Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.4 Port P3 4 PRACTICAL ANALYSIS<br />
(a) Connections (b) WebRTU<br />
Figure 12: EnergyICT WebRTU Z1 installed in a test lab at Delta grid operator<br />
Delta engineer. Furthermore readout <strong>of</strong> <strong>metering</strong> data through this web interface is not protected<br />
by a password or any other security measure as can be seen in figure 13. This leads to a serious<br />
confidentiality issue.<br />
Figure 13: WebRTU web interface accessible from the public Internet<br />
According to new information received from a Delta project manager after reviewing this document,<br />
the WebRTU <strong>systems</strong> which are installed at employees are configured to only allow connections<br />
from the IP-address <strong>of</strong> a central server. This was not the case in the setup we have seen<br />
at the Delta test lab and does not seem to be a configuration option in the WebRTU itself. This<br />
could be accomplished by firewall rules in the cable modem, but we were unable to verify this.<br />
Also, it is important to note that access to the WebRTU settings does require a valid username<br />
and password.<br />
30