Han Dong, Senior Product Marketing Manager, User Authentication
I came across a recent Associated Press article by Jordan Robertson, concerning "Smart" utility meters and their security holes. In this article, Robertson talks about the "aggressive roll out of new [Smart] meters" by utility companies in the U.S. Smart meters are a new type of enhanced utility meter, designed to measure natural gas or electricity usage in a more sophisticated manner. Essentially Smart meters (versus old-fashioned "dumb" meters) can measure not just the volume of utility used, but also when (peak vs. non-peak usage in real-time) those utilities are consumed. The benefit here is that utility companies can better plan resources required at any given time/day/season to deliver those utilities, and consumers can enjoy discounted/variable rates for utilities consumed (higher prices during peak times and lower prices during non-peak times). Add the fact that Smart meters can communicate over wired/wireless networks and now utility meter readers can also more efficiently capture/record data from these Smart meters, especially in rural areas.
The issue at hand is that while these new Smart meters do present a number of benefits, the 'cost' is the issue of potential security holes, given the programmability and network-connected aspects of these new meters. While today it may be true that Smart meters are vulnerable to a variety of attacks, there are quite a few simple steps that can be taken both by the meter vendors and the utility companies to ensure the security of the power grid and consumers' utility information.
The Wireless industry has to a large extent addressed this problem, and so has the cable industry. The use of standards based authentication and excryption technology in ALL components, both at the consumer portion (Smart meter) of the power network and the distribution portion of the power grid, will not only enhance the security of the smart grid but will also foster interoperability. In fact, the National Institute of Standards and Technology (NIST) is working on a set of security standards that can be applied to the Smart Grid and participants from all segments of the power industry. Looking to some of the pioneers in this space, most notably the WiMAX and the Cable industry, several ecosystems have deployed PKI-based digital certificate and Smart card solutions to ensure the security of the network and a variety of distributed, connected devices in a scalable and trusted manner. Deployment of similar security mechanisms as part of the Smart Grid and Smart meters will go a long way in ensuring the trust worthiness of the network, its manageability, and audit ability.
So for Smart meter vendors and utility providers concerned about security of the grid - look to VeriSign to help solve your security concerns. No need to reinvent the wheel.