly purposed software....More
Dec 15, 2014

Who Are You? (I Really Want to Know!) 7

Borrowing a stanza from The Who’s hit song seemed like a good way to bring attention to a critical topic often ignored by engineers. When finding information on a company that has an interesting product, what do we do? Of course, we look at its Web page to learn more....More

Sponsored Introduction Continue on to (or wait seconds) ×