From Canada to Brazil to Italy, the business case for some large-scale smart meter deployments have centered on cutting down on theft.
And then there’s Puerto Rico, where a recent report from Krebs on Security found that a major utility may have lost up to $400 million in revenue after organized smart meter electricity theft, which was assisted by utility insiders.
The incident shined light on the vulnerabilities of some meters, but also showed that the largest security threat of meters at the moment is not infrastructure damage or privacy breaches, but fraud -- which is easier to do on a large scale as millions of electricity meters are going digital.
“There are many systems that have similar auditing roles and have similarly economically motivated attacks as smart meters,” said with Ben Jun, VP of Technology at Cryptography Research, a security research and development and licensing firm.
The company works with various banks and electronics companies to ensure that everything from TV set-top boxes to credit card terminals are secure. For meter makers and their suppliers, they should think of smart meters as a similar piece of consumer electronics when it comes to fraud protection and privacy, said Jun. In the case of scramblers for cable boxes, the theft amounted to more than $4 billion annually, according to researchers at Pennsylvania State University.
For criminals who leverage connected networks for financial gain, scale is the name of the game. For online identify fraud, an estimated 70 percent is related to organized crime, according to CBS News. In the case of smart meters, there will have to be millions available to make any organized criminals interested in trying to hack them, so now is the time for meter companies and their suppliers to build in the proper security.
Currently, electricity theft in the U.S. is estimated at $6 billion, according to a report by IEEE. However, that is far lower than in some other countries, where stealing power happens all the time. In British Columbia, electricity theft is used to mask grow operations for marijuana; this was one of the major drivers to implement smart meters. In India and Brazil, stealing electricity is rampant.
For those countries, meters will deter the average hacker, and make it easier for utilities to know when the meter has been tampered with. “Joe Six-Pack might not be able to hack it anymore,” said Jun, “but with connectivity comes scalability of an attack.”
That scalability could mean people that set up software that you can download to hack your meter so that you don’t pay a peak charge. In Puerto Rico, people used infrared lights to hack the meter so that it communicated with a computer that then changed its software setting.
Wide-scale adoption of meters, coupled with more variation in pricing schemes, could open the door to a new field of electricity fraud, according to a report from Europol. The report mostly looked at organized crime in energy supply, but also found that there is already a market for subversive devices and software that can override smart meters or vehicle chargers.
The upside of dealing with larger, organized criminals is that they’re in it for financial gain, and are therefore very rational, argues Jun. “Our challenge is not, ‘Can this be done?’” he said, “but rather, is the appropriate thought being put into place?” In that case, current technology, including making the meter itself tamper-resistant and embedding security in every component, can be a significant deterrent.
But it’s not a lost cause. In fact, since most other industries have had to work through many of these issues, there’s a lot of knowledge that can be leveraged. “We’re doing what we can to adopt best practices that are in consumer-grade and commercial-grade equipment at roughly the same cost,” said Jun. “There’s substantial room for improvement.”