Blog Post

Smart meter security: the human element

This week, several news outlets (such as Network World) have described a new FBI finding that “smart meter hackers” are enabling the theft of millions of dollars’ worth of electricity from a utility in Puerto Rico. In its report, the FBI noted: “This is the first report that criminals have compromised smart grid meters.” The agency added: “This type of fraud is likely to spread.”

So what is this type of fraud?

Upon a closer look, this situation is not so much about smart meters as it is about criminal human behavior. Former Washington Post reporter Brian Krebs explained that it was not actually the smart meters themselves which were “hacked.” The meters’ own security measures were not breached.

Instead, criminals accessed the smart meters by stealing meter passwords as well as some devices used to program the meters. This is more like stealing a key and opening a door, rather than breaking the lock on the door.

These criminals were former employees of the utility involved, and of the vendor who provided the smart meters. These people were paid (bribed) by customers to illegally reprogram the meters so that those meters would record less energy consumption than actually occurred. This is not fundamentally different from bribing human meter readers to under report consumption — which happens often in some developing countries.

How to prevent this type of security risk?

First, utilities and companies that make smart meters and related technology must tighten their “human security measures.” This includes planning for the worst case — rogue employees. Companies already do such contingency planning to safeguard sensitive IT systems.

Also, these companies should use available analytics software that can spot possible incidents of electricity theft. Such software can detect when a meter’s password or programming changed, and automatically initiate a field investigation. Meter data analytics software also can identify unusual changes in the amount of energy used, or in usage patterns. (The EnergyIP and Analytics software from eMeter can handle all of these tasks for electric, gas, and water meters.)

Using analytics for security isn’t anything new. Credit card companies have long used analytics software extensively.

Analytics software solutions are available for all of the smart meters already installed. Consequently, every meter in the field can become a fully reliable tool to prevent energy theft. That is, as long as the meter data analytics are part of a comprehensive security strategy. This means dealing with the human aspect, as well as using software to mine the data and find the problems.

This article originally appeared on eMeter’s Smart Grid Watch blog. Chris King is the Chief Regulatory Officer for eMeter. He is a nationally recognized authority on energy regulation and competitive energy markets, and is widely recruited by regulators and legislators to consult on technology issues in electric restructuring and grid management.