TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / solutions / industries / energy & utilities

energy & utilities

For over a decade, local and national government bodies around the world have been investing in “smart” initiatives – digital, intelligent, innovative & sustainable projects. One pioneering application for hardware security in this context is the smart energy sector, with its smart grid and smart meters. Energy infrastructures are a fundamental resource for today’s way of living. They are widespread, vulnerable and a strategic target for cyber-attacks – which is why they need to be protected.

HSMs for energy & utilities

How to secure smart metering, the energy sector & other utility companies

The Root of Trust for smart grids & smart metering environments

Just as any endpoint, smart grid devices collecting, storing and using business data or consumer information are vulnerable to an attack. How can governments & utility companies ensure that both their own and their citizens’ data is neither abused nor manipulated? How can they avoid financial or reputational damage to affected parties?

This huge network of connected end points and all their collected data needs to be encrypted, end-to-end! Governments and public authorities overall need to ensure that this is done properly.

Compared to software solutions, hardware solutions such as Hardware Security Modules (HSMs) offer maximum security even in the most hostile environments. The module can detect an attack when it is happening, including mechanical intrusions, overheating, power blackouts or chemical attacks, and automatically initiates the immediate deletion of cryptographic keys. In comparison, software-based keys can be captured in the moment of unlocking. Thus, they offer attackers the opportunity to study the software and attack via side channels, exploiting vulnerabilities and running attacks remotely.

With a FIPS 140-2 Level 3 (tamper evident) or Level 4 (tamper resistant) certification, Utimaco HSMs are ideally suitable for use within smart grid & smart metering environments. A FIPS 140-2 Level 4 physical security certified HSM is the perfect solution when the highest possible resistance against physical attacks is required.

Beyond smart metering and the smart grid: securing the utilities sector

Besides securing smart metering environments, Hardware Security Modules are equally suited for smart water and gas distribution or other smart city systems, e.g. intelligent waste disposal systems.

Successful evaluation of Utimaco HSMs

A Common Criteria evaluation laboratory has evaluated Utimaco CryptoServer CSe (FIPS 140-2 Level 3, physical security Level 4) based on the German BSI Technical Guideline BSI TR-03109 and Certificate Policy. Evaluation results show that it fulfills the requirements of the German Certificate Policy of the Smart Metering PKI:

  • Secure random number generator DRG.4
  • Tamper protection against attack potential “high” (exceeds required level “moderate”)
  • Side-channel resistance against attack potential “high” (exceeds required level “moderate”) for algorithms AES-256, Diffie-Hellman key exchange, ECDSA signature generation and verification and ECDH key exchange

The evaluation certificate for Utimaco CryptoServer CSe is available here.

This evaluation gives energy and utility companies, as well as their customers the certainty that deployed IT components and devices – such as Utimaco HSMs – fulfill the requested legal security requirements.

Applications Utimaco HSMs can be used for

Governments and utility companies can work with Utimaco to take advantage of solid hardware security solutions for the following application scenarios:

  • For confidentiality and data privacy, encryption with high quality cryptographic keys generated by
  • a true random number generator
  • together with digital signature creation for integrity, authenticity and non-deniability of data and
  • a public key infrastructure (PKI) for unique identification of devices, end-to-end security can be ensured.

Challenges for public authorities, utility companies & the end-user

A major difference exists between the US and the European approach to smart energy distribution.

The US approach focuses on smart grid security

(US policy described in 42 U.S.C. ch. 152, subch. IX § 17381)

Motives for the evolution from traditional distribution to smart grids range from

  • integration and management of decentralized energy production sites to
  • energy efficiency with less need for spare capacities.
  • Increased stability and reliability of the grid are reached via load balancing and management and the connection and disconnection of large-scale consumers.
  • In addition, remote (dis)connection, inspection and maintenance are enabled, reducing operational costs for grid users, e.g. when moving from one address to another, or for implementing legal measures.

But therein lies the risks and challenges: from sabotage and manipulation to blackmailing and the threat of a partial or complete blackout. Preventing these threats requires awareness creation, and educating those in charge of network and data security matters.

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards define and govern the US efforts to secure the bulk power system. It applies to all owners, operators and users of the electric power system. To best safeguard related assets, security methods such as encryption and user authentication, e.g. using a public key infrastructure (PKI), are required. In this context, Hardware Security Modules ensure tamper-resistant protection of the cryptographic keys and processes used for encryption and PKIs.

The European approach is more centralized around smart meter security

(Smart Grid European Technology Platform)

Reasons for the installation of smart meters include

  • the accuracy of measured data,
  • reduced potential for intentional and unintentional human error and energy theft,
  • and the possibility to offer a more flexible tariff structure.

Nonetheless, meter and data manipulation are a permanent risk factor – which is why countermeasures need to be implemented: e.g. anti-tamper mechanisms (tamper resistance and tamper detection) and verifying the plausibility and integrity of commands. The authentication of servers, meters and transmitted commands is crucial to prevent complete blackouts. Last but not least, data privacy concerns are equally important and require the encryption of measured data, data bases and customer information.

The German smart metering approach is regulated by the BSI Technical Guideline TR-03109 and the related Certificate Policy of the Smart Metering PKI. These define the requirements of functionality, interoperability and security of smart metering IT components. The focus is clearly on data privacy and the smart meter gateway as a central security component within the smart metering infrastructure. In addition, the Critical Infrastructure Protection (CIP, German: KRITIS) strategy and implementation plan provide key concepts and measures.

Try for FREE!

Need to implement quantum-safe algorithms?

Get in touch and try our Q-safe HSM simulator!

Utimaco HSM for Dummies Download e-book

Save for later. Download our knowledge.

Here you will find brochures and data sheets, as well as our well-known “HSM for Dummies” e-book for download. We also provide you with a comprehensive set of case studies, white papers and past webinars. In the Utimaco Portal you can access integration guides and register for the Utimaco HSM simulator or to access our broad knowledge base.

All downloads

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

MALKOM D.Malińska i Wspólnicy s.j. Nexus Technology GmbH Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH CREA plus d.o.o. Utimaco HSM - InfoGuard Swiss Cyber Security Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Abrantix AG Perceptus-sp.-z-o.-o. Cogito Group Pty Ltd ESYSCO Sp. z o.o. Versasec Cryptomathic A/S E-Sign S.A. MIcrosec Primekey Solutions AB Fornetix - Utimaco Hardware Security Modules Partner PKI Solutions Inc. Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner CEGA Security Real security d.o.o. JJNet International Co., Limited - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH PETA (Thailand) Co., Ltd. Altacom UAB EUROPEAN DYNAMICS SA. Macroseguridad Utimaco HSM - PTESA_profesionales en transacciones electronicas CewTec S.A. Thomas-Krenn.AG Compumatica secure networks B.V. Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Cyber Armor Pte Ltd VAR Group SpA - Utimaco Hardware Security Modules Partner Safesoft Kft. cv cryptovision GmbH Clearkey Consulting - Utimaco Hardware Security Modules Partner intarsys AG Microexpert Limited Fortiedge Pte Ltd. CREAplus Italia S.r.l Cryptomathic GmbH MTG - Utimaco Hardware Security Modules Partner Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Encryption Consulting LLC Utimaco HSM - QuintessenceLabs AKEA S.A. - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner Softline Solutions GmbH Telegrupp AS Envoy Data Corporation - Utimaco Hardware Security Modules Partner CertiSur S.A. Compumatica secure networks GmbH Baas Control s.r.o. SecureMetric Technology Sdn. Bhd. IQuantics Corp Nexus - Utimaco Hardware Security Modules Partner Cryptomathic Inc. Ascertia - Utimaco Hardware Security Modules Partner
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • key management
      • Enterprise Key Management
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research