“Smart” Doesn’t Mean “Secure”
Prior to 1975, there was no such thing as a smart home. Prior to 1985, all radio systems were analog. Prior to 1990, all phone systems were analog. Prior to 1974, all utility metering was analog. But all of that has changed; we now live in a digital world. 1’s and 0’s “run” our lives, and picking up an analog landline phone (POTS) is virtually a thing of the past. The new “hotness” is smart everything. Smart cars, smart phones, smart TVs, smart homes, and now smart grids.
The human race is relying on “smart” technology in our everyday lives. What makes a technology “smart?” The difference between older analog systems and their modern digital versions is that smart systems utilize a two-way communications channel between the end-user and the system. This two-way communication, combined with multiple controls, automation, and equipment integrated together, create a mesh network that allows the system to respond to rapidly changing demand. However, just because something is said to be smart, does not equate to being secure.
Many Smart Grid Benefits Also Come With Caution Flags
Smart grid technologies allow energy to flow more efficiently and reliably, speed up restoration after outages, reduce operations management, reduce environmental impact, as well as enhance services to utility providers and the end user. Imagine being able to check your energy and utility usages online just like you check your bank account. Smart grid technology can enhance all of our lives but it has to do so in a safe and secure fashion. Enter smart metering.
There are several big benefits to implementing smart meters:
- They expand older analog meter functionality for more accurate reading and data capture.
- Bring management of utilities into the 21st century by enabling cost and energy savings for both end users and utility companies.
- Allow the end user more control and understanding of how and where their resources are being utilized.
Despite the benefits, however, there is one area that cannot be overlooked: security. Smart systems simplify our lives, but if those systems are not secured, all of that sensitive usage data could be hijacked.
Securing the Smart Grid System With Encryption Key Management
There are two areas of security that should be considered: data-at-rest (the data that is stored on the meter) and data-in-motion (the data that is transmitted to/from the meter to the utility company). In order to secure the data-at-rest, encrypting the data would be the obvious choice. When looking at securing the data-in-motion, using encrypted communications channels would be the other obvious choice.
Let’s say there is a man-in-the-middle attack that occurs. If the breached data and communications channels were encrypted, the offending player would simply see gibberish. Use of these techniques is common practice; no utility company wants to be compromised. In the same vein, no customer would like their utility usage to become known. With that data, a malicious person could track comings-and-goings, what sort of devices are inside the home, what security systems are implemented, etc. With millions of these meters are deployed worldwide, the problem is not just securing the meters. The real problem is how do you manage these millions of encryption keys securing the meters?
Download Infographic: “Smart Metering’s Looming Encryption Surge”
Fornetix has an answer: Key Orchestration. The Fornetix Key Orchestration appliance can keep track of which keys are associated to which meters, how long those keys have been deployed, when those keys are set to expire, and rotate those keys at a moment’s notice. It’s automatic management of the entire key lifecycle. When paired with an HSM, the Key Orchestration appliance is validated up to FIPS 140-2 Level 3. In addition to all of these features, a single appliance can manage hundreds of millions of keys within the view of a single, easy-to-use user interface.
Watch a recording of our smart metering webcast to learn how security standards organizations in Europe and the US are working to make sure that smart meters and the Smart Grid System are secure now and into the future.