November 23, 2024

Six Steps for Implementing a Secure AMI Infrastructure

by Balu Ambady

We live in a connected world, with much of our personal information easily accessible through the tap of a finger or the click of a mouse. This connectivity can improve our quality of life, but with progress comes increased security risks. From medical records to credit card information, if data is available electronically, it is susceptible to an attack. Data breaches can happen to any person, company or industry, and utilities are no different.

More and more public service providers, such as electric utilities, are deploying an Advanced Metering Infrastructure (AMI) to improve operational efficiency, customer service and conserve energy. This combination of smart metering and communications technology can greatly improve operations by giving utilities more insight into their infrastructure than ever before.

AMI systems provide utilities endless amounts of data on a continual basis. While this information can help them address operational issues and streamline efficiencies, it is imperative that utilities are properly safeguarding this data from potential data breaches. That’s where data security comes into play. For electric utilities, before beginning an AMI deployment, you should start with a clear plan for making security a top priority to give your customers the best possible protection against cyberattacks.

Protect the Keys to Your Kingdom
Your utility has decided to deploy an AMI network. Now, you must make sure your infrastructure is secure. Here’s a 6-step plan to secure your network and protect your customers’ data:

Step 1: Create a governance framework
To make security a top priority for your organization, you will need senior level, corporate support for the program. Clearly defined roles, responsibilities and accountability, combined with proper auditing and reporting allows for adequate risk management. While engineers and system administrators provide a wealth of knowledge and expertise for implementing security measures, senior management must back a company culture that requires every employee to comply with the security policies. Security governance and security management programs help align information security strategy with business objectives and compliance requirements, while helping manage risk. This will leave less room for hackers to find an alternate route into your system or for employees to make innocent mistakes that can harm the security of your network.

Step 2: Develop clear policies and procedures
Once you have strategic oversight through the governance and management framework, you need to develop controls that will cover all aspects of your AMI system security, typically designed to protect Confidentiality, Integrity and Availability (CIA). While you strive to obtain company-wide support and compliance for your security program, it is crucial to develop high level policies clearly defining roles and responsibilities for security management and listing the rules and controls required for network access. You policies also need to be supported with standards and guidelines that detail mandatory and non-mandatory controls. These are supported by procedures that cover step by step instructions for implementation, for example specific operational steps for setting up firewalls, handling the encryption keys or performing backups. A security awareness and training program rounds this out. These steps will help protect your organization, and in the event of a problem, you’ll know how to address the issue.

Step 3: Develop and Implement a deployment plan
Proper planning is required to make sure that deploying security controls during your AMI deployment goes smoothly. Working with your AMI vendor, a security assessment helps you identify all assets that need protection, as well as potential threats to your network. For each threat, risk assessment and risk prioritization leads to the development of an actionable plan for secure deployment. Several of the following technologies may be implemented to help you design and deploy a layered defense for your AMI network.

Your demilitarized zone (DMZ)
DMZs with dual firewall architecture provide a layer of security to your organization’s network by tightly regulating traffic entering and exiting your network. A DMZ network usually contains three zones, a trusted zone (Internal), a DMZ (Less Trusted) and an External Zone (Untrusted). When deploying your AMI servers, they can be integrated with your existing DMZ network. Typically, the AMI head-end server(s) resides in the DMZ behind the perimeter firewall, while the AMI database and other AMI components reside in a more trusted zone that is separated from the DMZ by the back-end firewall. Other remote components of the AMI system such as Collector/Gateways may be configured to securely communicate with the AMI head-end server over virtual private networks (VPN).

Set up role-based access control
On all the servers that will be part of your AMI network, make sure they are controlled through role-based access control, or RBAC. This is an approach to restricting access to authorized users based on the role of the individual. Operations on the AMI servers are assigned to specific roles, and the RBAC restricts access based on permissions associated with each role. For example, different roles may be assigned for users responsible for managing smart meters versus administrators.

Secure remote access with multifactor authentication
Administrators and other users may require remote access to your systems. The more secure method for your remote users to access your system is using multifactor authentication (MFA). Using only usernames and passwords has drawbacks, for example, users may choose easy to guess passwords for their login, which can pose major security threats to your AMI network. MFA is a security system that requires more than one method of authentication from varying categories of credentials to verify a user’s identity. For example, remote users may be prompted to use an entry code generated on a security token in order to access the system in addition to their username and password. This is a more secure method for remote entry and can greatly reduce the attack surface compared to using only username and passwords.

IDS and IPS for your AMI
Creating a properly protected network, including careful placement of intrusion detection systems (IDS), and Intrusion Prevention systems (IPS), is critical to safeguarding against cyberattacks. These technologies should be placed at critical ingress or egress points within the network to ensure maximum coverage of traffic. In addition to network protections, Host Based IDS/IPS software should be deployed on AMI systems to provide additional layers of security against local system threats. During the configuration of all of these technologies you should make sure that the auditing and logging are properly enabled, along with continuous monitoring and recording of all events to alert on suspicious activity.

Encrypt AMI network traffic
When you are deploying an AMI system, it is critical to enable encryption on all relevant portions of your network. Encryption is the process of encoding messages or information in a way that only authorized users with encryption keys can access it. Should someone break into your communication system, message encrypting prevents the interceptor from reading your information. By encrypting network traffic on all parts of your AMI network, you will protect your system all the way from the end points (electric, water or gas meters) to the head-end system.

Create redundant communication channels
In addition to enabling encryption on your communication network, make sure that your communication channels have redundancy with multiple paths. This protects from denial of service (DOS) type cyberattacks. Your AMI communications networks should be designed so that all endpoints, such as electric meters, can communicate with more than one collector. This way, if a certain collector is taken down (either for regular maintenance or due to a cyber- attack), your endpoint communication with the head of the system can still continue without interruption.

Secure Configuration and Patching
From the very start of your AMI network deployment, make sure that all systems are properly configured to reduce exposure. During configuration, make sure that the underlying operating system, as well as any applications and additional software is securely configured and hardened to prevent intruders from accessing AMI information. In addition, these systems also need be continuously updated with latest software patches and hot fixes from the operating system and application vendors.

Step 4: Test and re-test before roll-out
After you have built up your secure AMI network, make sure that you test and re-test before rolling out your system to your customers. Start by testing in the lab to make sure there are no bugs or errors. Once you have fixed any errors found during your testing, it is recommended to do a small pilot with a few hundred endpoints. This will help you see how your system performs in the field, while keeping the program at a smaller scale so you can resolve any issues before a mass deployment. Once you feel comfortable with the performance and adequacy of your security during the pilot, you can deploy in larger numbers until you have deployed the system to all of your customers.

Step 5: Schedule regular maintenance
While your system may have been secure when you first implemented it, you should also schedule time for regular maintenance and patching to keep it secure. Have an operations team whose sole job is maintaining the security of your AMI system conduct routine maintenance checks. To get the most out of your technology investment, schedule regular updates, patching and maintenance on a monthly basis.

Step 6: Get third-party pen-tests and reviews
You may think you have secured every possible entryway into your AMI network, but it is still important to get a second or even third pair of eyes to review your work. There are third-party reviewers and penetration-test venders who specialize in checking the security of your system. Consider conducting an annual or bi-annual pen-test, especially if you are going through major system changes. These experts can look at your system security to identify weaknesses and give recommendations on ways to improve upon your program.

There are many moving parts in an AMI deployment, but it is critical to not let security fall to the wayside. Following an organized security plan can greatly cut down on confusion and miscommunication during this process, helping you derive benefits from your AMI system faster.

Find a Trusted Partner
AMI is an extremely useful technology because it helps utilities improve their operations and provide customers with more insight into their energy use. However, the threat of data breaches is growing. To reap maximum benefit from your network, it must be secure. This is why it’s important to use multiple levels of defense that can be employed to significantly reduce your risk.

If you are at a loss for where to begin when connecting your network, you can also partner with a communications company to securely host your network. This can be especially helpful for smaller utilities who do not want to invest the additional capital in IT, office space and specialized employees. A trusted partner will monitor your servers and network connections around the clock, provide software patches and updates, and ensure that you have access to the latest features.

Because your utility’s main job is to provide customers with a reliable service, it is important to find partners who can defend your network. Having this trusted partner can make the difference when fending off viruses, hackers, or securing against innocent mistakes. You can rest at ease knowing the data you and your customers’ rely on is secured.
 

About the Author

Balu Ambady is the director of security for Sensus. As an information security leader with more than 20 years of experience, he has expertise in creating advanced security infrastructure and developing security compliance programs. Prior to joining Sensus, Balu served as the director of advanced technology and security for CableLabs where he managed the design and development of video architecture and security. Balu is a Certified Information Systems Security Professional and Certified Information Security Manager.