Water is a critical resource that’s under increasing pressure worldwide. According to UN estimates, more than 700 million people face water scarcity currently and by 2025, two-thirds of the world’s population will live under water-stressed conditions.
Providing clean water and sanitation for all is one of the UN’s Sustainable Development Goals. In this, technology can play a central role. For example, smart meters allow both households and utilities companies to monitor water consumption more accurately and on an ongoing basis.
These devices can empower consumers to control and reduce their own consumption and enable water companies to identify leaks. In times of significant water scarcity, water meters can support measures like hosepipe bans or seasonal tariffs when necessary.
There is significant potential for the advanced metering infrastructure (AMI) technology - a connected system of smart meters and communication networks that allow data gathering between utility companies and customers - to support more intelligent water consumption, which will be vital as urban populations continue to grow.
To ensure the security of the smart meter infrastructure, water industry stakeholders must consider key security challenges and best practices. By considering security from the outset, experts can ensure that their smart meter system is fully secure and will remain resilient in the face of attacks, while delivering the best outcome for customers, the water company and water supplies.
With the growing sophistication of cybercriminals and rising attacks against key infrastructure, the issue of security in the water industry is more prominent than ever before. The water network is part of critical national infrastructure and is coming to represent an increasingly tempting target for cybercriminals. An attack on the water system could be very impactful, due to its sheer importance to daily life.
Steven Tripper, Chief Information Security Officer at Anglian Water in the UK, warned that hackers tend to attack small suppliers as security tends to be less and that typically between 20,000 – 30,000 cyberattacks are defended against each month. Perhaps more worryingly, he points to a typical gap of 250 days between the initial incursion and discovery of the attack.
Criminals could disrupt the function of smart meters by sending multiple signals on the same frequency, flooding the airwaves and disrupting the flow of information; this would effectively be the equivalent of a Distributed Denial of Service (DDoS) attack. Even more far ranging, with some smart meter systems, criminals could breach the entire IT network of the company, with potentially devastating consequences ranging from customer data theft to system shutdowns.
The Internet of Things (IoT) is already delivering significant value for the water industry. Companies can track the quality, pressure and temperature of water, at every point from the plant to the point of consumption – all in near real-time and with greater accuracy than ever before. Leaks can be detected quickly, whether within customer homes or at other points in the network. And in the long term, data can inform more evidence-based planning and demand management.
Hackers are constantly looking for new security vulnerabilities and ways to attack businesses. Security measures must constantly evolve to meet the changing threats, which is precisely why water companies often share reactive and proactive threat intelligence.
When considering a smart meter infrastructure, it’s valuable to choose a partner committed to maintaining the best level of security available and constantly developing solutions to face the moving threat landscape. At Sensus, we’re committed to constantly assessing the latest challenges and the new technologies that can be applied to counter them.
We work with water companies to ensure that all GDPR requirements are met and data cannot be used in a way that breaches the regulations. The Sensus system also renders the transmission of location data from the meter itself which is optional. Water companies can instead choose to have meters identified by their own unique codes, so while the central IT system knows the location of the device, that information is never transmitted over the airwaves.
Smart water meters like Sensus static meters are sealed, waterproof units, designed to last unopened throughout their service life of around 15 years. This means that they do not require physical maintenance and can be securely located below ground, minimising the risk of physical interference.
Technology providers within the AMI space collaborate to create industry-wide standards for smart meter applications. Sensus maintains close ties with major standards bodies to ensure its contribution to evolving standards. A critical part of Sensus’ design roadmap covers how standards are changing and how this will be reflected within smart meter products.
To define best practice in AMI, technology providers are working together to develop industry standards, with governing areas including security. By understanding the standards set by technology experts – and how devices meet them – water companies can ensure that their own smart meter infrastructure meets the highest security requirements.
It’s also critical to balance robust security measures with the best device and network performance. As with all complex networks, smart meters must match security measures with usability, testability, physical constraints – and of course overall performance.
Here are five considerations for data protection on the water network:
- Ensure that you understand all the data you hold and where it’s stored
- Pay close attention to where and how you’re transmitting personal information
- Ensure that your smart meter architecture has been designed with data protection in mind
- Educate staff on GDPR, including the requirements, risks and penalties
- Understand your obligations in the event of a data request or breach – and have procedures in place to respond quickly.