Smart Meter Security

Assessing and securing smart meter deployments.

Smart meter technology is a key component of the Advanced Metering Infrastructure (AMI) that will help the smart grid link the flow of electricity with the flow of information. However, privacy and security concerns surrounding smart meter technology arise from the meters’ essential functions, monitoring and transmitting consumer data over a network. Corporations needs to understand how to ensure the safety and security of consumers' power supply.


Secure deployment of smart meters coupled with regular testing will help secure your infrastructure against new vulnerabilities, risks, and changes in your environment. This will also facilitate continual compliance with regulatory requirements. 


SecureState’s hands-on experience testing smart meters can provide your organization with a low risk solution to dealing with your critical systems and data.

Approach and Methodology

SecureState can perform a variety of assessments to test the security of your smart meters, including:

  • Device Penetration Review: SecureState performs a physical review of each device to determine the location of access points, including serial and ethernet ports. This includes assessing the physical security controls for each device. SecureState then uses documentation provided by your organization or available publicly to identify connection methods. SecureState begins penetration testing with simplistic attacks that a basic hacker or beginner would attempt. SecureState then gradually increases the sophistication of the attacks to identify a wide spectrum of vulnerabilities.
  • Device Configuration Review: SecureState performs a device configuration review to scan devices for administration, authentication, and best practice standards based upon current system hardening guidelines provided by CIS, NIST, DISA, and vendor specific guidelines. This assessment exposes potential misconfigurations and/or vulnerabilities, allowing SecureState to tailor a prioritized remediation plan targeting critical or high risk issues.
  • Application Review: SecureState performs in-person interviews, review of the proposed architecture designs, and discussions to identify exposures and understand the application architecture and data flow.
  • Physical Security Assessment: SecureState performs a review of physical security controls at deployed device locations.
Get Started!