Proving the Business Case for the Internet of Things

ADD Grup partners Thales to add security to smart meters

Steve Rogerson
October 6, 2015
Moldova-based ADD Grup is using Thales KeyAuthority to protect the credentials inside smart meters and create a secure system-wide root of trust, protecting consumers, utility companies and the energy supply chain from fraud and cyber-attack.
The company is implementing the security system to protect and manage the cryptographic keys used to secure data exchange between smart meters, in home displays (IHDs) and the central system, providing a trustworthy and efficient way for utilities to manage security throughout their network.
The entire supply chain from design to field operation is protected with a high assurance key management system to secure communications between each layer and that can scale to support future encryption requirements.
"Authentication, secure communications and high integrity messaging are core security foundations in the proliferation of connected things and smart devices and this is especially critical in the deployment and management of smart metering as any compromise can have devastating results,” said Adrian Bulicanu, software R&D manager for ADD Grup. “Thales KeyAuthority allowed us to deploy advanced security measures to our smart meter infrastructure giving customers and consumers peace of mind that their information is not tampered with and that the infrastructure is protected from attack or insertion of rogue devices."
The system automates key lifecycle management across all layers of the energy supply chain. It lowers risk of security breaches with high assurance, reliable hardware designed to FIPS 140-2 level three. Policy can be centralised using a single approach to control and audit keys. And it shortens development and implementation with the KMIP key management interoperability protocol.
"Many utility companies are now installing smart meters to help customers monitor and manage their power usage and help them be more energy efficient,” said Cindy Provin, president of the e-security division of French company Thales. “Unfortunately, with this connectivity brings risks. Poorly protected credentials and data stores inside smart meter devices leave them vulnerable to tampering, potentially allowing attackers to manipulate energy use figures, cut off the power of specific meters and in severe circumstances even take them over completely. Thales is delighted ADD Grup chose Thales KeyAuthority to provide the heightened security required to assure its customers that their data are protected and that the smart metering infrastructure is protected from attack."
KeyAuthority is a hardened cryptographic appliance that provides assurance key management to users of storage applications and systems with embedded encryption. It supports the widely accepted industry standard KMIP to allow comprehensive endpoint interoperability. Central administration combines consistent key lifecycle policy enforcement and access controls with auditing to help ensure data recovery and long-term business continuity. It scales to support millions of keys, and its tamper-resistant and evident security boundary – which includes the entire chassis for higher assurance protection – has been designed to FIPS 140-2 level three.
ADD Grup develops and manufactures Addax IMS, an interoperable advanced metering infrastructure system using Prime, G3-PLC open protocols with the application of security measures. It has supplied more than four million Addax smart meters to 20 countries.