Smart Meter Security

Event Correlation Improvements, Security Software on Meters, Identity Management and Authorization, Network Resiliency, Meter Worm Prevention, and End-to-End Data Encryption

Smart meter deployment continues to pick up speed in nearly all regions of the world; however, as with all information technologies introduced in the past 50 years, cyber security was at first overlooked in the rush to create a working device. Now, utilities, governments, systems integrators, device manufacturers, and nearly everyone else involved realize that smart meters and their surrounding networks can be attacked, and that cyber security measures are necessary to protect the meters and their environment.

Perhaps the most critical finding of Pike Research’s analysis is that end-to-end protection of private and commercial usage data is impossible. Home area networks (HANs), commercial building networks, and utility networks all perform well in terms of keeping data encrypted within their domains. However, these domains terminate at the smart meter, and the only way for data to pass from one network to the other is for the smart meter to decrypt the data from one side and re-encrypt it on the other. Consequently, the data are, for a short while, unencrypted on the meter and could be successfully eavesdropped. We do not expect a solution to be in place before 2012, yet we anticipate that solving this problem could present a significant business opportunity.

The report assesses in considerable detail the security risks to Smart Metering, using ISO27002:2005 as a baseline to identify topics for consideration. The study reviews Smart Metering against all 11 security clauses of ISO27002:2005 to identify six key security opportunities including event correlation improvements, security software on meters, identity management and authorization, network resiliency, meter worm prevention, and end-to-end data encryption. It includes an in-depth examination of the market issues and technology issues related to smart meter security, along with market forecasts for key world regions through 2015.

Key questions addressed:
  • What are the risks to security of smart meters?
  • Which risks have been effectively mitigated and which have not?
  • What are the most promising business opportunities for securing smart meters?
  • What is the likely market size for smart meter security?
  • What are the professional services opportunities for smart meter security?
Who needs this report?
  • Utilities
  • Meter manufacturers and component suppliers
  • Systems integrators
  • Security software vendors
  • Professional services companies
  • Government agencies
  • Investor community

Table of Contents

1. Executive Summary

2. Market Issues

2.2 Smart Meter Background

2.2.1 Current Deployment Status

2.2.2 Market Forecast through 2015

2.2.3 Factors Affecting Adoption of Smart Meters

2.2.4 Smart Meter Networking

2.3 Market Factors Driving Smart Meter Security

3. Technology Issues

3.1 Smart Meters Are a Network Endpoint

3.2 Security Baseline for this Report

3.2.1 ISO27002:2005 as a Basis for Risk Assessment

3.2.2 ISO27002:2005 Control Categories

3.3 Security Risks to Smart Meters

3.3.1 Privacy and Data Protection Risks

3.3.1.1 Personally Identifiable Information Risk

3.3.1.2 HAN Risks

3.3.1.2.1 Ability to identify customers’ property

3.3.1.2.2 Ability to determine presence/absence of occupants

3.3.1.3 Legislative Compliance Risks

3.3.1.4 Risks Insufficiently Addressed —Opportunities

3.3.2 Communications and Operations Risks

3.3.2.1 Endpoint Risks

3.3.2.1.1 Malicious/Unauthorized Code Risks

3.3.2.1.2 Compromise and Spoofing Risks

3.3.2.1.3 HAN/NAN Interface Risks

3.3.2.2 Network Services Risks

3.3.2.2.1 Information in Transit Issues

3.3.2.2.2 Network Availability Risks

3.3.2.2.3 Network Connection Risks

3.3.2.3 New Risks Introduced by AMI

3.3.2.3.1 NAN Risks

3.3.2.4 Systems Operations Risks

3.3.2.4.1 Denial-of-Service Risks

3.3.2.4.2 Central Operations Risks

3.3.2.5 Management Requirements

3.3.2.5.1 Change Management Issues

3.3.2.5.2 Capacity Management Issues

3.3.2.5.3 Monitoring and Logging Issues

3.3.2.6 Risks Insufficiently Addressed — Opportunities

3.3.3 Access Control Risks

3.3.3.1 Identity and Authentication Risks

3.3.3.2 System Access Risks

3.3.3.3 Elevated Privilege Risks

3.3.3.4 Unattended Equipment Risks

3.3.3.5 External Connection Risks

3.3.3.6 New Equipment Access Risks

3.3.3.7 Risks Insufficiently Addressed — Opportunities

3.3.4 Asset Risks

3.3.4.1 Information Asset Risks

3.3.4.2 Physical Asset Risks

3.3.4.3 Intangible Asset Risks

3.3.4.4 Asset Clarification and Handling Issues

3.3.4.5 Risks Insufficiently Addressed —Opportunities

3.3.5 Physical and Environment Risks

3.3.5.1 Physical Access Risks

3.3.5.2 Smart Meter Tampering Risks

3.3.5.3 Smart Meter Service/Replacement Issues

3.3.5.4 Equipment Disposal and Re-Use Risks

3.3.5.5 Electronic Eavesdropping Risks

3.3.5.6 Risks Insufficiently Addressed —Opportunities

3.3.6 Human Resources Risks

3.3.6.1 Social Engineering Risks

3.3.6.2 Third Party/Subcontractor Risks

3.3.6.3 Espionage Risks

3.3.6.4 Employee Separation Risks

3.3.6.5 Security Awareness Risks

3.3.6.6 Risks Insufficiently Addressed —Opportunities

3.3.7 Intellectual Property Risks

3.3.7.1 Information Theft Risks

3.3.7.2 Third Party Intellectual Property Risks

3.3.7.3 Risks Insufficiently Addressed —Opportunities

3.4 Governance and Regulatory Compliance Issues

3.4.1 Security Governance

3.4.1.1 Security Risk Assessment Issues

3.4.1.2 Security Policy Issues for Smart Meters

3.4.1.2.1 Policies Applicable to Distribution Company Employees

3.4.1.2.2 Policies Applicable to Customers

3.4.1.3 Segregation of Duties Issues

3.4.1.4 Security Organizational Issues for Smart Meters

3.4.1.5 Third Party Service Provider Risks

3.4.1.6 Risks and Issues Insufficiently Addressed — Opportunities

3.4.2 Regulatory Compliance

3.4.2.1 Legislation Compliance Risks

3.4.2.2 Multiple Jurisdiction Risks

3.4.2.2.1 Legal Use of Encryption

3.4.2.3 Third-party Assets and Licensing Risks

3.4.2.4 Data Retention Issues

3.4.2.4.1 Proof of Compliance Issues

3.4.2.4.2 Offline and Offsite Data Storage Policies

3.4.2.5 Compliance with Internal Policies

3.4.2.5.1 Penetration Testing Issues

3.4.2.5.2 Audit Issues

3.4.2.6 Risks Insufficiently Addressed —Opportunities

3.4.3 Security Incident Response

3.4.3.1 Security Incident Response Issues

3.4.3.1.1 Readiness Issues

3.4.3.1.2 Reputation Risks

3.4.3.1.3 Cyber Forensics Issues

3.4.3.2 Security Incident Response as a Third Party Managed Service

3.4.4 Business Continuity Management

3.4.4.1 Preparedness Issues

3.4.4.2 Emergency/Recovery Operational Issues

3.4.4.3 Risks Insufficiently Addressed — Opportunities

3.5 Smart Meter Security — Key Opportunities

3.5.1 Top Threats that are Insufficiently Mitigated

3.5.2 Geographic-specific Issues

3.5.3 Unsolved Problems

4. Key Industry Players

4.1 Current Smart Meter Security Providers

4.2 Leading Providers

4.3 Emerging Providers

5. Market Forecasts

5.1 Introductions

5.2 Most Promising Smart Meter Risks to Address

5.2.1 Global Smart Meter Security Revenue Forecast, 2010-2015

5.2.2 Smart Meter Revenue Forecasts by Region, 2010-2015

5.2.2.1 North America

5.2.2.2 Latin America

5.2.2.3 Europe

5.2.2.4 Asia Pacific

5.2.2.5 Middle East and Africa

5.2.3 Timing Factors in the Forecasts

5.3 Government Subsidies and Initiatives

5.4 Summary of Smart Meter Security Consulting Opportunities

6. Company Directory

7. Acronym and Abbreviation List

8. Table of Contents

9. Table of Charts and Figures

10. Scope of Study, Sources and Methodology, Notes

List of Charts and Figures

  • Smart Meter Security Revenue, World Markets: 2010-2015
  • Smart Meter Installed Base by Region, World Markets: 2008-2015
  • Basic and Advanced Smart Meter Revenue and ASPs, World Markets: 2008-2015
  • Smart Meter Security Revenue, World Markets: 2010-2015
  • Smart Meter Security Revenue by Region, World Markets: 2010-2015
  • Smart Meter Security Revenue, North America: 2010-2015
  • Smart Meter Security Revenue, Latin America: 2010-2015
  • Smart Meter Security Revenue, Europe: 2010-2015
  • Smart Meter Security Revenue, Asia Pacific: 2010-2015
  • Smart Meter Security Revenue, Middle East and Africa: 2010-2015

List of Tables

  • Distribution of Smart Meter Security Revenues by Category, World Markets: 2010-2015
  • Smart Meter Security Revenues by Category, World Markets: 2010-2015
  • Average Security Revenue per Smart Meter by Category, World Markets: 2010-2015
  • Smart Meter Security Revenues by Category, North America: 2010-2015
  • Average Security Revenue per Smart Meter by Category, North America: 2010-2015
  • Smart Meter Security Revenues by Category, Latin America: 2010-2015
  • Average Security Revenue per Smart Meter by Category, Latin America: 2010-2015
  • Smart Meter Security Revenues by Category, Europe: 2010-2015
  • Average Security Revenue per Smart Meter by Category, Europe: 2010-2015
  • Smart Meter Security Revenues by Category, Asia Pacific: 2010-2015
  • Average Security Revenue per Smart Meter by Category, Asia Pacific: 2010-2015
  • Smart Meter Security Revenues by Category, Middle East and Africa: 2010-2015
  • Average Security Revenue per Smart Meter by Category, Middle East and Africa: 2010-2015
  • Smart Meter Security Revenue by Category, World Markets: 2010-2015
  • Average Security Revenue per Smart Meter by Category, Middle East and Africa: 2010-2015
  • Advanced Metering Infrastructure Revenue by Region, World Markets: 2011-2015
  • Smart Meter Security Revenue as a Percentage of AMI Revenue by Region, World Markets: 2011-2015
  • Smart Meter Security Revenue by Region, World Markets: 2011-2015
  • Smart Meter Installed Base by Region, World Markets: 2011-2015

Posted in Research, Smart Grid, Smart Grid Security, Smart Meters

Downloads

Register or Login to download free sample content.


{"userID":"","pageName":"Smart Meter Security","path":"\/research\/smart-meter-security","date":"5\/21\/2012"}