Water is a critical resource that’s under increasing pressure worldwide. According to UN estimates, more than 700 million people face water scarcity currently and by 2025, two-thirds of the world’s population will live under water-stressed conditions.
Preserving water, a precious resource, is therefore a key priority for all stakeholders. In this, technology can play a central role. For example, smart meters allow both households and utilities companies to monitor water consumption more accurately and on an ongoing basis.
These devices can empower consumers to control and reduce their own consumption and enable water companies to identify leaks. In times of significant water scarcity, water meters can support measures like hosepipe bans or seasonal tariffs when necessary.
There is significant potential for the advanced metering infrastructure (AMI) technology - a connected system of smart meters and communication networks that allow data gathering between utility companies and customers - to support more intelligent water consumption, which will be vital as urban populations continue to grow.
But as meters become smarter, they also become vulnerable to security issues. To ensure the security of the smart meter infrastructure, water industry stakeholders must consider key security challenges and best practices. By considering security from the outset, experts can ensure that their smart meter system is fully secure and will remain resilient in the face of attacks, while delivering the best outcome for customers, the water company and water supplies.
With the growing sophistication of cybercriminals and rising attacks against key infrastructure, the issue of security in the water industry is more prominent than ever before. The water network is part of critical national infrastructure and is coming to represent an increasingly tempting target for cybercriminals. An attack on the water system could be very impactful, due to its sheer importance to daily life.
Steven Tripper, Chief Information Security Officer at Anglian Water in the UK, warned that hackers tend to attack small suppliers as security tends to be less and that typically between 20,000 – 30,000 cyberattacks are defended against each month. Perhaps more worryingly, he points to a typical gap of 250 days between the initial incursion and discovery of the attack.
Criminals could disrupt the function of smart meters by sending multiple signals on the same frequency, flooding the airwaves and disrupting the flow of information; this would effectively be the equivalent of a Distributed Denial of Service (DDoS) attack. Even more far ranging, with some smart meter systems, criminals could breach the entire IT network of the company, with potentially devastating consequences ranging from customer data theft to system shutdowns.
The Internet of Things (IoT) is already delivering significant value for the water industry. Companies can track the quality, pressure and temperature of water, at every point from the plant to the point of consumption – all in near real-time and with greater accuracy than ever before. Leaks can be detected quickly, whether within customer homes or at other points in the network. And in the long term, data can inform more evidence-based planning and demand management.
Hackers are constantly looking for new security vulnerabilities and ways to attack businesses. Security measures must constantly evolve to meet the changing threats, which is precisely why water companies often share reactive and proactive threat intelligence.
When considering a smart meter infrastructure, it’s valuable to choose a partner committed to maintaining the best level of security available and constantly developing solutions to face the moving threat landscape. All GDPR requirements should be met and data cannot be used in a way that breaches the regulations.
To define best practice in AMI, technology providers are working together to develop industry standards, with governing areas including security. By understanding the standards set by technology experts – and how devices meet them – water companies can ensure that their own smart meter infrastructure meets the highest security requirements.
It’s also critical to balance robust security measures with the best device and network performance. As with all complex networks, smart meters must match security measures with usability, testability, physical constraints – and of course overall performance.
Here are five considerations for data protection on the water network:
Ian Sykes is Regional Director at Sensus.