Trust by Design

Trust by Design is an EY methodology that revolutionizes risk by instilling a risk optimization mind-set and embedding trust into services and products from the outset.

Join the conversation

#TrustbyDesign

 

#TransformativeAge

 

Linkedin Twitter

New brighton sea defense
Featured thinking

How new 3LoD risk models can remove friction and stimulate innovation

Tom Campanile
20 Jan 2020

How do you teach AI the value of trust?

EY announces the first solution designed to help gauge impact and trustworthiness of artificial intelligence systems.

Learn more

The better the question. The better the answer. The better the world works.

Creating a smarter, safer grid for new meters

EY teams are helping a national electricity company reinforce its legacy power infrastructure for a trusted, cyber-safe future.

The better the question. The better the answer. The better the world works.

How many cyber-attack avenues lead directly to your customers’ homes?

The rollout of smart electricity meters promises more insight than ever before. But how should the risks be addressed to maintain consumer trust?

In 2009, an EU directive came into force, mandating utilities providers to replace existing residential electricity meters with new smart meters by 2020. This presented a big challenge for utilities due to the nature and complexity of new smart metering systems and supporting infrastructure.

One such organization is a client of EY, a state-owned utilities company in Europe. The sheer scale of the challenge was enormous: the client needed to deploy over 2 million smart meters and supporting data and communications systems using a range of service providers, making it one of the largest and most complex digital transformation programs the country had ever undertaken.

Smart meters promise all kinds of benefits for the electricity company, the customer and the environment – new data can enable new business models and greater awareness of consumption. But smart meters also generate vast amounts of personally identifiable data, which can potentially be used in fraudulent ways to target the customer.

The electricity company had to ask itself how would it design and build robust governance and cybersecurity frameworks to protect its customers’ data getting into the hands of the wrong people, especially as this is subject to GDPR regulation? And now that large parts of the country’s energy value chain would be digitalized, the company also had to consider, how would it also protect the electricity grid from cyber-attacks, and maintain a continuous supply of electricity to the critical infrastructure?

Aerial View Illuminated City Night
The better the question. The better the answer. The better the world works.

Assuring the full scope of risk

Cyber threat modeling helped the client understand the true nature of risk – and where it could come from.

EY teams are acting as trusted advisors in the design of the smart metering solution and the delivery of several large procurements including communication and data services, security tools, and smart meters.

As this was critical national infrastructure, stability and security was paramount. Yet smart meters introduce two significant and very specific new cyber risks: the highly granular data about people’s energy usage that potentially opened a window into individual people’s lives; and on the meters themselves, a switch that could, if hacked, cut off the electricity supply to millions of homes.

The first task that EY teams got to work on, was cyber threat modeling that explored potential avenues of attack that could compromise both the personal data and the meter switch – from sophisticated threat actors exploiting the communications network to initiate mass commands, to lone hackers attempting to access individual meters over local wireless networks.

This exercise meant that EY teams and the client could understand the cyber risks, but not overestimate them, and design and embed the appropriate level of protection across the smart metering system.

How EY can help

EY UtilityWave

Leading a decarbonized, decentralized and digitized energy system requires new tools and a new mindset. EY has worked with Microsoft to build an industry-first platform that is transforming how companies manage, integrate and leverage data from IoT devices to improve performance.

Read more
With trust becoming one of the most valuable assets for an organization, cybersecurity has a critical role to play. Without a clear strategy on how to address the cyber risk, it is impossible to unlock the huge possibilities offered by this new digital world.
Mike Maddison
EY EMEIA Cybersecurity Leader

The next step was to define the security architecture – what to protect against – which ranged from security monitoring systems to detect suspicious activity across the entire network, to the security of individual meters. One of the key activities was to specify technical controls that the smart meters would need to have embedded in them, to authorize commands and protect data.

The supplier had to demonstrate:

  • Adequate encryption for the meter as well as the communications system and database
  • How much data is stored on the meter before it is sent back to the utility company
  • How the meter physically protects data

However, technology is only one part of the story. “The human element is very important in cybersecurity because it can be the weakest link,” says Alex Campbell, Associate Partner, Cybersecurity Services at Ernst & Young LLP. The security architecture had to be backed up with new processes, policies, vetting and staff training and awareness.

This is because, regardless of how intrinsically secure the new systems are, humans will be using them. Those users could include malicious insiders with sufficient privileges to access sensitive data, and more often accidental non-malicious insiders who are not aware of their responsibilities.

How EY can help

Cyber risk management

Our cybersecurity transformation (CT) services help organizations tackle the many security challenges they face daily.

Read more
bridge city night light Norway
The better the question. The better the answer. The better the world works.

Securing a data-centric future

A new data model for a new power & utilities paradigm.

Smart meters usher in the digitalization of power distribution networks, which open up entirely new abilities and possibilities.

For the electricity company, all the aggregated data could be combined with generation data to better manage the anticipated load, by modelling how different parts of the country are using electricity and predicting where to transmit it. Smart meters also enable huge savings in human hours, as engineers will no longer need to visit a home every time troubleshooting and disconnections or reconnections of supply are needed– as many functions can be done virtually.

For consumers, smart meters provide much greater and more immediate information on their energy use, and faster, more accurate billing too. Greater insight enables greater control, so it is expected that many consumers will reduce their energy consumption – and their bills.

In the future, there will be many other parties that energy companies could share consumption data with, so they can offer different tariffs, better advice on how to use energy, or explore other opportunities and business models that are still to be created.

None of this would be possible without a high-level of cybersecurity, designed to build in the appropriate cyber risk management and mitigation from the outset, so that the organization could operate with confidence.

For this electricity company, EY teams were able to offer something truly different: an awareness of the specific unique challenges that smart meters introduce. This rollout touches every single citizen of a country in a way other systems do not, and there is a bond of trust that must not be broken.

EY consultants understand the complications of that, and particularly the implications beyond technology. By anticipating all potential cyber-attack routes, and the human risks and ramifications, EY teams helped the electricity company look at the wider risks that could impact the benefits of smart meters. The company is now in the process of implementing new people policies, security processes and technical controls to make certain that smart meters not only protect, but power a data-centric future that consumers and organizations alike can trust.

EY Cybersecurity enables trust in systems, design and data, so organizations can take more risk, make transformational change and enable innovation with confidence.

How EY can help

Privacy

Changing legislative requirements, coupled with increasing customer expectations, pose a rising number of challenges for companies.

Read more

Contact us

Like what you’ve seen? Get in touch to learn more.

Engineer working behind computers control room

How boards can embed risk into strategic decision-making

Boards should assess their organizations’ approach to risk and ensure it is core to driving strategy.

Discover more

How EY can help

Risk consulting services

Risk can be hard to see, anticipate and respond to. That’s why our Advisory team urges organizations to look at risk with fresh thinking.

Read more
EY Risk Navigator

EY can help you take advantage of predictive analytics to monitor and manage risk and compliance in the digital age.

Read more
Digital tax strategy

EY’s broad approach to digital tax strategy, covering digital tax effectiveness, digital tax administration, tax technology and tax big data, helps you identify your tax function’s immediate challenges and develop an enhanced operating model strategy fit for the Transformative Age.

Read more
Data analytics for reporting

Data is one of the principal drivers of your business growth. Companies are increasingly dependent on collecting, analyzing and developing insights from data. Better understanding of this data can underpin your business transformation and growth.

Read more
Tax accounting and risk advisory services

Our professionals help you get the numbers right by preparing tax accounting calculations, researching technical issues and reviewing transactions, accounting entries and adjustments that may have tax consequences.

Read more
Digital M&A framework

From portfolio transformation, mergers and acquisitions (M&A), JVs and alliances to divestments, we help you determine the right strategic course to a digital future and create better value for your businesses. This can be done by implementing our M&A framework.

Read more
Risk transformation

We help boards and CxOs build agile and risk-aware organizations that make better decisions to achieve their strategic objectives.

Read more
Technology Risk

EY teams provide assessment and attestation services to help companies understand and manage business risks related to technology in the Transformative Age.

Read more
Financial services risk management

We provide risk management and regulatory services to the insurance, asset management, energy, corporate treasury and banking sectors.

Read more
Third-party risk management (TPRM) consulting services

Third parties help businesses drive efficiency and cost savings, but they also pose complex, ever-evolving risks. The EY team can help strengthen TPRM programs or functions, systems and technologies, assess third parties’ controls, and manage the risk of your third-party population.

Read more

On the agenda (6)

Digital

Featured: Will your digital investment strategy go from virtual to reality?
Discover

Innovation

Featured: How to harness AI’s power and energize the human enterprise
Discover

Inclusive growth

Featured: For CEOs, are the days of sidelining global challenges numbered?
Discover

Cybersecurity

Featured: Has lockdown made consumers more open to privacy?
Discover

Global Information Security Survey (GISS)

Featured: How does security evolve from bolted on to built-in?
Discover

Risk

Featured: Can resilience help you grow opportunities before they become risks?
Discover