• About
  • Advertise
  • Subscribe
  • Contact
  • Events
Friday, June 13, 2025
Newsletter
SUBSCRIBE
  • News
    • Events
  • Features
  • Electricity
  • Gas
  • Renewables
    • Batteries & Storage
    • Hydro Power
    • Hydrogen
    • Solar
    • Wind
  • Smart Energy
No Results
View All Results
  • News
    • Events
  • Features
  • Electricity
  • Gas
  • Renewables
    • Batteries & Storage
    • Hydro Power
    • Hydrogen
    • Solar
    • Wind
  • Smart Energy
No Results
View All Results
Home

Smart meters – maturing in cyber security but still at risk?

by Energy Journalist
August 27, 2017
in Cyber Security, Features, Smart Energy, Smart Meters
Reading Time: 5 mins read
A A
Share on FacebookShare on Twitter

By Garry Bentlin, National Director of Cyber Security, Deloitte, and Roger Jeffrey, Consulting Partner, Deloitte Energy & Resources

Data security is a critical focus area for modern, digital utilities, with smart meters at the frontline for potential attack. Garry Bentlin and Roger Jeffrey outline the key risks utilities need to consider when it comes to the security of their metering technology, and provide strategies to mitigate these risks.

Smart meters are no longer an emerging technology. They are central to the functioning of smarter electricity networks, allowing utilities to provide dynamic pricing services, demand response, and better management.

Smart meters enable better environmental performance and greater efficiencies by reducing overall energy consumption, enabling the integration of renewable or alternative technologies, and providing support for smart appliances and electric vehicles.

For consumers, benefits include supporting smart appliances which can take advantage of off-peak savings, automated control of power levels in appliances such as air conditioners, online viewing of power consumption via web portals, and options for the integration of renewable energy sources.

Smart meters are a maturing technology underpinned by computing capability. Lessons have been learned by smart meter vendors and users from the principles used to protect information technology environments, but breaches will still occur and organisations need to be prepared. One of the key risks in IT, which is now emerging in smart metering, is the end user, who may be ignorant of the cyber security issues in their home environment introduced by smart appliances connected to the meter.   

Those utilities considering the use of Internet of Things (IoT) devices, such as cameras, need to be aware that these technologies are still maturing and are only now commencing the security development lifecycle in response to significant security breaches.

Risks to consider, and mitigations

Stricter standards and controls over technologies, which have been identified, tested, implemented and used for a number years, demonstrate the maturing capabilities and protection mechanisms of smart meters.

Smart meters use wireless communications and are thus vulnerable to attacks at the network layer, where there are none of the physical protections inherent in wired networks. Mesh or wireless networks are able to be attacked by a malicious actor via methods such as impersonating mobile towers, authentication attacks, and encryption attacks on the traffic between the meter and the upstream relays or access points. As such, security design considerations need to include strong authentication and encrypted management of credentials.

Connected devices in the modern home, such as refRigerators, can be compromised in cyber attackS and ultimately impact on the security of smart meters.
Connected devices in the modern home, such as refrigerators, can be compromised in cyber attacks and ultimately impact on the security of smart meters.

Smart meters have followed the lifecycle of IT assets and software. Immature emerging technologies are easily compromised due to time-to-market pressure and a lack of understanding of the vulnerabilities inherent to the technology.

As the technology becomes more prevalent, it becomes a target for malicious actors and the maturity curve increases as regulators, the public, and vendors respond to concerns and breaches. Standards are developed and organisations purchase technologies that meet the standards to reduce risk and maintain availability of service.

From a consumer’s perspective, smart meters connect smart appliances in the home. These implementations have been known to contain serious cyber vulnerabilities. As smart meters do not contain the processing power and memory resources of other computing devices, they lack the capacity to include the basic security checks more mature systems perform.   

Malicious attackers can therefore try to use these networks to impersonate a device and take control of other devices in the home. The potential exists for an attacker to hijack connected home systems via the smart meter, including smart door locks.

Consumers will need to be educated to ensure their smart appliances are able to be updated regularly and robustly to avoid compromise by an attacker using commonly available hacking toolkits.

The responsibility for security then moves down the supply chain to the consumer in the home, who possesses the refrigerators, smart televisions, and other connected devices, but may be ignorant of the need to update these devices to avoid security incidents directly affecting them. Retailers providing smart metering capability should consider educating customers to reduce the risk of consumer compromise and breaches of privacy.

IoT devices are repeating the same journey from emerging technology to mature deployments, but the legacy of mass-produced cheap devices adopted in their millions has already resulted in the largest ever number of denial-of-service attacks experienced on the internet.  

For example, the Mirai virus infected hundreds of thousands of IoT devices. These were used to launch multiple internet attacks, which blocked a large number of popular internet services. IoT devices are now being subjected to the maturity roadmap of examination and rigour that smart meters have undergone previously.

What can organisations responsible for smart meters do?

Identify which advanced metering infrastructure assets are vulnerable to malicious attacks.

Understand what your baseline environment is, what assets are deployed, and what vulnerabilities they possess. Use encryption to protect wireless communications.

Vigilance via proactive monitoring is critical. Organisations must gather event data, and constantly monitor activities to find and correlate patterns that can indicate an attack, and expand the scope of monitoring and security tests to include the advanced metering infrastructure.

Integrate commercial, public, and open-source threat intelligence into the monitoring platforms and risk reporting, to enable detection of threats pertinent to the electricity sector. These could include disgruntled employees, activists, or third parties who have been compromised by hackers looking to penetrate the network.

Ensure the organisation’s stakeholders understand all the inherent risks. Utilities must understand a breach could expose regulatory data or customers’ personal information. Breach management for smart networks is a complex area, as there are many parties involved, for example, the retail and distribution, and customer. Breaches of customer information could occur in this supply chain and be attributed to an incorrect party.

Smart meter technology has matured, but as with all technologies, risks still exist. Cyber-attack risk is managed using the same process as other business risks, by implementing appropriate controls to manage and minimise the risk. However, organisations must still be prepared for a breach to occur, from an internal or external source, and have tested response plans in place.

Related Posts via Categories

  • Lessons from global cybersecurity frameworks
  • Distributed intelligence modernising the grid
  • A postcard from the future
  • Grid intelligence software enabling the transition
  • Energy system cybersecurity for an uncertain world
  • Energy sector cyber readiness is a critical concern
  • Sowing the seeds to reap smart meter rewards
  • Why wait for a cyber catastrophe to prepare for a cyber attack?
  • Smartly securing your grid from cyber attacks
  • The ongoing benefits of Victoria’s smart meter rollout

Related Posts

Image: Genus 

Genus lands new $130M nbn contract

by Katie Livingston
June 12, 2025

National essential power and communications infrastructure provider, GenusPlus Group has entered into a new contract with NBN Co to support its...

Image: Kookkii/stock.adobe.com

Report: National body needed to unlock CER benefits

by Katie Livingston
June 12, 2025

Energy Consumers Australia (ECA) has shared a new report, which recommends that a dedicated and enduring national body is needed...

Image: Hip.hub/stock.adobe.com

AI drones transforming energy celebrated on national stage

by Sarah MacNamara
June 11, 2025

An innovative artificial intelligence (AI) platform that is transforming asset maintenance in the energy sector is in the national spotlight,...

Read our magazine

Join our newsletter

View our privacy policy, collection notice and terms and conditions to understand how we use your personal information.
Energy is a thought-leading, technology-neutral magazine, developed to help the industry answer some of the Energy sector critical questions it is currently grappling with.

Subscribe to our newsletter

View our privacy policy, collection notice and terms and conditions to understand how we use your personal information.

About Energy

  • About
  • Advertise
  • Subscribe
  • Events
  • Contact
  • Digital Magazine
  • Terms & Conditions
  • Privacy Collection Notice
  • Privacy Policy

Popular Topics

  • News
  • Spotlight
  • Renewable Energy
  • Electricity
  • Projects
  • Networks
  • Sustainability
  • Gas

© 2025 All Rights Reserved. All content published on this site is the property of Prime Creative Media. Unauthorised reproduction is prohibited

No Results
View All Results
NEWSLETTER
SUBSCRIBE
  • News
    • Events
  • Features
  • Electricity
  • Gas
  • Renewables
    • Batteries & Storage
    • Hydro Power
    • Hydrogen
    • Solar
    • Wind
  • Smart Energy
  • About
  • Advertise
  • Subscribe
  • Contact
  • Events
  • Newsletter

© 2025 All Rights Reserved. All content published on this site is the property of Prime Creative Media. Unauthorised reproduction is prohibited