Smart Meter

Smart meters have been a controversial topic for quite a while. Other countries began the roll out years ago. In Germany this takes way longer and there are still no certified products for the energy companies to install. The BSI (Bundesamt für Sicherheit in der Informationstechnologie) is responsible for certifying the smart meters. There are several smart meters up for certification as you can see on this side of the BSI.

The main reason for installing smart meters is the energy transformation to make the energy net more reliable for renewable energies. Therefore the EU has decided that every country should provide smart meters to their consumers. Thus the Bundesregierung passed the law for Digitalisierung der Energiewende in 2016. It requires 80% of all households to own a smart meter by 2020.

Originally the roll out was supposed to start in 2018. That was now postponed and will maybe start in autumn as at least 3 smart meters have to be certified. In the end the net is supposed to be transformed into a smart grid. This is thought to save energy and to be more flexible concerning energy consumption. As renewable energies are much more fluctuant in producing energy as conventional energy sources the net has to react to an abundance as well as a shortage of energy. Smart meters are only the first step to towards a smarter system as the following graph shows.

Of course that’s the benefits of the future. In the beginning smart meters will mainly be one thing: expensive. They have to be installed in every household and have to be maintained. Part of the costs will be passed on to the consumer. Though the consumer also profits from the change as the tariffs are supposed to become intelligent. Then the consumer can spend energy if there is a surplas and tariffs are cheap. Intelligent home appliances can react to fluctuations.

In reality at least at the moment these advantages hardly take effect. Smart homes are still in the development stage and it is doubtful that smart home appliances that manage their energy consumption are really convenient. Not everyone wants to wait hours for their washing machine to start because energy is expensive at the moment.

That is why the government decided to make it mandatory and made the BSI responsible for managing everything. There were a few changes throughout the years how smart meters should be realized. The following explanation of the functional principle are the latest guidelines published by the BSI.

Smart meter functional principle

The actual smart part of the smart meter will be in a module called the smart meter gateway. The smart meter actually only is an electricity meter that sends all its data to the smart meter gateway. All communication is managed by the gateway as well as security, data protection and encryption. Data is send via the WAN to the electricity provider. The data interface will be handled by administrators that are also certified by the BSI (26 certified, TR- 03109-6). Administrators are responsible for installation, configuration and maintenance and can handle devices of different manufacturers. They can be different from the electricity providers but there are already some that are also certified as administrators (full list).

The LMN is a network for different meters (like gas, electricity or water) that can all send their data to the smart meter gateway. At last the HAN is the network for the consumer to monitor the gateway as well as provide an interface for smart home appliances. Technical personal can also access the gateway via the HAN for maintenance.

Security requirements

There are several security aspects the gateway has to handle: Data flood, encryption and communication protocols. A smart meter produces a lot of data which can reveal a lot about the residence’s lifestyle. If packages are send too frequently one can even detect what program is running on TV. To avoid accumulating revealing private data the gateway only sends data packages every 15 minutes. Only relevant data is supposed to be send and the tariffs are calculated in the gateway itself.

Secure encryption is extremely important for the gateway as it handles a lot of sensitive data. For the encryption a public key infrastructure is used. These get certificates provided by the BSI to authenticate themselves. The cryptographic protocols have to at least adhere to the given security standards. How communication is initiated is another important part for securing the gateway. Recipients have to be predefined and all communication is started by the gateway itself. Messages are send at predefined time and if the provider has to start communication with the gateway there is wake up call for that.

All three networks (WAN, LMN and HAN) have to be separated. The Hardware of the gateway shouldn’t be able to be manipulated. Gateways are supposed to function in between manufacturers to make a switch between one and another possible. If all these requirements are met the BSI certifies the gateway for 8 years. After 2 years there will be a reassessment. But as stated above there are still no certified gateways yet. One of the reasons for that are the high risks if security breaches occur.

Security risks

As soon as gateways are connected to a network they are susceptible to hacking attacks. Other industries have to fight these problems ever since going online and have developed techniques to make it harder for hackers. One of the important parts are security updates. At the moment manufacturers get a certificate and only get checked every 2 years. According to experts that is to infrequent. They should be more responsible for security breaches and for fixing them as soon as they occur.

There is always the possibility that a system can get hacked no matter how secure it seems. There should be plans how to handle a possible hack. The German energy network is extremely fragile. If there is only a bit of fluctuation because of a hack or a system malfunction the whole system could break down. The network is very centralized and can cause problems for the whole country if the system changes slightly. It is very important to react to abnormalities in time and up or down the consumption accordingly. For a smart grid to work the network should be decentralized. Then only cities or smaller areas are affected and a chain of reactions is less likely.

Of course a countrywide blackout is the worse case scenario and other risks are more likely to happen. Consumers could manipulate the smart meter for example to report less energy usage than in reality or the smart meter could malfunction and report different energy usage. Also the smart appliances could be a higher security risk than the meter in itself because they aren’t as highly regulated.

Another risk factor is all the data produced by the gateway and meter. Data is very valuable in today’s society as platforms like Facebook have demonstrated. This data is supposed to be used to the consumer’s advantage but if data is leaked or sold to third parties there is no control over what happens to it. Energy data gives a lot of information about the lifestyle of consumers. Data protection therefore is very important.

Privacy groups suggest that the data should be bundled into packages. It can still be used for profiling consumption data for one region but cannot be used to track single households or individuals. Then whole blocks could be bundled together giving the single household more anonymity. There isn’t a way to really know all problems before the roll out and at some point we have to take the leap. There are already some electricity providers testing their gateways in pilot studies. It shouldn’t take that long to produce smart meter gateways that are up to today’s security standards.

Research questions

There are remaining questions for which more research would be interesting:

  • How to handle a security breach the best way?
  • Would continuous updates be beneficial for the gateways?
  • How can one check for data protection and how can it be preserved without hurting the system?
  • How can weak spots be revealed early and how to deal with them?
  • How can data be protected from falsifications?
  • Could smart home appliances become a security risk if they are connected to the smart meter?
  • How can the electricity network itself become more secure?
  • How can we prevent a blackout before it can occur?

Further readings (accessed at 12.08.2018) (accessed at 12.08.2018) (accessed at 12.08.2018) (accessed at 12.08.2018)

Image sources

Image 1: (p. 35 accessed at 12.08.2018)

Image 2: (accessed at 12.08.2018)