Move to secure Oman’s smart meters from cyber-attacks

Sultanate’s electricity authorities have been deploying tens of thousands of smart meters across the country

  
Image used for illustrative purpose. A participant uses a laptop computer as he takes part in the Seccon 2016 final competition on January 28, 2017 in Tokyo, Japan.

Image used for illustrative purpose. A participant uses a laptop computer as he takes part in the Seccon 2016 final competition on January 28, 2017 in Tokyo, Japan.

Getty Images
 

Seeking to insulate Oman’s elaborate electricity metering system from potential cyber-attacks, the power sector regulator – the Authority for Public Services Regulation (APSR) – is preparing to enact cybersecurity standards and regulations to secure this key component of the country’s power infrastructure.

A draft cyber-security standard combined with a draft regulation for the country’s Electricity Metering System has been made public by the regulator with a view to eliciting feedback from the general public before it is finally issued.

The move comes as countries around the world warn of the risks posed by hackers to electricity meters not only to manipulate meter readings for fraudulent reasons, but more alarmingly, to penetrate the wider electricity infrastructure with sinister objectives.

In recent years, the Sultanate’s electricity authorities have been deploying tens of thousands of smart meters across the country as part of efforts to modernise and digitalise services at the consumer end. These smart meters have enabled, among other things, consumers to monitor and prepay for their consumption, get accurate bills, pay online, and plan their consumption at cost-competitive off-peak hours.

“The objective of this Standard and the Electricity Metering System Regulation (the Regulation) is to ensure that the End-to-End Electricity Metering System (the System) is secure from reasonably foreseeable cyber-attacks, throughout its lifecycle (design, implementation, testing, operation, decommissioning and disposal),” said the Authority in its advisory on the public consultation.

The overarching objective, it said, is to protect the supply of electricity to consumers; prevent financial fraud; provide accurate consumption data to enable accurate and timely billing; protect consumer data; protect the integrity, function and trust in the supply system and market; and support future changes in the electricity supply system and market.

Significantly, the Electricity Metering System is not limited to the smart meter alone, but encompasses the multiple elements at the consumer’s premises, the communications hub, in-house display unit, and all communications and telecommunications used with the system. Not included, however, are the associated systems for customer relationship management, billing, scheduling, payment, and so on.

While representing a tiny component of the power network, electricity meters – because of their widespread distribution and ubiquitous presence – can serve as staging points for more serious cyberattacks, it is pointed out.

“The System will provide a much larger “attack surface” for cyber-attacks with the installation of connected, advanced meters in consumer premises throughout Oman. This increases the cybersecurity risk to the System with the potential to cause disruption of electricity supply to consumers, enable financial fraud, unauthorised disclosure of consumers’ personal data, and undermine confidence in the electricity sector,” the Authority noted.

It stressed, in this regard, the need for a “continuous risk management process to identify, evaluate and treat the risks”.

Interested members of the public have until August 22, 2021, to offer their comments or observations to the Authority on the draft standard and regulation.

2021 © All right reserved for Oman Establishment for Press, Publication and Advertising (OEPPA) Provided by SyndiGate Media Inc. (Syndigate.info).

Disclaimer: The content of this article is syndicated or provided to this website from an external third party provider. We are not responsible for, and do not control, such external websites, entities, applications or media publishers. The body of the text is provided on an “as is” and “as available” basis and has not been edited in any way. Neither we nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this article. Read our full disclaimer policy here.

More From Technology