In a water scarce country, like South Africa, smart metering can be a utility’s best ally in the fight to preserve water and promote conservation. However as the adoption of Advanced Metering Infrastructure (AMI) becomes more widespread, its appeal to cyber attackers is expected to increase.

Smart meters offer numerous benefits for the water management sector and aside from the savings associated with the reduced need for onsite meter reading, the ability to identify not just the volume of water consumption but also the timing of that consumption has significant benefits, particularly for customers living in a water stressed country currently promoting conservation efforts.

Addressing vulnerabilities across layers

Darren Oxlee, Chief Technology Officer and Director at Utility Systems notes that with the increased adoption of smart technologies there is an urgent need to address security vulnerabilities across layers – and by different stakeholders – from the outset of a project to avoid the wastage or manipulation of our most precious resource.

“This infrastructure essentially offers an integrated system of smart meters, communications networks, and data management systems that enable two-way communication between utilities and customers. Globally, we are seeing more requirements for automation at end points, as utilities look to remotely diagnose and debug issues in the field.

“In theory, every area of any system is open to risk: because AMI allows for bi-directional communication and remote management of in-field devices, security breaches could allow unwanted changes to be made to device configuration and settings,” he points out.

Multi-level protection

Oxlee says stakeholders in the ecosystem need to take responsibility for ensuring their respective layer is secure, and that the interfaces between vendors, system integrators and utilities are as impenetrable as possible.

“AMI systems will have to adopt multi-layer security protocols to provide multi-level protection against potential threats.

“AMI often applies to utilities that are of national significance, and failure to adequately secure systems against vulnerabilities can result in dire consequences for stakeholders and end users alike.”

Security by design

Oxlee notes that methods currently being used to combat breaches include secure data communications using encryption, secure database design, proper access control using proven authentication methods amongst others.

“In addition, cyber security is increasingly benefitting from intelligence-driven capability supported by machine learning.

“The most important aspect is that each component of the AMI system be designed from the start with security in mind and the ability to adaptively react to threats based on continuous, intelligent risk profiling,” he adds.