State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
Securing Tomorrow's Grid (Part I)
Protecting smart systems against cyber threats.
advanced meter that facilitates two-way communication with the utility, but might also interface with the customer’s HAN. Meters communicate with the utility by sending data to an aggregation point through a field-area network (FAN), also sometimes called a neighborhood-area network (NAN). The aggregation point then collects information from multiple meters in a region and sends it across the utility’s wide-area network (WAN) to the utility’s back office systems. There, a front-end processor (FEP), usually called a “head end,” assembles the data, resolves addressing, and secures or validates the information using encryption or decryption respectively. The FEP sends the raw information to a data store—the utility’s meter data management system (MDMS)—which processes raw data, parses energy usage and other relevant data, associates the information with a utility customer, and makes the information available for other utility applications such as billing, customer information, outage management, and distribution management.
The AMI communications network can use a variety of technologies and both proprietary and standardized communications protocols. The FAN—which operates between the individual meters and the data aggregation point—currently uses predominantly proprietary communications technologies, although standardization efforts are under way. Three primary network topologies are used for the FAN; the most common in the United States is a wireless mesh network. Mesh networks (see Figure 4) use radio nodes embedded within meters that can each act as an end-point or serve to relay or route information to other points in the network. They are usually self-organizing and can sometimes offer redundant communication paths depending on implementation and deployment. Other topologies include a tower network—sometimes called a star network, in which a physical tower or high-mount antenna communicates directly with endpoints—and power line, which carries information across power lines by modulating the AC waveform. Power line topologies in particular can be effective at combatting radio frequency (RF) interference in densely populated areas, but can also require expensive equipment to carry the information long distances or across transformers.
Once meter data reaches the aggregation point through one of these FAN topologies, aggregated data from hundreds of meters travels to the utility over the WAN, which typically uses standardized wide-area communication technologies such as cellular, fiber, or microwave—sometimes from a third-party service provider and potentially shared with other non-utility infrastructure networks.
As with traditional metering, AMI places smart meters in public areas where they are vulnerable to physical tampering. Smart meters, capable of accessing utility networks, are installed on customer property and offer limited physical protections—the hobbyist hacker may have direct access in their own home. Because meters are produced, shipped, and installed in great quantities, numerous opportunities exist for an interested adversary to obtain a functional meter for analysis. If the meter has a wireless interface, the FAN with which it communicates will be visible to anyone with an adequate antenna and wireless network application; many networks might even be visible to off-the-shelf laptops with wireless LAN cards. Additionally, advanced wireless communications analysis tools are widely available for a nominal investment. The proprietary communication networks used in FANs are also difficult to evaluate and prove secure; many early