FEATURE: SMART METERS
months to emerge. By the time they do, the attack has already caused operational and reputational damage.
For utilities and OEMs, the challenge lies in designing systems that can prevent, detect and recover from these threats at the firmware and storage level without relying solely on perimeter defense or cloud-based monitoring.
SMART METERS THAT FAIL EARLY DUE TO FLASH CORRUPTION OR INSECURE UPDATE PATHS RAISE OPERATIONAL COSTS BUT IMPORTANTLY, DAMAGE BRAND CREDIBILITY.
A shifting regulatory landscape
The urgency to secure smart meters is being accelerated by new regulation. The EU’ s Cyber Resilience Act( CRA), due to take effect in 2027, will require digital products to be secure by design. That includes embedded devices like smart meters. Compliance will become a prerequisite for CE marking and market entry.
Under the CRA, vendors must demonstrate:
• No known vulnerabilities at launch
• Default secure configurations
• Long-term vulnerability management and patch support
• Full documentation of security features across the product lifecycle
Similar standards are being adopted outside the EU as well, including the US Cyber Trust Mark, NIST 800-53, and sector-specific frameworks like IEC 62443 for industrial control systems.
For device manufacturers, these regulations add pressure to embed cybersecurity into the firmware, storage systems and update mechanisms of smart meters from day one, not just as an afterthought.
Smart meter data: Building in protection where it matters most
• Confidentiality: Ensuring that sensitive usage and diagnostic data cannot be read or extracted without authorization. This includes encrypting both stored data and encryption keys, and limiting access to device memory.
• Integrity: Guaranteeing that stored data is not altered or lost. This is critical in environments prone to frequent power interruptions, which can cause silent memory corruption if not managed by a fail-safe file system.
• Authenticity: Ensuring that firmware and data updates originate from trusted sources, through digital signing and validation processes.
Together, these three pillars ensure smart meters remain trustworthy, reliable, and compliant throughout their entire operational life.
Engineering resilience into the embedded layer Achieving this level of protection requires more than just adding encryption. It calls for embedded software that’ s designed to operate reliably under stress, handling frequent writes, sudden power loss and constrained memory resources.
Flash-optimised, transactional file systems play a key role here. These systems use copy-on-write methods to preserve data integrity, even if a write operation is interrupted. They also include wear leveling algorithms to evenly distribute memory usage and prevent premature failure.
Some modern embedded file systems can maintain 100 % data accuracy through more than 15,000 hard power cycles, recovering in milliseconds without manual intervention or journal replays. This resilience is vital for meters deployed in remote or unstable grid environments.
Moreover, these systems are designed for lowfootprint devices, operating with as little as 4 KB of RAM and 11 KB of ROM making them ideal for meters running on real-time operating systems( RTOS) or custom embedded stacks.
Anticipating tomorrow’ s threat landscape
Smart meters deployed today will likely still be operating in the 2040s. By then, emerging technologies like quantum computing could make current encryption standards obsolete. Preparing for this requires cryptographic agility, the ability to adapt and update security algorithms over time.
Robust smart meter security starts with securing the data that lives inside the device. That means protecting:
Equally important is ensuring that vendors can provide a transparent Software Bill of Materials( SBOM) and
26 INTELLIGENTCIO EUROPE www. intelligentcio. com