02. November 2020, 11:32 Uhr | Tobias Schlichtmeier
With so many different devices communicating with one another, that throws open the doors for hackers. Many end consumers are still skeptical about smart meters because attacks aimed at electricity meters can manipulate them. And many consumers also fear the risk of a complete shutdown.
To fend off hacker attacks the BSI has defined a protection profile for gateways. It describes possible threats to a smart meter gateway in its operating environment and defines minimum requirements for appropriate security measures. It also differentiates according to the possible threats of a potential attack: firstly there is the local attacker with direct access to a gateway on the spot to manipulate data relevant to billing or grid status data for example. Then there are potential attacks from outside aimed at reading out and altering firmware.
Warding off these attacks, a gateway possesses a security module that must fulfill certain certification specifications. These are defined in Technical Guideline TR-03109. The security module provides core cryptographic routines for the creation and checking of signatures, key generation and negotiation, plus random number
generation. It also serves the gateway as secure memory for key material.
Secure communication works by mutual authentication over an encrypted channel of secured integrity. Plus, data to be sent from the gateway at data level is encrypted for the receiver and signed. The basis is a public key infrastructure (PKI), the smart metering PKI (SM-PKI). From the SM-PKI the gateways and market players obtain digital certificates with cryptographic keys. By the certificates the data is communicated encrypted and signed. A summary of protection profiles and all necessary technical guidelines can be found on the home page of the BSI .
So much to the theory. But what do things look like in practise? Jonas Neumann, member of the Chaos Computer Club in Berlin, expresses his doubts about the security of the measures named above in a report from Bizz Energy. The weak point is the very certification, warns Neumann. There is a risk, says Neumann, not only in the case of the BSI and smart meter gateways but with certification processes in general. IT security was a dynamic process but certificates were static and bureaucratic. Certification could result in manufacturers saying: »We’ve done everything the certificate asked for, any security gaps in future aren’t our problem.« So he recommends manufacturers of smart meter gateways to give an incentive, by liability, to further develop protection of devices beyond certification: the manufacturers would then have to insure themselves against the risk of liability and would work consistently on keeping the devices as secure as possible .
Aside from the security precautions, smart meters present advantages and disadvantages. End consumers can read and thus optimize their electricity requirement virtually in realtime. So they know exactly how much electricity they needed the day before or a week ago for instance.
One possibility would be to do away with payment on account in future and introduce exact billing, reckons an E.ON spokesperson. The grid operator is planning an online portal for example, on which metered values can be read in and retrieved at any time. A smart meter should offer the end consumer more flexibility, for instance switching on certain things like a drier in the night to make use of the cheapest rates. That can also be of benefit for charging an electric vehicle, only working in theory however, for that purpose all devices would have to be networked, i.e. in a smart home. All the functions named can currently only be used with a smart meter.
A positive effect, says E.ON, is free choice of the metering point operator, who at the moment is the grid operator. With a smart meter customers have in future a flexible choice of their metering point operator, independently of the grid operator.
Looking at the costs for smart meters automatically takes you to the disadvantages. You could purchase an old analog meter for about €20 and it ran on little power for many years. On average, in parts of Germany, the annual cost of operating a metering point with a conventional device is about €13. Inthe case of a smart meter, as already explained, things are different. There the high cost of the purchase is about €200–300, plus the cost of installation by a technician.
The top limit for annual costs is legally set. But that only applies if the user has not acquired a meter by their own choice and has not changed the metering point operator. Costs depend on the amount of electricity consumed or the power of the generating installation. An average household of four persons with consumption of 3400 kW/h per year will be billed up to €40 for example. For a modern metering device, independently of electricity consumption, grid operators may only charge a maximum of €20 per year (Table 1).
Then, possibly, there are conversion costs for an electrical connection box. Especially in houses built before a certain date you find older installations that may or may not be altered. As soon as a (new) house owner makes changes, the installation must comply with new directives. That can mean extra costs of several thousand euros for the end consumer.
Given the new legislation the installation of intelligent metering systems is an essential minimum requirement in all households. For smart meters there are questions of security, tedious and elaborate certification processes. Whether the measures are effective remains to be seen. High costs can result for consumers, especially for owners of older installations.
That the benefit compensates for the outlay cannot be expected at the moment. Especially because the appropriate electricity rates are not yet in place, apart from whether many home owners have a smart home. A certain benefit will not be noticeable until we have the right flexibility.