Increasing amounts of data, interconnected utility infrastructures, regulation and a general awareness of security and privacy issues raise the pressure also on smart metering security. E360 is our response to the most stringent security requirements.
Security in smart metering is not as simple as the technical security of the solution, that is, the security of devices, communication, software systems and data storing. It demands a holistic approach that embraces the planning of the entire smart infrastructure from a security perspective as well as the people, practices and processes that enable it.
However, the foundation for secure smart metering operations is built on technology with the highest standards for data availability, integrity and confidentiality. It doesn’t consider only the security of individual components, but all the layers and interfaces in a smart metering solution. We designed our E360 smart meter to be an integral part of a smart metering solution. Its security features are considered far beyond the meter itself, from a safe design and production process to installation, maintenance and upgrades.
Below we describe the security capabilities of E360 using the following classification:
Perimeter: safeguarding the meter
With features related to perimeter, we refer to the processes and concepts of a secure design as well as to design, production, installation and maintenance processes. E360 meters, like all our smart devices, are designed and produced in a secure environment; for example, the firmware credentials are kept in an isolated network. Each step in the key management process and delivery of credentials is carefully considered in terms of security.
The physical design of E360 is tailored to prevent corruption and security breaches. The hardware is secured against tampering attempts through various types of alarms. Whether there is an attempt to remove the terminal cover or change a module, interference with magnetic fields or mixing the wiring, it is always detected and an alert is given. Further protection can be found inside the meter: any access to the microprocessor is prevented and all the data in the meter’s memory is encrypted.
E360 also enables future security upgrades and there are spare resources in the meter to allow for additional security features in the future.
Access: permission to work on a meter
A smart meter has to be fully secured against any unauthorised access – and at the same time, it should guarantee sufficient access to perform certain jobs. E360 has role-based access, which means that the access is based on the requirements of the job at hand. As an example, an installer may need to be able to set up meter time or set up communications parameters, but he doesn’t need access to clear registers or reset passwords. E360 allows defining up to 14 client roles for meter access. Security set-up and credentials are created separately for each client. Furthermore, the access can be provided independently for various interfaces and it is possible to configure the meter to deactivate a port if accessed without authorisation.
Data protection: securing data during transfer
In E360 the message security covers both protecting the data with encryption as well as securing a safe data transfer between the meter and the system.
Data protection is based on encryption and authentication in all data communications from an E360 device, meaning that it is not possible to access or manipulate the data while it is being transferred to the Head End System or to a field device. Replay attacks are prevented by message counters.
Traceability: transparency of meter events
In terms of security, it’s essential to have full transparency on various events that occur to the meter during its lifetime. In E360, there is a comprehensive set of logs to show e.g. events, meter point access, firmware updates and all the communication attempts to the meter – whether successful or not. Besides time stamps and events, the log information can include the IP addresses and clients used; even user information when this is defined on a system level.
Additionally, in E360 we’ve added a 32-bit event counter for each log. This helps to identify unauthorised attempts to access the meter: an abnormally high event count indicates continuous connection attempts even in cases where the log itself has reached the maximum number of entries.
Upgradeability: continuous upkeep of meter security
Upgradeability is a key requirement in terms of security. It makes it possible to upgrade the meter firmware in case there are new security threats in the operational environment or weaknesses identified in the infrastructure.
Besides the capability to install new, more secure firmware to the meter flexibly, it’s extremely important to secure the upgrade process itself and make sure that only verified, uncorrupted Landis+Gyr firmware can be installed. This is managed in E360 via a unique signature algorithm for firmware updates.