According to European legislation, 80% of the electricity meters rolled out to consumers by 2024 are required to be smart meters, as a part of the ‘smart grid’ concept. While the deployment of the electrical ‘smart grid’ infrastructure increases its functionality, at the same time the risk associated with its operation increases i.e. through substantial extension of potential cyberattack surface. Hence, the security testing of such solutions as Advanced Metering Infrastructure (AMI) and Smart Meters as well as their security controls must be of the highest standards. The presentation goes through cybersecurity control mechanisms that act as a countermeasure for the most common and critical misconfigurations and vulnerabilities in Advanced Metering Infrastructure. Based on recent engagements’ results, the security research team prioritised, designed and verified the efficiency of security capabilities that when introduced to Advanced Metering Infrastructure and Smart Metering project scope and architecture design are able to mitigate risks stemming from overall solution complexity and fragmentation.

About the speaker

Krzysztof Swaczyński

CEO, Seqred International

Krzysztof Swaczyński is a strategic advisor in the field of OT and IT security. He is a founder and board member of Seqred – cybersecurity shop focused on testing and improving security in ICS field. He gained his experience while working for strategic consultancy companies – EY and BCG. He advised global organisations in government, power and utilities, manufacturing, air transportation. His experience includes working with the European Commission’s DG HOME overseeing strategic IT and OT solutions quality and security. He worked with the management boards, CIOs, CISOs, whom he advised on fulfilling their potential and eliminating the risks stemming from new technologies. In his current professional capacity, Krzysztof leads a team of OT security consultants, and his researches specialises in vulnerability assessments, penetration testing and implementing OT security capabilities. He is a holder of GIAC: Global Industrial Cyber Security Professional (GICSP) Certificate and GIAC Response and Industrial Defense (GRID) – globally recognised industrial cybersecurity certification.
Read more …