ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

Smart Metering

The NERC standard for Critical Infrastructure Protection will extend to smart metering implementations that connect back to SCADA systems. Smart metering systems pose potentially grave security threats as:

  • They may connect directly to SCADA networks, with no security filtering between SCADA and the newly extended networks.
  • The technology vendors of AMI or advanced metering infrastructure may not include sufficient security for a specific SCADA network.
  • There may not be a security policy or plan in place for a new AMI deployment
  • There may not be any or sufficient security monitoring in place for a new AMI deployment.

There are several major drives for deploying smart metering across North America. Two such examples are:

  • The Ontario Energy Board (OEB) establishing targets for the installation of 800,000 smart electricity meters by December 31, 2007 and installation of smart meters for all Ontario customers by December 31, 2010, (called the Smart Metering Initiative or SMI).
  • FERC's interest in the reductions of the cost of electricity in the USA. The Federal Energy Regulatory Commission, FERC, identifies in a September 7, 2007 press release: "Demand

  response is playing a more important role in U.S. electricity markets," Chairman Joseph T.
     Kelliher said. "Last year, demand response played a key role during a summer when we set
     record electricity demand levels in eight regions of the country. But we need to make more
ERE has recognized very early that smart metering will become a fact of life all of our electrical utility clients and has such has increased the scope of our NERC CIP compliance audits to include smart metering.
ERE audits smart metering with the same audit methodology for examining other extensions of a SCADA network, such as remote substations, pole equipment, transformer stations, and remote computers.
An ERE audit report of a smart meter deployment includes identifying all the security vulnerabilities and potential exploits and recommendations of how to mitigate or fix all of them. The scope of the audit always includes: security policy, training, and a score for the CIP audit.

Additional Resources
Contact ERE for a copy of the document, which was previously posted at


Contact Us

905 764 3246

  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button