Smart metering must offer a security level as high as for money transfers - Dutch minister of Economic Affairs
Smart meters enable utility companies to automatically readout metering data and to give consumers insight in their energy usage, which should lead to a reduction of energy usage. To regulate smart meter functionality the Dutch government commissioned the NEN to create a Dutch standard for smart meters which resulted in the NTA-8130 specification.
Currently the Dutch grid operators are experimenting with smart meters in various pilot projects. In this project we have analyzed the current smart meter implementations and the NTA using an abstract model based on the the CIA-triad (Confidentiality, Integrity and Availability). It is important that no information can be attained by unauthorized parties, that smart meters cannot be tampered with and that suppliers get correct metering data.
It was concluded that the NTA is not specific enough about the security requirements of smart meters, which leaves this open for interpretation by manufacturers and grid operators. Suppliers do not take the privacy aspect of the consumer data seriously. Customers can only get their usage information through poorly secured websites. The communication channel for local meter configuration is not secured sufficiently: consumers might even be able to reconfigure their own meters.
Also, the communication channels that are used between the smart meter and gas or water meter are often not sufficiently protected against data manipulation. It is important that communication at all stages, starting from the configuration of the meter to the back-end systems and websites, is encrypted using proven technologies and protected by proper authentication mechanisms.
It is important that communication at all stages, starting from the configuration of the meter to the back-end systems and websites, is encrypted using proven technologies and protected by proper authentication mechanisms.
Refer here to download the full report.