Enabling simple and secure smart metering deployments


The smart metering industry is growing rapidly. It’s an expansion driven in part by governmental regulation, but also underpinned by the broader global rise in IoT and M2M deployments. Across all vertical segments, Juniper Research predicts there will be 46 billion connected devices by 2021.

This growth promises great opportunity for the utilities sector, as we move towards an era of renewable energy, cleaner industry and smart cities. Utility providers and device manufacturers, however, must also now contend with unprecedented security and logistical issues.

This article explores some of the challenges faced in the secure deployment of smart meters and, importantly, introduces an established solution which is already delivering enhanced security and significantly reducing complexity for smart metering deployments across the world.

Security challenges of smart meter deployments:

The lack of IoT security is well-documented.

But still the majority of connected devices offer no security for data storage and communication exchanges. Nor can they ensure software or firmware integrity, and most offer insufficient protection from cyber-attacks. This is a global crisis waiting to happen.

The fact that smart meters require advanced security cannot be overstated.

Utility networks are critical infrastructure; disruption can result in significant political, economic and social disorder. With the increasing connectivity of utility networks presenting an expanded threat-landscape, smart meters are becoming increasingly high-value targets for cyber-attackers.

There are numerous ways in which attackers can make illegal gains from smart meters with inadequate security. These devices are vulnerable to being tampered with by dishonest third parties seeking to profit from energy theft. In addition, power consumption data which is stored on or transmitted by smart meters could make it possible for unauthorised entities to identify or anticipate the behaviours of individual households, unless the data is properly protected and encrypted.

This exposes the household to the risk of malicious intent (e.g. burglary) if the data falls into the wrong hands. If the authenticity and integrity of the firmware/ software is not assured, a hacker could manipulate readings and outputs for fraudulent purposes. The list goes on.

Beyond the threat posed to individual meters and associated data, there is the serious prospect of poorly protected smart meters allowing attackers an entry point to the wider network. While the data or device may be of relatively little interest to the attacker, there is an opportunity to cause major disruption to utility supplies and/or the underlying connectivity network.

Logistical challenges of smart meter deployments

While ensuring advanced security, utility providers and device manufacturers must also account for the unique logistical requirements posed by mass smart metering deployments.

The nature of smart metering means devices are widely distributed and often inaccessible, and can remain in the field for 10-15 years. Without an effective remote management solution, utility providers will be required to activate and maintain their smart meters via expensive and complex site visits, which can cost between €25 and €80 a time. When extrapolated across an installed base of millions of devices, this represents a significant cost-burden for utility providers. Indeed, high installation and ongoing management costs have been identified as a key factor that could temper the growth of the smart metering market.

There also various design considerations.

As devices get smaller, there is a need for smart meters, particularly those for residential use, to follow trend. Conversely, some smart meters must be sufficiently robust to withstand extreme physical conditions and have the ability to safely operate in hazardous environments, such as where inflammable materials and gases are present.

The eUICC: a proven solution

While UICCs, also known as SIMs, are most commonly associated with mobile phone connectivity, the embedded UICC (also known as the eUICC or eSIM) is already being deployed in – and delivering security and logistical benefits to – smart metering deployments in various global markets.

Cellular connectivity offers several distinct benefits for utility companies.

These include broad reach across most inhabited areas, lower infrastructure costs, reduced installation costs and quick implementation times. When compared to other wireless technologies, cellular networks offer higher bandwidth and a consistent, universal approach thanks to the UICC/eUICC authentication. Importantly, the security of cellular networks has been proven over decades. A particular feature of their success has been device and network authentication, which ensures that only authorised devices are connected. This offers lower costs and reduces the risk of security breaches.

An eUICC refers to an embedded Universal Integrated Circuit Card (UICC) which is capable of hosting multiple network connectivity profiles (as defined by GSMA, an industry association representing mobile network operators). It supports secure over-the-air (OTA) remote SIM provisioning as well as updates to the operating system (OS), keys, application and connectivity parameters, according to GSMA and GlobalPlatform (a non-profit industry association driven by over 100 member companies) Specifications.

So, how are the features and functionality of the eUICC being effectively leveraged to enable simple and secure smart metering deployments?

The eUICC is built on the UICC platform, which is the most widely distributed and secure application delivery platform in the world. It is certifiable and specified by the GSMA. The eUICC is a tamperproof physical hardware SIM product with its own isolated processing power and data storage. The eUICC can either be soldered to the device or removed and it securely executes sensitive services. Conforming to Common Criteria Evaluation Assurance Level (CC EAL) 4+, it offers the highest level of security assurance available.

The inherent security of the eUICC is coupled with the significant advantages associated with OTA remote provisioning and management. As the mobile network operator profiles, software/firmware, and application updates and upgrades required over the course of a device’s lifetime can be managed remotely, both current and future security can be ensured. From a logistical standpoint, it also removes the need for costly and time-consuming site visits.

The design of the eUICC also brings advantages. It is much smaller than traditional SIM cards, making it better suited for mass volume deployments. As it can be embedded (coupled with the ability to be managed remotely), smart metering devices can be sealed, waterproofed and ruggedised. Soldered form factors are also safer to use in hazardous environments due to the absence of physical connectors.

Delivering enhanced security and reduced complexity

As utility providers and device manufacturers look to address the challenges posed by smart metering, the eUICC should be considered as a proven, highly secure solution which is available for immediate deployment. Indeed, smart metering is just one of many use cases within the utilities sector which can benefit from the eUICC.

Other examples include demand response, utilities data management and distributed utilities resource management.

A more detailed look at the value that eUICC technology can bring to smart metering deployments can be found in the SIMalliance eUICC smart metering eBook, which can be downloaded via http://simalliance.org/ebooks/ MI

About the author

Remy Cricco is chairman of the SIMalliance board. He also holds the role of director of technical marketing and standardization, Telecom at IDEMIA.

About SImalliance (Security, identity, mobility)

SIMalliance is the global, non-profit industry association which advocates the protection of sensitive connected and mobile services to drive their creation, deployment and remote management across multiple industries and use cases, including IoT.

The organisation promotes the essential role of a tamper resistant secure hardware component in delivering secure applications and services across all devices that can access wireless networks. SIMalliance facilitates and accelerates delivery of secure connected services globally.

For more information visit www.simalliance.org