The benefits of Advanced Metering Infrastructure (AMI) are undeniable, as it leverages technologies like smart meters to provide real-time, or near real-time, two-way communication of information and energy levels between utility companies and Internet of Things (IoT) devices. This provides a more transparent snapshot of an energy grid. Cybersecurity challenges in smart grids are a prevalent threat to the governments and privately-owned organizations replacing traditional energy infrastructure.
Without a robust security apparatus, criminals can carry out attacks, such as False Data Injection Attacks (FDIAs), botnets, Distributed Denial of Service (DDoS), and remote hijacking. However, according to a recent survey from Thales, 55% of security professionals at critical infrastrcture organizations worldwide say malware is the reason for more cyberattacks. So, what kind of solutions are available in the smart grid sector? Which market drivers are the most influential? And how are different regional markets responding?
Five focus areas that vendors provide security solutions for smart grids are identity issuance, identity management, secure Firmware Over-the-Air (FOTA), traffic monitoring, and Hardware Security Modules (HSMs).
Identity Issuance: Unlike a lot of other modern devices, smart meters don’t need a Trusted Platform Module (TPM) or Trusted Execution Environment (TEE) and keys can be stored in a System-on-Chip (SoC), secure Integrated Circuit (IC), Secure Element (SE), or FLASH memory. It’s recommended to issue digital certificates and encryption keys during the manufacturing stage to bolster trustworthiness when addressing smart grid security vulnerabilities. A digital certificate is needed to enable nearly all security functions for connected devices.
Government regulation is possibly the most influential factor for cybersecurity implementation in a smart grid. For example, European governments are more involved in infrastructure security than any other part of the world, so Europe is also home to the most advanced digital infrastructure and device management operations. The European Committee for Electrotechnical Standardization plays a large governing role in the region.
On one hand, regulation forces grid operators and manufacturers to solve the challenge of following strict cybersecurity guidelines and making significant pivots when it comes to security, such as manufacturing specifications, supply chain visibility, and device onboarding, among other things. On the upside, industry players have a strong foundation on which to base all their developments in a scalable and sustainable manner.
In the United States, the Federal Energy Regulatory Commission (FERC) supports the North American Electric Reliability Corporation (NERC) to evaluate grid security issues and help prevent further occurrences in the future. Other regions have their own governing bodies, such as the Ministry of Power in India, to protect the security, integrity, and reliability of their energy grids.
As utilities push further toward digitization, this presents a greater cybersecurity challenge because adding more connected devices to a smart grid also brings more options for hackers to choose from. In response, utilities are investing more in device identity management solutions from Public Key Infrastructure (PKI) providers and Certificate Authorities (CAs), such as Device Authority, GlobalSign, and DigiCert. However, on-premises management solutions like an HSM will be the most common deployment among electricity utilities, as they provide greater control via a headend server with other cloud-based services (Azure or Amazon Web Services (AWS)).
ABI Research forecasts an astounding 60.4% Compound Annual Growth Rate (CAGR) until 2027 in the smart electricity meter cybersecurity market. It should be noted that in regions where communication infrastructure is underdeveloped, the government is soft on regulation, and where customers are not as concerned about privacy, purchasing levels of smart meter security will remain comparatively low.
Smart grids are not a brand new concept, and neither are cyberattacks, which is why it’s surprising that the act of addressing cybersecurity challenges hasn’t been more robust until now. But the energy sector is poised to become a lot more secure as investment in IoT security solutions increases at explosive rates and government regulation forces the hands of utilities, vendors, and service providers. Places where government budgets are highest, such as the United States and Western Europe, will be where the greatest spending will be made in smart meter security.
These findings are from ABI Research’s IoT Security Services in Electricity Utilities application analysis report. This report is part of the company’s IoT Cybersecurity Research Service, which includes research, data, and ABI Insights. Based on extensive primary interviews, application analysis reports present in-depth analysis on key market trends and factors for a specific application, which could focus on an individual market or geography.