min reading time
The global market for Smart Meters, estimated at US$10.5 billion in 2020, is predicted to grow at a CAGR of 6.7 percent, reaching US$15.2 billion by 2026. Based on the latest available data, U.S. electric utilities have about 102.9 million smart meter device (AMI) installations while 26.4 million homes and small businesses are equipped with smart and advanced meters in Great Britain.
Smart metering solutions are developing and growing drastically, which brings many advantages to both the utility company and the consumer. However, parallel to this trend, the exposure of devices and systems to cybercrime is also increasing. A potential hacker attack on a smart metering device not only endangers the user's personal data but can even harm the critical infrastructure of a city or region.
In our article below
Smart meters (also known as Advanced Metering Infrastructure (AMI) or Intelligent Measurement System/Device (IMS/IMD)), are essential components of smart grid infrastructure systems. The functional design allows an automatic two-way communication between a smart meter and a utility provider. Smart metering solutions strive to provide an advanced way of monitoring power consumption as well as a more transparent and effective invoicing mechanism.
Smart meters provide numerous advantages for both the utility provider and the user side but their downside must also be considered: each connected device to a network or the Internet is another possible target for cybercriminals searching for vulnerabilities to enter, manipulate or attack the systems to which the devices are connected.
Learn more about smart metering devices in our previous article.
Due to the complexity of the smart metering solution system, the sources of vulnerabilities can vary in the firmware, hardware architecture, system applications, as well as network interface. Although professionals do their best to ensure safety while developing and designing a smart metering system, security gaps can occur at any level in the process.
These security concerns must be addressed to boost customer confidence and enable the widest possible adoption and success of smart metering solutions. One of the most effective ways to prevent cybercrime in smart metering currently is to get the devices comply with recent cybersecurity measures.
There are several international cybersecurity measures in place for different markets and smart metering solutions, but their general goals are the same:
As mentioned above, there are several international standards in place for the cybersecurity of smart meters. In this article, we provide a deeper insight into the Swiss METAS Data Security for Smart Metering and its certification process.
Switzerland is at the forefront of making smart meters safer. Based on the regulations introduced in 2019 all smart metering systems in Switzerland must be METAS certified (METAS Zertifizierung) based on the so-called “Prüfmetodologie zur Durchführung der Datensicherheitsprüfung für Smart Metering Komponenten in der Schweiz” published by SWISSMIG (Smart Grid Industrie Schweiz).
METAS-Cert is a Swiss-designated and EU-recognized organization for smart metering device conformity evaluation. METAS-Cert performs conformity evaluations on behalf of the smart meters’ manufacturers to place goods on the market. Manufacturers, on the other hand, have to contract an independent and Common Criteria (ISO/IEC 15408) accredited Testing Laboratory , to conduct a security evaluation and penetration testing of the complete IMS (intelligent measurement system) using a defined test methodology.
Since 2019 CCLab has become one of the leading accredited Laboratories in cybersecurity evaluations of smart metering solutions for the Energy Industry. Our agile evaluation methodology in international project is based on Common Criteria and in Switzerland it it strictly adheres to the most recent version of the above-mentioned Test Methodology for Execution of Data Security Evaluation of Swiss Smart Metering Components issued by SWISSMIG for METAS DS certification.
We are proud that the majority of the METAS-certified smart metering products have been tested by our experts at CCLab.
Since the beginning CCLab has been active in developing procedures and security functions while assisting the SWISSMIG community, thus we gained a deep experience in delivering smart meter security evaluations and METAS certifications quickly and professionally.
CCLab can provide you with a number of services to conform and comply with the desired standards and security levels. We have pre-evaluated and certified numerous Head-End-Systems, Gateways, Data Concentrators and Smart Meters (IMDs). Our experienced professionals will guide you through the entire smart metering certification process:
The evaluation process of a smart meter device is quite complex, here we can provide only a small insight into the most important steps:
Communication with METAS before starting the evaluation project: In this step, you have to fill out the application form for METAS, obtain a case number for each component, and fill out all relevant documents and send them to METAS.
Communication with the Test Laboratory during the evaluation: The process starts with a kickoff meeting and continues with regular status meetings. At CCLab we separate the process into 2 phases: first comes the document evaluation (Prüfmethodologie [PM] sec. 5.1-5.5.) and then the vulnerability analysis ([PM] sec. 5.6).
During this step, the following documents get evaluated:
The outcome of the document evaluation process is the first part of the so called, ETR (Evaluation Technical Report).
Once the Document Evaluation process is completed successfully, the vulnerability analysis takes place. The tested devices must be set by the Manufacturer in accordance with Prüfmethodologie/Anhang 1 and the requirements of the document(s) mentioned in sections 2.1 and 3.1. At the end of this process, the complete ETR with its Annexeswill be issued.
At this step, the Confidential Manufacturer documents and the ETR (Evaluation Technical Report with its Annexes) issued by the Test Laboratory must be sent to METAS via a secure channel. After that, if necessary, based on METAS feedback, the Manufacturer and the Test Laboratory complete the modifications.
Finally, as the last step of the project, first a draft and then a final certification will be issued by METAS.
At CCLab we provide simple solutions to solve complex security challenges. Our agile approach and comprehensive experience make us different. If you are looking for a reliable companion to get your smart metering device safer and certified, ask for a free consultation. Our experts will be happy to answer all your questions.
Cybersecurity professionals have been alarming the healthcare industry about the threat of exploitation of smart healthcare devices and the doctors’ over-dependence on them until sadly, their warnings became reality, and a person lost her life in a ransomware attack in a German hospital last year.
min reading time
Did you know that in the first half of 2021, 33.8% of Industrial Control Systems’ (ICS) computers were attacked, which is 0.4% points (p.p.) higher than in H2 2020? This means that only in the first 6 months of last year, over one-third of ICSs suffered some kind of cyber attack in the world.
min reading time