AMI System Security

Security audits and protecting
AMI systems and smart meters
from cyber attacks

AMI System Security

Security audits
and protecting AMI systems and smart meters from cyber attacks

In the last couple of years, energy providers have been expanding their infrastructure, whether by replacing previously used meters with Smart Meters or integrating newer models equipped with integrated remote metering systems. The EU 2009/72/WE Directive enforces a requirement for at least 80 percent of energy receivers to be supplied with smart meters by 2026, creating several new responsibilities for energy distributors, namely subjects such as meter and router management, ensuring sufficient communication standards, storage of passwords and DLMS authentication keys as well as software updates.

As we know, a successfully finalised process of implementation of smart energy monitors can be hard to achieve, which is why we would like to highlight the importance of implementing sufficient security measures to protect AMI systems from cyber attacks.


Smart meter security analysis

Smart meters are built-in devices equipped with displayed communication interfaces and just like other electronic devices, they can be vulnerable to local and remote attacks. Conducting audits of the equipment before finalising the purchase is the most efficient way to make sure we choose the most secure devices available. Additionally, while the auditing processes are ongoing, we can ensure all the necessary changes to firmware have been implemented and are sufficiently secure.

Security audits of routers, PLC modules, and concentrators

A security assessment and configuration hardening are the best way to prevent remote attacks and potential data leaks.

Security audits of network devices

Smart meters, although crucial for the functioning of AMI systems, are not the only important element. Each AMI system consists first and foremost of vast infrastructure in which each element’s security needs to be ensured.

Correct firewall rule and network configuration

Using proprietary tools we will analyse Your AMI network traffic and restrict the firewall rules to the minimum required for operational efficiency of the network, leaving no security gaps which could potentially be exploited.

Head End System hardening

Head-End Systems consist of a large number of independent components, which we will update along with conducting hardening processes focused on HES security.

Implementation of Public Key Infrastructure (PKI)

To ensure operational continuity, the communication channels between network devices and HES must maintain their confidentiality and integrity. A correctly implemented PKI system can provide secure, encrypted means of communication as well as ways to authenticate terminal equipment on HES.

General controls audit

After finalising the implementation process, we will conduct a comprehensive audit of system security using Red Team tactics (an analysis of system security from an attacker’s perspective).


Secure meters and concentrators
Thanks to our services, you can be confident that all of your terminal devices meet all necessary security standards and use secure firmware components, encrypted communication channels, proven DLMS/COSEM protocols resistant to local and remote attacks.

Secure communication
We conduct verifications of communication encryptions and authentications of devices.

Secure HES
To ensure HES security, we use server and software configuration hardening to eliminate potential attack vectors from database servers and offer balancing and utility management services.

Secure infrastructure
Through infrastructure audits conducted alongside hardening processes and restricting traffic to a minimum required for operational efficiency of the network, we efficiently limit potential attack vectors on AMI systems.


Before purchasing equipment

Purchasing an AMI system is a huge investment, often costing millions of PLN. To avoid any purchases of smart meters, concentrators, or hardware you might regret, we recommend conducting a few security and safety tests of the devices you might be interested in buying before you finalise the purchasing processes.

During the implementation process

If the purchasing process has already been finalised but the AMI implementation process has not yet been completed, it is your last chance to conduct a safety audit of the equipment without it negatively affecting the system. The remaining time before you start up the system can be used to carry out an audit of the equipment and improve the security of the meters’ and concentrators’ software, including hardening processes of the infrastructure.

Testing systems in operation

If the AMI system is already operating during production, but you have doubts about the status of its security, you can conduct a security analysis of the measuring infrastructure equipment. If the infrastructure supplier is unable to provide security patches for the equipment’s software, we can recommend other corrective measures and carry out hardening processes of the infrastructure to reduce the number of potential attack vectors.

We discussed the subject of threats for AMI systems and smart meters during the following events:


We will help you select solutions best suited for your company

Please fill out the form below and we will contact you shortly


    * required

    The Personal Data Administrator is SEQRED Sp. z o.o. with the registered office in Warsaw, Rybnicka 52, 02-432. Personal data processing is conducted in accordance with the governing law, the Personal Data Protection Act in particular, in order to respond to the message sent through the contact form. The provided personal data will be processed over the period of time necessary to deal with the correspondence. Providing the personal data is voluntary, but necessary each time a the contact form is filled out and submitted for us to be able to respond to the sent message.


    Details concerning the processing of your personal data, and your rights in particular (including the access to the data, correcting the data, removing it or restricting its use, raising an objection to its use, its transfer, or withdrawal of consent), are specified in the Privacy Policy.