There are more than one billion smart meters already deployed worldwide: 38 million only in the United Kingdom. These are integrated IoT devices, designed to have an ultra small footprint and equipped with light software that constantly communicates with energy suppliers and the national network.
The cybersecurity of integrated devices such as these is weighed with their size and performance requirements: although we want smart meters to be safe, we also want them to work without problems, use very little energy and space, and send the correct data at the right time. Additional encryption layers would increase the size of these data, which can affect the performance and cost of smart meter infrastructure.
But this encryption is something that the energy sector, and the technology supply chain as a whole, now has to rethink. Last year, the National Institute of Standards and Technology of the United States revealed its final standards for the previous cryptography (PQC), a new form of encryption designed to protect data from possible quantum computer attacks.
Now, the US agencies and Europe, including the NSA and the NCSC, recommend that governments and companies coordinate their migration to PQC so that each device is safe by 2035.
This is the largest cybersecurity transition in a generation, and a real challenge for intelligent meters 1b+ in the world.
Strategy Director, PQSHIELD.
Why should smart meters update?
There are three main reasons to update smart meters to PQC: Risk, compliance and market forces.
The risk is the word in the heart of each conversation about cryptography and cybersecurity. Each new iteration of an encryption algorithm or cybersecurity application is designed to keep one step ahead of the attackers and mitigate the possibility of a violation. PQC is designed to mitigate the risk of an attack of future quantum computers, which experts anticipate that they can easily decipher current encryption standards.
When this cryptographically relevant quantum computer emerges, critical national infrastructure (such as the energy network) will be a main objective for interruption. Therefore, energy networks must now act to protect themselves and their data from this future risk. As the vulnerable final points in the energy network, with the technical capacity of cutting the food sources to households, smart meters must ensure to ensure that the infrastructure is protected against the attack.
Suppliers must also have an eye on whether their smart meters comply with the new regulations. Government guidelines recommend that hardware and software be aligned with NIST PQC standards by 2035 no later than its client is the government itself. In a nutshell, the transition must take place, and in fact it is already underway.
Finally, market forces will soon force decision makers even in the fence to update smart meters to PQC. As the migration deadlines, energy suppliers and hardware manufacturers approach that can promise enabled devices for PQC will be preferred for government and corporate contracts on those who have delayed their transition.
The challenge of updating smart meters
There are two parts in the PQC challenge of the smart meter: update the millions of “Brownfield” devices that are already deployed, and ensure that the millions of “Greenfield” devices currently in the production line are prepared for the next PQC deadlines.
In most cases, the devices already deployed will require an air firmware update to become PQC safety. This could be a great challenge for the oldest models with memory restrictions, and it is likely that replacing this inherited hardware is the most expensive part of the transition.
Where these updates are possible, there are also physical challenges. Smart meters are small devices and integrated with minimal amounts of RAM and computer capacity. They are also limited in the bandwidth, transmitting small amounts of data with each network communication they make. PQC implementations must work within these limitations, but some may encounter problems.
For example, post -quantum encryption keys are greater than RSA/ECC keys, which means that a quantum security message is larger than those currently sending an intelligent meter.
Many smart meters depend on the hardware cryptography of the fixed function that is not changes and cannot be updated in the field; This means that, in these devices, it is not possible to update the safe starting processes and maintain cryptographic agility (the ability to quickly adapt cryptography in a device).
Manufacturers do not need to worry about air updates for intelligent meters “Greenfield” that are still being designed, since they have the opportunity to protect devices before production. They will still face problems with memory and CPU, and must ensure that PQC is taken into account in their design process to ensure that the devices meet beyond 2035.
The next steps for smart meters
The first and most important step for the energy sector is to plan thoroughly. 2035 is before what it seems, especially for the projects for changing a large -scale digital transformation, and this is a process that many companies expect to end long before that deadline.
The objective of the transition is to maintain the highest safety standards without compromising performance and without accumulating unsustainable costs. Inevitably, the oldest models of smart meters who cannot receive air updates must be replaced: the ten -year transition timeline means that this can be taken into account annual budget for hardware updates in the field, instead of through a little practical deployment of everything in half.
For all other devices, implemented and in production, manufacturers and energy suppliers must identify where the most critical data is transmitted on their device and focus on ensuring this as a priority. For smart meters, this means communication modules and the process by which they could trigger an energy closure, since these are the vectors to which the attackers will point first.
To navigate the challenges of the migration of integrated systems and limited by the memory to PQC, the smart meters will need implementations of low print PQC, which are designed to apply NIST standards without exercising excessive demand on CPU and RAM. It is worth presenting experience in PQC to ensure that the correct implementation is found for the correct device, as robust as the PQC algorithms published by NIST, they are also as safe as the way they are implemented.
Manufacturers must factor PQC in their product roadmap. This sounds discouraging, but up to 80% of this transition will be handled in the supply chain, which means that suppliers supplied by communication modules, HSMS and microprocessors used in smart meters will be responsible for updating vulnerable cryptography. The remaining 20% is the manufacturer's responsibility: Communications channels and measurement software that must be updated internally.
The key message for energy suppliers and device manufacturers is that this process must begin as soon as possible. Smart meters are designed to have a long shelf life, and the risk of deploying devices in 2030 that are obsolete in 2035 is one that should be avoided.
We list the best antivirus software.
This article was produced as part of the Techradarpro Insights Expert Channel, where we present the best and most brilliant minds in the technology industry today. The opinions expressed here are those of the author and are not necessarily those of Techradarpro or Future PLC. If you are interested in contributing, get more information here:
