Anil Rawal, Managing Director and Chief Executive Officer, IntelliSmart Infrastructure Private Limited
The digitalisation of India’s power distribution sector is a critical intervention that the country requires in its efforts to achieve its energy security goals. To this end, the government has set a target of rolling out 250 million smart meters by 2025.
It has been established that smart meter advanced metering infrastructure (AMI) is the nucleus around which the modernisation of India’s power distribution sector will happen. Favourable policy initiatives such as the launch of the reforms-based and results-linked Revamped Distribution Sector Scheme, and the standard bid document being developed by the Government of India, are also precipitating smart meter roll-out at scale.
In India, equipping households with smart meters is a well-thought-out step to empower consumers and discoms.
These meters can greatly help discoms, reeling under financial stress, to improve their financial health by enhancing billing performance, as well as help consumers control their energy usage and spending.
It should be noted that smart meter AMI, as part of its functionality, plays with consumer household data, which discoms essentially utilise to improve bill reading and billing accuracy, deal with electricity thefts, and carry out demand forecasting and power purchase optimisation in the long run. However, by virtue of dealing with copious amounts of sensitive data, the AMI and cloud system have the potential to be vulnerable to cyberattacks.
What are the risks?
India’s digital push with deeper internet penetration has made the country data-rich, and also a target of cyberattacks. Motivations can range from financial gains to disruption of the grid through unlawful activities. Cyberthreats in the form of phishing, denial-of-service attacks, spreading malware, and eavesdropping and traffic analysis connected to AMI can have a direct impact on the safety and stability of the grid. Moreover, it undermines the industry’s data protection practices, erodes consumer and stakeholder trust, violates the data privacy of Indian citizens, and puts national sovereignty and security at risk.
Work in progress
While rapid advancements in technology have made IoT-enabled devices and systems more reliable, secure and accessible, and it is now possible to push data into a digital ecosystem through more secured pathways, data protection continues to be an uphill task.
At the regulatory level, India has taken concrete measures for data protection. The Personal Data Protection Bill, 2019, which is under consideration, will also cover the consumer data generated by AMI for discoms.
At a more practical level, organisations will have to double down on securing systems and networks with foolproof measures to fend off cyberthreats. Organisations will have to employ measures such as end-to-end encryption of the AMI system, deployment of authentication mechanisms, grid-level malware protection, and use of virtual private networks for network security; and regularise risk and maturity assessments to map and plug security gaps and weaknesses that may come up occasionally in the system.
Additionally, going forward, it would be important to empower consumers and take them into confidence. They should have access to the data and insights in the framework, along with consent choices. The digitalisation of India has transformed the country into a data-rich economy. Protecting this wealth of data is crucial not just to securing the privacy of consumers, but also to safeguarding the nation’s economy and critical infrastructure against cyberthreats.