Smart metering security
Ensuring the supply of electricity is an integral part of ensuring the social functioning of basic services. In recent years, energy companies have been preparing significant projects ensuring the deployment of smart metering. The implementation of smart metering is based on EU legislative requirements, and it is therefore necessary to ensure compatibility with the given requirements.
Smart Metering brings technology used to measure electrical energy using Smart meters, which, in contrast to classic electricity meters, make it possible to generate various consumption statistics and two-way communication with superior information systems. Currently, there are a large number of smart meter manufacturers on the global market, who have their business headquarters or are controlled from countries that do not have a democratic government, or untrustworthy legal environment and these entities are required to share data from their technologies with government organizations.
Smart metering cyber security is therefore a key area that electricity distributors must address. The risk of implementing smart meters that originate in countries with untrustworthy legal environments was also accentuated by the issuance of the NUKIB warning. Cyber-attacks on smart metering can affect measurement and send erroneous data to central systems, disconnect the point of consumption by a mass order from the central system and, in extreme cases, cause instability of the transmission system. At first glance, it may not be obvious what hackers could use information about energy consumption from smart meters, but burglars would be grateful for this information. Based on the data from the smart meters, information can be obtained on what time people are present in the household, or when no one is present in the household. The cyber security of smart metering is not only necessary from a technical point of view - ensuring protection against external and internal cyber threats and attacks, but a key issue is looking at risks related to the supply chain. Emphasizing the issue of the supply chain and assessing the credibility of suppliers does not only concern the area of smart metering but ensuring the comprehensive cyber security of information and communication systems.
In the following years, significant changes can be expected in this area, which are mainly related to the adoption of Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)
Tomáš Svoboda, Ph.D., has spent a large part of his professional career in information and cyber security. In the last 7 years he has been working in the electricity sector of CEZ Group. He has more than 10 years of experience as a computer network architect and administrator, cybersecurity architect, cybersecurity manager and security team leader. Since 2021, he has held the role of Cybersecurity Manager and Security Team Leader at ČEZ Distribuce, a.s. At the same time, since 2020, he has been teaching the younger generation at university, focusing on operating systems, computer networks, and information and cybersecurity.