Smart Meter Penetration Testing

As part of the power grid, smart meters link the flow of electricity with the flow of information. Penetration testing uncovers the risk of unsupervised customer access to smart meters.

Smart meters in buildings are replacing analog meters to monitor and transmit user data to the power grid. However, security flaws could allow anyone with physical access to change the data stored in the meter, or for malicious actors to obtain and modify data or disrupt the meters’ functionality. Given the sensitivity of this information and the need for accurate readings, meter security must be tested.

Regular testing of smart meters will help identify vulnerabilities, risks and changes in the metering infrastructure (e.g., configuration, network architecture). This assessment covers both the physical and logical controls currently protecting these devices and enables compliance with regulatory requirements.

RSM’s physical review of the smart meter maps the location of access points and assesses its physical security. Our professionals identify connection methods, then benchmark system behavior and determine possible abnormalities. Based on these findings, we simulate actual attacks against the device to identify and exploit vulnerabilities.

This methodology utilizes common attack vectors and thus mirrors how real attackers would target the devices. Testing the security of these devices allows organizations to show due diligence and to improve the smart meter’s performance in monitoring usage.