Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Abstract<br />
Smart meters enable utility companies to automatically readout <strong>metering</strong> data and to give<br />
consumers insight in their energy usage, which should lead to a reduction <strong>of</strong> energy usage. To<br />
regulate <strong>smart</strong> meter functionality the <strong>Dutch</strong> government commissioned the NEN to create<br />
a <strong>Dutch</strong> standard for <strong>smart</strong> meters which resulted in the NTA-8130 specification. Currently<br />
the <strong>Dutch</strong> grid operators are experimenting with <strong>smart</strong> meters in various pilot projects. In<br />
this project we have analyzed the current <strong>smart</strong> meter implementations and the NTA using<br />
an abstract model based on the the CIA-triad (Confidentiality, Integrity and Availability). It<br />
is important that no information can be attained by unauthorised parties, that <strong>smart</strong> meters<br />
cannot be tampered with and that suppliers get correct <strong>metering</strong> data.<br />
We conclude that the NTA is not specific enough about the security requirements <strong>of</strong> <strong>smart</strong><br />
meters, which leaves this open for interpretation by manufacturers and grid operators. Suppliers<br />
do not take the privacy aspect <strong>of</strong> the consumer data seriously. Customers can only<br />
get their usage information through poorly secured websites. The communication channel for<br />
local meter configuration is not secured sufficiently: consumers might even be able to reconfigure<br />
their own meters. Also, the communication channels that are used between the <strong>smart</strong><br />
meter and gas or water meter are <strong>of</strong>ten not sufficiently protected against data manipulation.<br />
It is important that communication at all stages, starting from the configuration <strong>of</strong> the<br />
meter to the back-end <strong>systems</strong> and websites, is encrypted using proven technologies and<br />
protected by proper authentication mechanisms.<br />
2