Energy Identity Theft: We’re Way Beyond Plugging in the Meter Upside Down

The benefits promised by Smart Grid technology bring with them a new form of loss -- energy identity theft.  Theft by meter tampering may be replaced by the much more lucrative business of directly consuming electricity and then  diverting record of the consumption to other ratepayers’ usage profiles.  Another potential form of energy identity theft is illegally brokering customer information.

We need only look to the development and ultimate explosion of e-commerce and cashless transactions to understand the opportunities that the Smart Grid presents to the smart thief.  Over the past three years, over 223M individual financial records and identities have reportedly been compromised.  Many of these incidents have resulted from unauthorized access to stored information by outside hackers or insiders with access.  So exactly how is this relevant to the Smart Grid?  The relationship is entirely parallel to the current-day data corollary -- the Internet.

It takes a (smart) thief

All a smart thief needs to know is the Smart Grid identities of the various consumption and metering devices of a business or residence, coupled with a working knowledge of Smart Grid protocols.  Using the Internet as an example, it is not difficult to spoof an Internet Protocol address or clone a MAC (modem identifier) address.  By doing so, it makes the location of illicit activity much more difficult to trace.  The same techniques could potentially be applied to the Smart Grid.  An end-user might never have to pay for consumption by having usage reported under other customers’ devices and meters.  Or, as another example, an end-user enrolled in a demand-side management program could claim the financial benefits of peak-shaving performed by other end-users.

As the competing Smart Grid protocols are evaluated, it is critical that network security and integrity are key factors in that discussion.  Consumer confidence will be vital to acceptance of the technology and its benefits as well as the monthly bill when it arrives.  Many utilities face the routine call from consumers astounded at their usage.  In a Smart Grid environment, the first line of consumer challenge will be that somehow the consumer has been charged for someone else’s consumption, or not properly credited for participation in demand-side management. 

Adequate security will be a threshold challenge

Security will be an important threshold challenge to the deployment of the Smart Grid because, while there is no real alternative to being an electricity consumer, Smart Grid deployment will require a wide variety of stakeholders to agree to its adoption.  Unless there is a robust technological and legal framework to address the risks of identity theft and tampering, the promise of the Smart Grid may never be realized.

It is likely that just as identities, credit and debit card numbers, and other financial information are routinely harvested and put up for sale on the Internet, so will be Smart Grid identifiers and related information.  Thus, it is likely such crimes will not be the act of an isolated thief who works to reduce his or her electric bill, but rather it could become a robust criminal enterprise. In addition to system architecture, other key issues that must be addressed include a framework to ameliorate potential utility liability.  This and other issues will be discussed in future articles.

Email Eric Breisach at Fleischman Harding