Seeking to insulate Oman’s elaborate electricity metering system from potential cyber-attacks, the power sector regulator – the Authority for Public Services Regulation (APSR) – is preparing to enact cybersecurity standards and regulations to secure this key component of the country’s power infrastructure.
A draft cyber-security standard combined with a draft regulation for the country’s Electricity Metering System has been made public by the regulator with a view to eliciting feedback from the general public before it is finally issued.
In recent years, the Sultanate’s electricity authorities have been deploying tens of thousands of smart meters across the country as part of efforts to modernise and digitalise services at the consumer end. These smart meters have enabled, among other things, consumers to monitor and prepay for their consumption, get accurate bills, pay online, and plan their consumption at cost-competitive off-peak hours.
“The objective of this Standard and the Electricity Metering System Regulation (the Regulation) is to ensure that the End-to-End Electricity Metering System (the System) is secure from reasonably foreseeable cyber-attacks, throughout its lifecycle (design, implementation, testing, operation, decommissioning and disposal),” said the Authority in its advisory on the public consultation.
The overarching objective, it said, is to protect the supply of electricity to consumers; prevent financial fraud; provide accurate consumption data to enable accurate and timely billing; protect consumer data; protect the integrity, function and trust in the supply system and market; and support future changes in the electricity supply system and market.
Significantly, the Electricity Metering System is not limited to the smart meter alone, but encompasses the multiple elements at the consumer’s premises, the communications hub, in-house display unit, and all communications and telecommunications used with the system. Not included, however, are the associated systems for customer relationship management, billing, scheduling, payment, and so on.
While representing a tiny component of the power network, electricity meters – because of their widespread distribution and ubiquitous presence – can serve as staging points for more serious cyberattacks, it is pointed out.
“The System will provide a much larger “attack surface” for cyber-attacks with the installation of connected, advanced meters in consumer premises throughout Oman. This increases the cybersecurity risk to the System with the potential to cause disruption of electricity supply to consumers, enable financial fraud, unauthorised disclosure of consumers’ personal data, and undermine confidence in the electricity sector,” the Authority noted.
It stressed, in this regard, the need for a “continuous risk management process to identify, evaluate and treat the risks”.
Interested members of the public have until August 22, 2021, to offer their comments or observations to the Authority on the draft standard and regulation.
2021 © All right reserved for Oman Establishment for Press, Publication and Advertising (OEPPA) Provided by SyndiGate Media Inc. (Syndigate.info).