Secure Digitalisation: Protecting smart metering data against cyberattacks

Protecting smart metering data against cyberattacks

Anil Rawal, Managing Director and Chief Executive Officer, IntelliSmart Infrastructure Private Limited

The digitalisation of India’s power distribution sector is a critical intervention that the country requires in its efforts to achieve its energy security go­als. To this end, the government has set a target of rolling out 250 million sm­art meters by 2025.

It has been established that smart meter advanced metering infrastructure (AMI) is the nucleus around which the modernisation of India’s power distribution sector will happen. Favourable policy initiatives such as the launch of the reforms-based and results-linked Re­va­m­p­ed Dis­tribution Sector Scheme, and the standard bid document being developed by the Government of India, are also precipitating smart meter roll-out at scale.

In India, equipping households with smart meters is a well-thought-out step to empower consumers and discoms.

Th­e­se meters can greatly help discoms, reeling under financial stress, to impro­ve their financial health by enhancing billing performance, as well as help consumers control their energy usage and spending.

It should be noted that smart meter AMI, as part of its functionality, plays wi­th consumer household data, which dis­coms essentially utilise to improve bill reading and billing accuracy, deal wit­h electricity thefts, and carry out de­mand forecasting and power purchase optimisation in the long run. How­ever, by virtue of dealing with copious amou­nts of sensitive data, the AMI and cloud system have the potential to be vulnerable to cy­berattacks.

What are the risks?

India’s digital push with deeper internet penetration has made the country data-rich, and also a target of cyberattacks. Mo­tivations can range from financial gains to disruption of the grid through unlawful activities. Cyberthreats in the form of phishing, denial-of-service at­ta­cks, spreading malware, and eavesdropping and traffic analysis connected to AMI can have a direct impact on the safety and stability of the grid. Moreover, it undermines the industry’s data protection practices, erodes consumer and sta­keholder trust, violates the data privacy of Indian citizens, and puts national sovereignty and security at risk.

Work in progress

While rapid advancements in techno­logy have made IoT-enabled devices and systems more reliable, secure and accessible, and it is now possible to push data into a digital ecosystem through more secured pathways, data protection continues to be an uphill task.

At the regulatory level, India has taken concrete measures for data protection. The Personal Data Protection Bill, 2019, which is under consideration, will also cover the consumer data generated by AMI for discoms.

At a more practical level, organisations will have to double down on securing systems and networks with foolproof measures to fend off cyberthreats. Orga­nisations will have to employ measures such as end-to-end encryption of the AMI system, deployment of authentication mechanisms, grid-level malware protection, and use of virtual private networks for network security; and regularise risk and maturity assessments to map and plug security gaps and weaknesses that may come up occasionally in the system.

Additionally, going forward, it would be important to empower consumers and take them into confidence. They should have access to the data and insights in the framework, along with consent choices. The digitalisation of India has transformed the country into a data-rich economy. Protecting this wealth of data is crucial not just to se­curing the privacy of consumers, but also to safeguarding the nation’s economy and critical infrastructure against cyber­th­reats.