Smart meters must be secured
India is in the middle of the world’s largest programme of rolling out smart meters in the power sector. The Smart Meter National Programme (SMNP) is replacing 250 million conventional electricity meters with smart Internet of Thingsenabled meters.
The biggest virtue of the meter is that they are connected and can relay information on power consumption in real-time. But this is also their biggest weakness. Millions of such connected devices are vulnerable to hacking and need a ring of security. The data generated from such devices is also sensitive and has to be protected. According to some reports, the government of India is curtailing the imports of China made smart meters on suspicions of data theft.
“Smart meters are connected through a web-based monitoring system which will help to reduce commercial losses of utilities, enhance revenues and serve as an important tool in power sector reforms,” says a statement by SMNP.
The programme is being implemented by the Energy Efficiency Services Limited (EESL). “The business model to roll out smart meters is revamping the current manual system of revenue collection, which leads to low billing and poor collection efficiencies.”
There seems to be an awareness that not just Chinese meters but even domestic meters being installed at points of consumption are vulnerable and need to be secured against hacking
The smart meters are useful for the electricity service provider and the user. The service provider can use the data to manage peak time usage, while consumers can also monitor power consumption to manage their costs. So far EESL has installed 3 million smart meters in Rajasthan, Uttar Pradesh, Haryana, NDMC-DELHI, Bihar, and the Union Territory of Andamans. EESL aims to install a total of over 4.7 million smart meters by December 2023.
The matter of cybersecurity becomes critical with the pace of expansion of smart meters in India.
Cyberattacks on energy and commodities infrastructure rose sharply in the third quarter of 2022, with a record high of major incidents already recorded so far this year, according to S&P Global Energy Security Sentinel.
“Oil assets and infrastructure were the biggest targets for hackers, accounting for a third of all incidents since 2017,” S&P says. “Electricity networks were the next most vulnerable, making up over a quarter of all incidents, data showed. Gas and shipping were the two other sectors that experienced a moderate amount of cyberattacks,” according to S&P.
Another study by the World Economic Forum (WEF) says that industry and regulators have to secure the entire value chain and last-mile connectivity in the power supply sector. “IOT devices are, and will be, deployed at all levels of electricity systems from grid edge to transmission and generation. This includes private homes (e.g appliances, lighting, and heating, ventilation and air conditioning [HVAC]) and within transmission and distribution systems to monitor energy flow and aid in predictive maintenance.”
Earlier in the year, Chinese hackers attacked power grid assets in Ladakh. Several other attempts to hack into power grids in north India have been recorded.
There seems to be an awareness that the domestic meters being installed at points of consumption are vulnerable too. The proposed ban or curbing of Chinese meters is an important step. However, even domestically produced meters or those sourced from other countries have to be secured against hacking. A single weak meter can potentially allow a hacker to access an entire distribution system of a locality or region.
At its simplest, hackers can change the billing or steal power from a user’s meter. They can also use the meter to impact appliances inside an office or home as flagged by the WEF report.
Digital power systems are critical for improved supply, management and cost efficiency. Securing them is even more critical.