Featured Image: Sam Breach via Flickr (CC BY-NC-ND 2.0)
The European Network for Cyber Security (ENCS) has completed the security assessment of the smart meters installed in The Netherlands. The evaluation lasted seven months and was carried out in partnership with Netbeheer Nederland (NBNL), the national association of Dutch energy grid operators.
The roll-out of the first smart meters in The Netherlands started in 2012, with 1,5 million Dutch households using one by now. The number of smart gas and electricity meters is predicted to exceed eight million by 2020. Both the grid operators and the consumers have high hopes for this technology because it promises more accurate insights into the energy use, as well as flexible energy tariffs. However, privacy concerns are mounting over how well the smart meters and the associated data are protected. In an unfortunate scenario of a security breach, consumers and grid operators might have to deal with financial fraud, grid instability and personal information misuse.
To address this issue and investigate the security of the smart meters already installed in the country, NBNL approached ENCS, the non-profit member organization whose core focus centers around evaluating and solving the cyber security challenges in the development and operation of energy grids and other critical infrastructure in Europe.
Following the request from NBNL, ENCS has inspected a cross-section of various electricity and gas meters at its security testing lab in The Hague. The selected cross-section was representative of the systems installed in the Dutch households up till now. The three-step assessment included functional security, robustness and penetration tests.
Michael John, Director of Consulting Services at ENCS, explained: “Functional security is about identifying whether the general security configuration of the device is in good shape and represents best practice. Robustness is about seeing how stable that security is, how well it’s implemented. Finally, an experienced security evaluator assesses how easy it is to penetrate and exploit the system using the defects discovered in the first two stages. It’s very thorough.”
Boas Bierings (NBNL) also told NRG Magazine that similar security assessments can be expected to continue in 2016 until the whole installed base is covered.
If you are interested in smart meters and cyber security, read our interview with Dr. Hassan Farhangi.