We have extensive experience with penetration testing of various devices. Devices like smart meters, being rolled out in high quantities, but also other measuring instruments or even applications, such as an app running on a smart phone. But how can this type of testing help you improve your product?
Penetration testing is all about checking the vulnerability of instruments to external attack. It checks the presence of secure data exchange, applied crypto mechanisms and access being limited to defined entities only. It also tests the storage of security events, the possibility of security upgrades, secure access to stored data and so on. During this examination process it might be that some penetration aspects demonstrate unexpected behaviour by the instrument or the application, identifying weaknesses. This can include possible access to internal data to unwanted users. Or it may reveal that metering applications can be stopped with their internal data processing tasks resulting in an unregistered transfer of energy/flow volumes.
Revealing possible weaknesses helps to improve a product. It leads to a more robust design, interoperable in network environments. Another great benefit of penetration testing is that end users can be convinced by the maturity of the product they are investing in. We are noticing an increased requirement of penetration testing as a prerequisite to the procurement process within companies.
We have the capabilities to perform dedicated penetration testing. Not just limited to actual devices, like smart meters, but also applicable to all kinds of applications.
Customer Case Enemalta
For Enemalta, the sole electricity service provider on the island of Malta, we conducted penetration testing. This testing focused on an application “EMma” running on a smart phone, being used for installing and maintaining Enemalta’s smart electricity meters. The objective of the penetration testing was to determine whether unauthorised users would be able to penetrate the application and access its functions.
Karl Cilia, Divisional Manager Systems at Enemalta, comments: “The seriousness and level of detail NMi experts applied to the evaluation, analysis and penetration testing of our EMma Smart Metering application, was truly impressive. NMi’s expertise and in-depth knowledge of energy distribution systems and metrology, together with their flexibility and ability to adapt to customer’s needs make them a market leader in our ever-changing industry.”