Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
5.1 Future research 5 RECOMMENDATIONS<br />
Use SSL and strong passwords for websites None <strong>of</strong> the websites we have seen that enable<br />
customers to check their usage data are protected sufficiently. Suppliers should at least use<br />
a secure connection and strong passwords to secure these websites. Properties such as zip<br />
codes and customer numbers are easily traceable and should not be considered as sufficient<br />
authentication credentials.<br />
Perform data checks to verify correctness <strong>of</strong> data During our practical research we have<br />
discussed a number <strong>of</strong> attacks that could be used to alter <strong>metering</strong> data. Metering companies<br />
should perform checks on <strong>metering</strong> data to verify whether the data received is feasible when<br />
normal usage patterns <strong>of</strong> the customer are taken into account. This would be an important<br />
measure to detect anomalies and fraud.<br />
5.1 Future research<br />
Due to the lack <strong>of</strong> tight cooperation with a grid operator or supplier <strong>of</strong> <strong>metering</strong> equipment only<br />
very limited practical research was possible during this project. Instead we focused on a more<br />
high level overview <strong>of</strong> the different security aspects <strong>of</strong> <strong>smart</strong> <strong>metering</strong> <strong>systems</strong>.<br />
More research is needed to gain insight to the security risks <strong>of</strong> P0 management ports on <strong>smart</strong><br />
<strong>metering</strong> <strong>systems</strong>. Because P1 is not implemented yet, the security <strong>of</strong> implementations <strong>of</strong> such<br />
devices should be analyzed when they become available. The security <strong>of</strong> P2 wireless connections<br />
between electricity and gas or water meters is unclear and requires further <strong>analysis</strong>. The connection<br />
between the <strong>metering</strong> <strong>systems</strong> and the grid operator (P3) also requires additional research, but<br />
cooperation from grid operators and manufacturers will be required to perform a detailed <strong>analysis</strong>.<br />
Before the large scale implementation <strong>of</strong> <strong>smart</strong> <strong>metering</strong> <strong>systems</strong> takes place, grid operators and<br />
suppliers should conduct research into the security <strong>of</strong> their <strong>systems</strong>. Because no <strong>smart</strong> meter<br />
solution will be exactly the same, every solution will require its own security <strong>analysis</strong>. The same<br />
applies to the CAS, P4 connected <strong>systems</strong> and supplier’s websites.<br />
Finally, <strong>smart</strong> <strong>metering</strong> is still in a pilot phase. The <strong>Dutch</strong> government has not yet voted and<br />
accepted the change in law concerning <strong>smart</strong> meters. Grid operators are testing new technologies<br />
and the manufacturers are making their meters NTA compliant. Because <strong>of</strong> the missing specifics<br />
in the NTA the larger <strong>Dutch</strong> grid operators have united and are working on more specific <strong>smart</strong><br />
meter requirements, referred to as the <strong>Dutch</strong> Smart Meter Requirements (DSRM) [39]. These<br />
requirements should be analyzed during future research.<br />
46