Are New Smart Grid Initiatives Secure?
November 1, 2011
By Jack Walsh

Throughout the world, electric utilities are developing and implementing Smart Grid initiatives.   Here in the United States, the Advanced Metering Infrastructure (AMI), a subset of the Smart Grid, is already being rolled out in many areas.  In northern California, for example, the utility PG&E has been rolling out smart meters to 9 million household customers.   

Comprised of smart meters and other devices that are capable of two-way communication between utilities and our homes and offices, AMI devices allow consumers and utilities to regulate their electricity usage and even control load.  My primary question is: shouldn’t the security of these components be carefully evaluated before being deployed?  Will all this two-way communication compromise privacy or lead to a denial of service at the worst possible time either for one or many consumers? 

Unless there are fully developed standards that specify what security functions should be evaluated in AMI components, AMI component security evaluations are going to vary widely in terms of breadth and depth of testing.  Groups like the NIST Smart Grid Interoperability Panel and other organizations such as the OpenSG AMI-SEC Task Force are poised to make strides in this area and ICSA Labs works with them whenever possible.   

Having tested security products for more than 20 years, we at ICSA Labs believe we have a pretty good idea where to start when it comes to testing AMI components.  With that in mind, my colleague, Darren Hartman, has written this short whitepaper, “Smart Grid: AMI Component Security,” describing the essential security mechanisms of AMI components that need to be evaluated to better verify that they have been implemented properly.   

Let us know what you think.



Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.