How and Why Smart Grid Operators Tackle Cybersecurity Challenges

Author: Michela Menting

The benefits of Advanced Metering Infrastructure (AMI) are undeniable, as it leverages technologies like smart meters to provide real-time, or near real-time, two-way communication of information and energy levels between utility companies and Internet of Things (IoT) devices. This provides a more transparent snapshot of an energy grid. Cybersecurity challenges in smart grids are a prevalent threat to the governments and privately-owned organizations replacing traditional energy infrastructure.

Without a robust security apparatus, criminals can carry out attacks, such as False Data Injection Attacks (FDIAs), botnets, Distributed Denial of Service (DDoS), and remote hijacking. So, what kind of cybersecurity solutions are available in the smart grid sector? Which market drivers are the most influential? And how are different regional markets responding?

Market Offerings to Address Smart Grid Cybersecurity Challenges

Five focus areas that vendors provide security solutions for in smart grids are identity issuance, identity management, secure Firmware Over-the-Air (FOTA), traffic monitoring, and Hardware Security Modules (HSMs).

Identity Issuance: Unlike a lot of other modern devices, smart meters don’t need a Trusted Platform Module (TPM) or Trusted Execution Environment (TEE) and keys can be stored in a System-on-Chip (SoC), secure Integrated Circuit (IC), Secure Element (SE), or FLASH memory. It’s recommended to issue digital certificates and encryption keys during the manufacturing stage to bolster trustworthiness when addressing smart grid security vulnerabilities. A digital certificate is needed to enable nearly all security functions for connected devices.

Identity Management: Personalized lifecycle management is the name of the game for identity management. Once an IoT device is issued a unique identifier, the utility is in a position to monitor all its connected devices in a secure way, which is either done on-premises or through a Software-as-a-Service (SaaS) model. Sometimes, utilities simply outsource all device identity management work to a service provider.

Secure FOTA: Smart meters increasingly leverage the convenience of FOTA updates, which presents a pressing cybersecurity challenge in smart grids because bad actors take advantage of it. In 2015, hackers carried out a firmware attack on Ukraine’s energy grid, which led to the loss of power for nearly a quarter-million people. Investing in solutions that provide patch security, integrity, and reliability is crucial to circumvent the vulnerability.

Traffic Monitoring: Traffic monitoring, usually applied to Wide Area Networks (WANs), allows utilities, telcos, and IoT platform providers to see a holistic view of all connected smart meters. By doing this, operators can detect questionable behavior, such as energy consumption data spikes, authorized requests, or other activity that raises an eyebrow.

HSMs for Energy Utilities: Fortunately, HSM providers like Thales, Atos, and Entrust develop security solutions that are tailor-made for utilities in particular. In this context, HSMs are used to facilitate cryptographic keys, encrypt-encrypt, and authenticate applications that fall within the boundaries of Meter Data Management (MDM) and AMI. This allows the endpoint of data collection to communicate with the utility’s IT infrastructure.

The Role of Government Regulation in Smart Grid Cybersecurity Adoption

Government regulation is possibly the most influential factor for smart grid cybersecurity implementation. For example, European governments are more involved in infrastructure security than any other part of the world, so Europe is also home to the most advanced digital infrastructure and device management operations. The European Committee for Electrotechnical Standardization plays a large governing role in the region.

On one hand, regulation forces smart grid operators and manufacturers to solve the challenge of following strict cybersecurity guidelines and making significant pivots when it comes to security, such as manufacturing specifications, supply chain visibility, and device onboarding, among other things. On the upside, industry players have a strong foundation on which to base all their developments in a scalable and sustainable manner.

In the United States, the Federal Energy Regulatory Commission (FERC) supports the North American Electric Reliability Corporation (NERC) to evaluate grid security issues and help prevent further occurrences in the future. Other regions have their own governing bodies, such as the Ministry of Power in India, to protect the security, integrity, and reliability of their energy grids.

The Smart Grid Cybersecurity Market Will Surge

As utilities push further toward digitization, this presents a greater cybersecurity challenge because adding more connected devices to a smart grid also brings more options for hackers to choose from. In response, utilities are investing more in device identity management solutions from Public Key Infrastructure (PKI) providers and Certificate Authorities (CAs), such as Device Authority, GlobalSign, and DigiCert. However, on-premises management solutions like an HSM will be the most common deployment among electricity utilities, as they provide greater control via a headend server with other cloud-based services (Azure or Amazon Web Services (AWS)).

ABI Research forecasts an astounding 60.4% Compound Annual Growth Rate (CAGR) until 2027 in the smart electricity meter cybersecurity market. It should be noted that in regions where communication infrastructure is underdeveloped, the government is soft on regulation, and where customers are not as concerned about privacy, purchasing levels of smart meter security will remain comparatively low.

Revenue for electric smart meters for 2021 to 2027

Feeling the Pressure

Smart grids are not a brand new concept, and neither are cyberattacks, which is why it’s surprising that the act of addressing cybersecurity challenges hasn’t been more robust until now. But the energy sector is poised to become a lot more secure as investment in IoT security solutions increases at explosive rates as government regulation forces the hands of utilities, vendors, and service providers. Places where government budgets are highest, such as the United States and Western Europe, will be where the greatest spending will be made in smart meter security.

These findings are from ABI Research’s IoT Security Services in Electricity Utilities application analysis report. This report is part of the company’s IoT Cybersecurity Research Service, which includes research, data, and ABI Insights. Based on extensive primary interviews, application analysis reports present in-depth analysis on key market trends and factors for a specific application, which could focus on an individual market or geography.