• Have systems in place to do all of this in scale across millions of devices
Converting these principles into reality is the next step , which the industry has already put in place . Implementing the DLMS / COSEM application layer protocol with security Suite 0 and Suite 1 ensures that all data and messages exchanged between smart meters and the backend systems are encrypted and authenticated . As DLMS / COSEM Suite 1 employs digital signatures , it ensures that no unauthorised servers can communicate with and send malicious commands to smart meters remotely , turning them all off , for example .
In order to help with ‘ security-by-design ’, standardised approaches such as the ‘ Protection Profile ’ released by ESMIG and approved as a basis for security certification within the European Union should be used for designs of smart meters .
While using proprietary algorithms and encryption may seem appealing , it gives a false sense of protection . If the proprietary algorithm is broken ( and it will be eventually ), there is nowhere to turn to . Using standards means that the industry has many thousands of laboratories , standards bodies and companies working to try and break algorithms themselves and to constantly share findings and new versions to the broader industry . Thus , always staying a step ahead of the hackers .
Isolating the application from the security layer and using specialist security companies for implementing the security part of the electricity grid is another very important piece . The same way as during daily life you would not want your train driver to pilot your aircraft – unless they have a pilot ’ s licence . Top utilities follow these practices of using standards and specialist security suppliers .
Lastly , every industry should be humble and realise that security is always a moving target as hackers keep getting better . There will always be a need to update and patch systems . The ability to do so in a way that minimises the risk of malware being introduced during updates is mandatory – the smart energy industry implements standards that utilise mutual authentication and signed firmware updates to ensure this . Without these measures governing updates in place , the cure may be worse than the disease as updates might introduce further hacking possibilities into the smart grid . All of this is taken into account in ‘ SecuritybyDesign ’
practices , separation of ‘ application ’ from ‘ security ’, DLMS / COSEM standards and the ESMIG Protection Profile . As long a smart meter rollout follows these standards and principles , a great deal of protection against cyber hacks has already been built in .
DONE RIGHT , USERS HAVE NOTHING TO FEAR Once all the principles and standards described above are implemented , and encryption of customer information databases is put in place , consumers and their information are very safe . Even if hackers break into the system , they are unable to do anything as encrypted data is useless to anyone – as is sending commands to energy assets that will not respond to commands originating from untrusted entities . A further layer of protection should also be built on consumer facing apps and websites , using multi-factor authentication to avoid hacks like password phishing , for example .
COMPLACENCY IS OUR WORST ENEMY Just as athletes keep getting better and sporting records keep tumbling , so do hackers and the systems they can break into . The key is being cognisant of this and maintaining cybersecurity systems , processes and technologies that are constantly state-of-the art and evolving .
Here again , relying on standards , technologies and companies that are cybersecurity experts , helps smart energy players such as utilities , software , and device makers to focus on doing what they do best – making the grid smart and capable of combatting climate change – while constantly maintaining a shield of protection to ensure that this noble goal does not becomes an Achilles heel .
Francis D ’ Souza is Chair of the Data Communication & Processing Workgroup at ESMIG and VP-Strategy & Marketing at Thales , focusing on IoT