Today, there are close to two billion electricity meters installed worldwide, but less than 10% of them are considered “smart” meters with two-way communications. This will change over the next few years as next-generation meters are developed and installed. Add to those numbers the meters uses for gas and water, and the number of meters can easily double to four billion or more.
Next-generation smart meters will provide a gateway into the home and allow both the utilities and consumers to manage consumption. Utilities can set up dynamic pricing to provide incentives to consumers to shift peak loads, while consumers can better track their usage and decide when not to use appliances that consume large amounts of power to reduce their energy bills. Data regarding usage can initially be accessed over the internet using a PC or smart phone that links to the utility so that consumers can access off-line usage data, but in the future consumers might be able to directly log onto the smart meter to get real-time consumption data. Keeping that data secure is one of the major challenges facing both the utility companies and the e-meter vendors.
Local attackers have physical access to the meter, network gateway, or a connection between these components. They can try to disclose or alter assets that are stored in the meter or gateway or while data is being transmitted between meters in the metropolitan area network and the gateway. This threat model assumes that the local attacker has less motivation than the WAN attacker since a successful attack of a local attacker will only impact one gateway. The local attacker could also be the consumer trying to get services without paying for them.
An attacker located in the WAN (WAN attacker) can try to compromise the confidentiality and/or integrity of the meter data and/or configuration data transmitted via the WAN. Or the attacker can try to conquer a component