Combatting fraud and theft in the smart grid


The problem and its impact

Power theft in the smart grid is the menace of electric utilities from rural cooperatives to large investor-owned and municipal providers.

As early as 1899, the Association of Edison Illuminating Companies addressed the problem of tampering with screws that adjusted meter damping magnets. Over 36 years ago in 1984, the New York Times published an article citing ConEd and the potential of “1% of power customers of stealing services.”

According to estimates, theft and fraud of electricity costs the industry as much as $96 billion every year globally, with as much as $6 billion every year in the United States alone. This not only results in higher prices for paying customers and costly government subsidies but is also a public safety crisis in some countries with dangerous illegal power connections. In some countries, high non-technical losses threaten the financial sustainability of the energy utilities, with double-digit % energy losses through theft and fraud being estimated.

Read more:
Energy theft and fraud reduction

The financial losses, also known as non-technical losses, include metering inaccuracy, non-payment, billing and rate class errors, and simple to complex energy theft. Traditionally, the two dominant components of non-technical losses are non-payment and energy theft, and these are still relevant with smart grids. With increased intelligence in the new smart grids, there is now an opportunity for a more “systematic” approach to energy theft, in the form of billing record tampering, resulting from a cyber-attack.

Until recently, there were few effective solutions for these problems. Labour-intensive premise inspections and account auditing often cost more than the actual value of the losses and enforcement is always challenging.

Bringing it up to date

Modern AMI (Advanced Metering Infrastructure) solutions offer mechanisms to identify attempted and actual fraud and theft through increased intelligence. At the same time, this increased intelligence offers increased vulnerability to cyber-attack, often for the purposes of fraud or theft, and requires new forms of protection to be put in place.

Before examining the solutions that modern AMI bring to DSOs, lets first examine a little more about the various mechanisms of energy theft and fraud which are applied.

Types of energy theft and fraud

Generally, energy theft and fraud are grouped as follows:

  • Direct theft – the thief can simply take energy from the DSO without the DSO having the opportunity to meter the consumption. This is achieved through connecting spurs to the main supply and drawing energy directly, and consequently, this is often visible from the street.
  • Meter tampering – the meter is compromised in such a way that it delivers false readings. Again, often this is visible on the meter, but with most meters in cabinets or in buildings, this is less visible from the street. With the introduction of smarter meters, there is more opportunity for a cyber-attacker to tamper with the meter, or the data it holds, and this can be very hard to spot.
  • Billing irregularities – the human steps within the meter-to-cash process are points where consumption information can be changed. In traditional networks, this can span from the meter reader to the accounts team. In smarter grids, whilst the role of the human is massively reduced, the opportunity for cyber-attack to change consumption and account details increases. Both cases can only be spotted through sophisticated data analysis and audits.
  • Unpaid bills – customers simply do not pay their bill and make it hard for the DSO to cut off power supply.

Who is the thief?

There are many types of thief:

  • Consumer – this can be wide-spread and hard to police. Direct theft or meter tampering are the main mechanisms used. The consumer is the sole beneficiary of the theft.
  • Organised crime – this can range from a local technician helping local consumers steal energy or tamper with meters right through to organised criminals influencing the human steps in the meter-to-cash process. Both the criminal organisation and the consumer “employing” them benefit.
  • DSO insider – in this case, a human in the meter-to-cash process is using their influence to change metering, billing or account information. This is often connected with organised crime but could simply be a disgruntled employee.
  • Nation state – tampering with energy supply is a recognised way that hostile nations can engage each other. Whilst this generally revolves around disruption of energy supply, more insidious fraud and theft attacks can be employed to cause financial instability in the key infrastructure providers of the target country.
  • Cyber-criminal – in a sense, the cyber-criminal is an agent for all these types of thief. Their role is to evaluate opportunities for fraud and theft in the increasingly smart energy infrastructures by identifying weaknesses in IT security technology and process.

Modes of fraud and theft

The modes of fraud and theft on the physical infrastructure are illustrated in a summary diagram below.

Cyber-criminals use IT hacking methods to access and tamper with the meter, the networks between the meter and the back-end billing/accounts systems or the back-end systems themselves. One approach is for the cyber-criminal to reconfigure the meter so that its ability to record consumption accurately is compromised or impact those functions designed specifically to combat fraud and theft. Another approach is to access the meter data directly, either on the meter, in the network or at the back-end systems, and enter false consumption values. The second is far more insidious, as cyber-criminals can become adept at hiding the evidence of their tampering!

New means to detect theft and fraud

With traditional “non-smart” metering systems in the grid, it was hard to identify occurrences of theft and fraud without conducting audits – either in the streets and consumer homes, in back-end billing/accounting records or in process execution records.

The latest AMI bring significant improvements:

  • Meter tampering and supply alarms – the latest generation of smart meters provide a rich set of events and alarms to indicate both the preparation for and the actual execution of fraud and theft at the meter. In the most sophisticated smart meters, this can include events which indicate attempts to hack the meter or the communications network.
  • Complete automation of meter-to-cash – the human can be largely removed from the process. Often, reduction of theft and fraud is a major business driver for initiating a smart meter project.
  • Remote control and cut-off – smart meters allow the DSO to restrict access to energy and even cut off supply in the event of non-payment of bills. Not only is the remote control convenient and reduces costs – the energy cut off is faster, reducing the revenue leakage, and it avoids the need for physical confrontations with the thief.
  • Analysis of consumption in the low-voltage grid – in high quality deployments of smart grid, it is now possible to assess energy flows within the low-voltage grid allowing DSOs to spot the leakage of energy, possibly resulting from theft
  • Low-voltage grid topology analysis – a pre-requisite for analysis is to know the topology of the low-voltage grid. This is a challenge for many DSOs as records may be out of date or simply not exist. The latest AMI solutions allow the topology to be inferred from communications statistics
  • Usage statistics – some forms of illegal usage of energy, such as growth of drugs, can be detected from a deep analysis of consumption patterns and their correlation with other data, such as the weather.

These are very useful capabilities, but they need to be complemented by back-end systems which can display and make sense the new sources of information generated by the meter and make it easier to initiate actions. In modern AMI deployments, the role of operational tooling to provide monitoring and control features need to be carefully addressed, else all the new insight provided by the smart grid is wasted.

Finally, what about the cyber-criminal? The leading AMI solutions provide strong protection measures to make it hard for the cyber-criminal to gain access to systems. History has shown that “hard” does not mean “impossible”. The latest developments in smart grid security address threat detection and response – the ability to detect activities indicating a potential, actual and/or successful attack on the smart meters. This information, when acted upon, can be used to blunt the cyber-criminal when they attempt fraud or energy theft.

In summary, the mechanisms are now in place to combat theft and fraud close to its source with the new generation of Smart Meters. However, the selection of the right technology for the AMI is key. Only sophisticated, extendable, and agile technologies will be effective against the ingenuity of the fraudster, the thief, the cyber-criminal and the hostile nation agent.

The NES AMI solution provides a robust platform with many features designed to protect utilities from fraud and theft including alarms for tampering, power-cycles, cover removal, and other indicators of fraud and theft. Find out more about NES technology here.

More information from NES on Smart Energy International

What is Networked Energy Services doing?

For more information and to see what Networked Energy Services is doing to help DSOs combat theft and fraud, please visit our website and download our full article on reducing Energy Theft and Fraud.