In 2015, the most recent year for which data is available, U.S. electric utilities installed about 64.7 million advanced (smart) metering infrastructure (AMI) units, according to the U.S. Energy Information Administration. A 2016 report from the Edison Foundation, a utility-funded think tank, states there will be 90 million smart meters in the U.S. by 2020.
All of those smart meters produce a great deal of data about customers and their energy usage. As smart meter adoption jumps and concerns increase about cyberattacks against energy and utility companies, utility firms face a daunting challenge of protecting all of that data.
At the heart of that effort is a data security approach using encryption that utilities can take to protect and verify the transmission of customer data. Secure transmission of smart meter data can help utilities (and customers) save energy and money and make smart electricity grids more efficient. Some utilities are taking proactive steps to protect sensitive data.
Illinois Moves to Protect Customers Smart Grid Data
In late July, as Utility Dive reports, the Illinois Commerce Commission (ICC) finalized an “Open Data Access Framework,” which the Environmental Defense Fund (EDF) and the Citizens Utility Board developed together for nearly three years.
Utility companies Ameren and Commonwealth Edison will need to consider the framework as they design new data services based around AMI.
The framework states that all of the utilities’ AMI plans “shall secure the privacy of personal information and establish the right of consumers to consent to the disclosure of personal energy information to third parties through electronic, web-based, and other means in accordance with State and federal law and regulations regarding consumer privacy and protection of consumer data.”
Further, utilities, their contractors or agents, and any third party that accesses customers’ personal information by virtue of working on smart grid technologies “shall not disclose such personal information to be used in mailing lists or to be used for other commercial purposes not reasonably related to the conduct of the utility’s business,” the framework says.
“Personal information” in this context, the ICC says, “consists of the customer’s name, address, telephone number, and other personally identifying information, as well as information about the customer's electric usage.”
“The U.S. now has unprecedented amounts of energy-use data, but few standards for collecting, protecting, and sharing that information,” the EDF states in a fact sheet.
The EDF argues that the framework’s rules “clarify the type of electricity data customers and authorized third parties have access to and how the data should be delivered.” The framework, EDF says, “makes it possible for innovators to create new tools and services that cut electricity bills and harmful pollution, without sacrificing security.” The group also says that “by ensuring data is handled in a uniform, secure manner — and giving people the choice of whether or not to share their information with third party companies — the framework protects individuals’ privacy.”
Securing Smart Meter Data Transmissions
Utilities highlight the importance of protecting smart meter data when they sell the public on adopting connected meters. For example, Duke Energy recently announced plans to roll out smart meters in northern Kentucky.
In addition to emphasizing that smart meters can deliver usage alerts and notify the utility faster during a power outage (leading to faster response times and restoration of service), Duke also highlights data security.
“The information coming from our smart meters is encrypted and protected from the moment it is collected until the moment it is purged,” the company says in a press release.
Sujeet Shenoi, a computer science professor at the University of Tulsa who specializes in cybersecurity, told the Houston Chronicle recently that while smart meters save utilities time and money because they do not have to send out crews to read meters, the technology also gives malicious actors new devices to attack.
So what can utilities do to protect their smart meters and the customer data they send? Ronald Hermans, a product manager for Connexo Insight & Alliances at Honeywell Smart Energy, says in a post for Connexo that utilities must take a holistic approach to security. Connexo is Honeywell’s next-generation smart grid software suite.
That, he says, involves ensuring that information cannot be retrieved or read by unauthorized parties and making sure that the sender and the recipient of information are who they are supposed to be.
“This can be translated back to smart meters; for example, they need to be sure that when a breaker command is sent to a meter, it is being sent by an authorized sender,” he says. “Also, they need to be sure that the metering data that’s retrieved, is not altered to reduce or increase the bill, or in the case of sub-station monitoring, data alteration to create a system or market imbalance.”
At the heart of this, Hermans says, is encryption keys utilities must use to verify identity and authenticity and protect the confidentiality of smart meter data. “Keys can be shared or be private/public, and they can have specific purposes such as key generation, authentication, encryption, storage, etc.,” he notes.
Shared keys, Hermans says, are used in symmetric security and its cryptographic algorithms, while private/public keys with certificates are used in asymmetric security and its algorithms to generate keys or support digital signing.
According to Hermans, Honeywell has teamed up with Worldline to provide a comprehensive, end-to-end security solution for smart meters and their connections to utilities. The solution allows utilities to use and manage encryption keys and certificates “in a performant and scalable manner.”
The solution spans the complete lifecycle of typical utility components, such as meters, data concentrators and back-end systems, he notes, and it covers all processes involved, from manufacturer to utility to customer.