They also need to provide mechanical and process mechanisms to ensure the health and protection of collected and transmitted data.
The Triacta GATEWAY has four distinct security mechanisms to ensure utility consumption data remain true, complete, and secure from external influences. These include physical meter seals and state-of-the-art security protocols used for network communications.
Meter and Utility Seals
Triacta GATEWAY meters consist of three primary components: a Meter Head, Meter Base, and Enclosure (see diagram). The Meter Head, which snaps into the Meter Base, contains all the configurable metrology parameters, which are selected and then locked by a "seal switch" when ready for deployment. Any change of seal switch position (i.e. from locked to unlocked) is recorded in the meter events log as an additional security measure. When ready for deployment, the Meter Head is then secured with a tamper-evident medallion seal.
The outer Utility Seal, attached at the time of final installation, secures the entire GATEWAY assemblage. This tamper-evident seal protects the physical wiring and communication ports, and acts as a second level of protection for the Meter Head. Once affixed, the entire GATEWAY meter assemblage is locked and secured.
Separation of Meter Communications and Metrology
The Triacta GATEWAY deploys a dual-processor architecture. A Linux SOM (System On a Module) executes all communications, file handling, and housekeeping code. At the same time, a separate metrology processor holds meter configurations and executes all metrology-related code.
The Linux SOM module provides READ ONLY capability to utility users with limited write capability (volatile memory only). Communication between the metrology processor and SOM module is via a secure, internal proprietary serial link. Only the SOM module interfaces to the external network — keeping the meter metrology safe from outside access.
Cyber Secure Reporting
The Triacta GATEWAY reports via the Internet using FTPS (FTP Secure) and TLS 1.2. The GATEWAY deploys a meter-only initiation of communication from inside a firewall. Establishing an encrypted link allows for the secure export of meter data reads and the import of meter configuration updates (if applicable).
Specifically, the GATEWAY’s Linux-SOM requests secure transmission from inside the building firewall. Through a third-party Certificate Authority (CA), the server provides an x.509 certificate with Public Key. The GATEWAY then encrypts data using the Public Key and transmits the data using TLS (Transport Layer Security) Protocol 1.2. On the server side, the data is decrypted using the Private Key known only to the server.
Cyber Secure Remote Configuration
Configuration of the Triacta GATEWAY is performed using Triacta’s Configuration Tool (software installed on a PC) — which communicates with the Linux SOM. The SOM is READ ONLY to all other utilities. Remote configuration of meters is done via SSH Secure Shell, a cryptographic network protocol utility used in Linux to operate network services over an unsecured network.
All Triacta GATEWAY meters employ a USER Password to access programmable communications, configuration, and metrology parameters via Secure Shell (SSH) protocols. A password change is forced the first time the meter is configured.