facebook twitter subscribe

Susan White to Lead InsideClimate News

view counter

ColumbiaJournalismReview Article

Donate to SolveClimate News

Once a day
Get Articles by e-mail:

or subscribe by RSS

Get Today's Climate by e-mail:

or subscribe by RSS

California Adopts First Standards for Cyber Security of Smart Meters

But experts warn the rules must be part of a much larger strategy by utilities to prevent financial fraud and other security breaches

Aug 4, 2011
A smart meter from PG&E

California regulators have adopted the nation's first sweeping privacy rules for household smart meters that form the backbone of the growing "green" grid, vowing to protect consumers from cyber attacks that could steal energy usage data and other private information.

The California Public Utility Commission will require utilities to regularly conduct independent security audits of their millions of wireless meters and to restrict the access of third parties, such as energy-efficiency consultants, to customers' personal details.

The nearly 200-page decision, announced last week, applies to the state's biggest utilities — Pacific Gas & Electric, San Diego Gas & Electric and Southern California Edison — which together have deployed about eight million of the nation's 21 million smart meters, with three million more devices planned for late 2012.

"The rules and policies we've adopted are the first such in the nation and should serve as a national model," CPUC president Michael Peevey said in a statement.

He added that the standards are consistent with privacy and security principles adopted by California's Senate Bill 1476, which former Gov. Arnold Schwarzenegger signed into law last September, and by the Department of Homeland Security.

The smart grid's rollout across the United States is predicted to revolutionize energy generation and distribution by allowing more intermittent wind and solar power on the grid and by making operations more efficient. By 2020, nearly 60 million smart meters, which transmit real-time data on customers' electricity use, are expected to be installed nationwide.

With its rules, the commission aims to protect citizens from the kinds of security and data breaches that have plagued credit card payment systems, online gaming platforms like the Sony Playstation Network and similar wireless systems. In recent attacks, hackers have exposed or stolen hundreds of thousands of customers' names, credit card and debit card numbers, addresses and e-mail addresses.

Smart grid experts applauded the new standards but said that utilities' compliance with them should be one piece of a much larger cyber security strategy.

Needed: 'Culture of Security'

"What is more important here is to be creating a culture of security," Usman Sindhu, a senior research analyst at IDC Energy Insights in Framingham, Mass., told SolveClimate News.

"So, if certain security-related issues come up, then I have a program, a technology, an architecture to solve the problem. I have a team to solve the problem," he said. "Good security is about visibility and knowing your risks and your threats."

Sindhu said that a rising number of utilities and smart meter vendors are designing strategies to test and improve existing equipment and maintain constant vigilance should new security challenges emerge.

A July report from IDC found that more than 75 percent of the utility respondents surveyed ranked security investments to be of the highest importance, while nearly 40 percent said security will be one of their top information technology initiatives this year. The report did not disclose the size of those investments.

San Francisco-based Cryptography Research Inc. (CRI) says it is working with an undisclosed number of utilities, smart meter vendors and manufacturers to develop tamper-resistant hardware and software tools that can anticipate and thwart potential financial fraud or hacking invasions.

"Utilities don't have to reinvent the wheel by themselves," Ben Jun, CRI's vice president of technology, told SolveClimate News. "A lot of the work that has been done on financial payment systems is in many cases applicable to meters themselves, and in many cases the same [security] standards can apply."

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <p> <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <h1> <h2> <h3> <ul> <li> <ol> <b> <i> <p> <br>
  • Lines and paragraphs break automatically.
  • Youtube and google video links are automatically converted into embedded videos.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Images can be added to this post.

More information about formatting options