There are over one billion smart meters already deployed across the world – 38 million in the UK alone. These are embedded IoT devices, designed to have an ultra-small footprint and fitted with lightweight software that is constantly communicating with energy providers and the national grid.
The cybersecurity of embedded devices like these is weighed against their size and performance requirements – while we want smart meters to be secure, we also want them to operate smoothly, use up very little energy and space, and send the right data at the right time. Additional layers of encryption would increase the size of this data, potentially impacting the performance and cost of smart meter infrastructure.
But this encryption is something the energy sector, and the technology supply chain as a whole, now has to rethink. Last year, the US National Institute of Standards and Technology revealed its final standards for post-quantum cryptography (PQC) – a new form of encryption designed to protect data from potential quantum computer attacks.
Now, agencies across the US and Europe, including the NSA and NCSC, are recommending that the governments and businesses coordinate their migration to PQC so that every device is quantum-safe by 2035.
This the biggest cybersecurity transition in a generation, and a real challenge for the world’s 1B+ smart meters.
Chief Strategy Officer, PQShield.
Why do smart meters need to be upgraded?
There are three main reasons for upgrading smart meters to PQC – risk, compliance, and market forces.
Risk is the word at the heart of every conversation around cryptography and cybersecurity. Every new iteration of an encryption algorithm or cybersecurity application is designed to stay one step ahead of the attackers and mitigate the chance of a breach. PQC is designed to mitigate the risk of an attack from future quantum computers, which experts anticipate will easily be able to crack current encryption standards.
When this cryptographically-relevant quantum computer emerges, critical national infrastructure (like the energy grid) will be a prime target for disruption. Therefore, energy networks need to act now to protect themselves and their data from this future risk. As vulnerable endpoints in the energy network – with the technical capability to cut off power supplies to households – smart meters need to be secured to ensure that infrastructure is protected from attack.
Providers should also have one eye on whether their smart meters comply with new regulations. Government guidelines are all recommending that hardware and software align with NIST’s PQC standards by 2035 at the latest – much sooner if your customer is the government itself. Simply put, the transition must take place, and is in fact already underway.
Finally, market forces will soon compel decision-makers still on the fence to upgrade smart meters to PQC. As migration deadlines approach, energy suppliers and hardware manufacturers who can promise PQC-enabled devices will be preferred for government and corporate contracts over those that have delayed their transition.
The challenge of upgrading smart meters
There are two parts to the smart meter PQC challenge – upgrading the millions of “brownfield” devices that are already deployed, and ensuring that the millions of “greenfield” devices currently on the production line are prepared for the upcoming PQC deadlines.
In most cases, already-deployed devices will require an over-the-air firmware update to become PQC-secure. This could be a major challenge for older memory-constrained models, and replacing this legacy hardware is likely to be the most costly part of the transition.
Where these upgrades are possible, there are physical challenges as well. Smart meters are small, embedded devices with minimal amounts of RAM and computing capacity. They are also limited on bandwidth – transmitting small amounts of data with every network communication they make. PQC implementations will need to work within these constraints, but some may run into issues.
For example, post quantum encryption keys are larger than RSA/ECC keys, meaning that a quantum-safe message is larger than those currently being sent by a smart meter.
Many smart meters rely on fixed-function hardware cryptography that is unchangeable, and cannot be upgraded in the field – this means that, on these devices, it’s not possible to update secure boot processes and maintain cryptographic agility (the ability to rapidly adapt the cryptography on a device).
Manufacturers don’t need to worry about over-the-air upgrades for “greenfield” smart meters that are still being designed, as they have a chance to protect devices before production. They will still face issues with memory and CPU, and will need to ensure that PQC is factored into their design process to ensure devices are compliant beyond 2035.
The next steps for smart meters
The first and most important step for the energy sector is to plan ahead thoroughly. 2035 is sooner than it seems – especially for large-scale digital transformation change projects – and this is a process that many companies will be hoping to finalize well ahead of that deadline.
The goal of the transition is to maintain the highest standards of security without compromising performance and without racking up unsustainable costs. Inevitably, the oldest models of smart meters that cannot receive over-the-air updates will need to be replaced – the ten-year transition timeline means that this can be factored into annual budgeting for hardware upgrades in the field, rather than through an impractical all-at-once rollout.
For all other devices – deployed and in production – manufacturers and energy providers need to identify where the most critical data on their device is transmitted from and focus on securing this as a priority. For smart meters, this means communication modules and the process by which they could trigger an energy shutoff, as these are the vectors that attackers will target first.
To navigate the challenges of migrating embedded and memory-constrained systems to PQC, smart meters will need low-footprint implementations of PQC, which are designed to apply NIST’s standards without exerting excessive demand on CPU and RAM. It’s worth bringing on PQC expertise to ensure that the right implementation for the right device is found – as robust as the PQC algorithms published by NIST are, they are also only as secure as the way they are implemented.
Manufacturers will need to factor PQC into their product roadmap. This sounds daunting, but as much as 80% of this transition will be handled in the supply chain – meaning that the vendors who supply the communication modules, HSMs, and microprocessors used in smart meters will themselves be responsible for upgrading vulnerable cryptography. The remaining 20% is the manufacturer’s responsibility – communications channels and metering software that needs to be upgraded in-house.
The key message for energy providers and device manufacturers is that this process needs to start as soon as possible. Smart meters are designed to have a long shelf life, and the risk of deploying devices in 2030 that are obsolete in 2035 is one that should be avoided.
We list the best antivirus software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
