HOT|COOL SPECIAL COLLECTION 2/2023

1. The collection of billing information is important to all utility companies. This data must be correct, complete, and con- sistent if a utility company is to issue accurate bills and re- tain its customers’ confidence. Moreover, if a utility compa- ny is unable to demonstrate that correct billing information is collected from its metering infrastructure, the regulator may ultimately revoke the organisation’s license to operate. Therefore, the priority of the three security properties must be Integrity, Availability, and Confidentiality (IAC) in order of decreasing importance. 2. In addition to collecting the metering information from all subscribers, the utility company must maintain customer information about each subscriber. This includes informa- tion about the name and address of the subscriber, pay- ment methods, and history, e.g., if the customer is in arrears, so this is personal data regulated by GDPR. Therefore, the priority of the three security properties must be Confiden- tiality, Integrity, and Availability (CIA). Interestingly, billing information becomes customer data once received from the meter and associated with the individual customer, so the priority of security properties of meter data changes from when sent over the network to when it is received and stored on the DH organisations system. This is primarily im- portant for the choice of security measures implemented to protect the data. 3. Finally, the utility must be able to control the production and distribution of heating throughout the network to meet its customers’ actual demand. Actively controlling the infrastructures requires controlling pumps and chang- ing valve settings, which again requires reliable distribution of control signals throughout the district heating network. These control signals must arrive quickly and reliably, so the priority of the three security properties is Availability, Integ- rity, and Confidentiality (AIC).

Security Mechanisms

We have seen that the priority of the three security properties differs for each of the main security goals. In the following, we look more closely at the security challenges and mechanisms normally used to address these challenges. Secure Collection of Billing Information The secure collection of billing information relates to the cor- rectness of the measurements performed by the heating me- ter and the security of the communication between the meter installed at the subscriber address and the backend systems installed at the district heating organisation. Ensuring the integrity of the meter data requires the correct production, configuration, and operation; this includes protec- tion against tampering by customers who may wish to reduce their bills. Most of these goals can be achieved by having cer- tified professionals install the meter and putting a seal on the meter to allow detection of customer tampering. Protecting the integrity between the meters and the DH organisation’s backend systems requires the ability to authenticate the meter to the backend system and detect data modification in transit; both requirements are typically addressed using cryptography.

24 HOTCOOL SPECIAL COLLECTION no.2 / 2023

Made with FlippingBook - Online magazine maker