Mohit Kedia, Arm
embedded.com (June 19, 2019)
The Internet of Things (IoT) is growing at a spectacular rate. The ability to control devices remotely and gain valuable data insights is driving us towards what is expected to be a trillion connected devices by 2035, delivering orders of magnitude more data than we see today. One area where we’re seeing a heavy growth in the number of connected devices is around smart meters. According to iHS Markit, spend on Advanced Metering Infrastructure (AMI) is expected to rise to $13 billion in 2023, compared to $9 billion in 2018. The companies providing our heat, light, and water are benefitting from automated meter readings, precise billing, plus remote connection and disconnection capabilities – all with less resource than was previously possible.
But this unprecedented growth creates an ever-expanding attack surface for cybercriminals to prey on essential infrastructure, or infiltrate and steal information from individuals and enterprises. For example, malware hackers utilized ‘Crash Override’ malware to gain control of Ukraine’s power grid in December 2016 and shut down 30 substations, blacking out the city of Kiev and reducing the city to one-fifth of its power capacity.
Security threats can take many different forms throughout a smart meter’s operational life. Utilities must consider various factors and be prepared for different attack vectors to ensure their customers are protected. For example, a side channel attack involves snooping and analyzing data consumption via Correlation Power Analysis (CPA) to gain credentials and access to infrastructure. Energy suppliers and the original equipment manufacturers (OEMs) need to enforce security from device to cloud. They also need to be able to update their firmware over-the-air (OTA) to ensure resiliency for a device’s lifecycle. So how can utility companies ensure their smart metering deployments maintain security and privacy for all stakeholders?
Click here to read more ...