Smart metering systems are part of critical water and energy infrastructure. A cyber incident can disrupt service, expose sensitive data, or damage customer trust. Strong cybersecurity helps utilities reduce these risks and meet growing regulatory expectations.
Cybersecurity at Diehl Metering - secure data processing
How Diehl Metering protects meter data: security by design and compliance, ensuring Secure Data Processing for smart metering.
At Diehl Metering, we prioritize the security of our customers’ data. This is made possible through a comprehensive approach that encompasses governance, data privacy, security by design, and threat protection. Our commitment to data security ensures that sensitive information is safeguarded against potential threats—helping utilities maintain customer trust and confidence.
In critical infrastructures, cybersecurity is not optional—it is fundamental. By securing metering data at every stage, we help utilities build resilient networks that stay protected against evolving threats.
Christopher Tejada Cyber Security Specialist at Diehl Metering
Why it is important to protect data
Utilities and energy providers are considered critical infrastructure. The protection of their data is therefore essential. As water and energy networks become increasingly digital, they face a growing number of cyber threats. Robust cybersecurity measures and compliance with industry standards are necessary to keep these systems protected.
Many countries have introduced regulations to safeguard sensitive data. These requirements apply to both network operators and manufacturers. Ensuring data security along the entire value chain is essential to achieve the level of resilience expected in critical infrastructure.
Secure processing of metering data helps prevent unauthorized access, breaches, and cyber-attacks that could severely impact utilities and their customers. Utilities must therefore implement comprehensive data-security measures and comply with relevant regulations. This includes meeting GDPR requirements for remote meter reading and ensuring that utilities actively enforce cybersecurity measures in line with the NIS2 Directive.
Our Security Approach
Security at a Glance
A holistic approach based on governance, privacy, security by design, and threat protection.
-
Governance
Clear responsibilities, policies, and documentation to ensure compliant data handling.
-
Data Privacy
Transparent and GDPR-compliant processing of personal data.
-
Security by Design
Robust security mechanisms implemented from the earliest stages of product development.
-
Threat Protection:
Measures and monitoring systems designed to detect, prevent, and mitigate cyber threats.
Key Aspects of Data Security for Utilities
Diehl Metering’s data security strategy is formed by the CIA triad core principles of confidentiality, integrity, and availability. These are especially relevant in smart metering as they make sure that data is only accessible to those who need it, cannot be modified by third parties, and downtime is prevented – guaranteeing a safe and stable smart metering network. In practice, utilities can use these principles to implement basic data security requirements, such as:
- Role-based Access Control: Utilities can assign different user rights and manage access to meter installations, for example in apartment buildings. This ensures that only authorized personnel can access sensitive data.
- Technical and Contractual Regulations: Clear rules and agreements define how data is protected. These apply to utilities, customers, suppliers, and all parties handling sensitive information.
- Maintenance and Information Security Management: Utilities must maintain and continuously improve their information-security management systems. Regular audits and updates form an essential part of this process.
- Action & Response Plan: In the event of a cyber-attack, a predefined procedure ensures a fast and coordinated response. This approach limits potential damage and prevents confusion during the incident. After the event, risks must be reassessed and security measures strengthened.
- CIA Triad ( Confidentiality, Integrity, Availability)*: Utilities protect sensitive data so only authorized users can access it, it can’t be altered without approval, and it remains available when needed. This is supported by role-based access control, clear technical and contractual rules, ongoing security management, and a defined incident response plan to reduce impact during cyberattacks.
Compliance with Regulations – Certifications and Memberships
Diehl Metering’s solutions support compliance with key regulations that affect both utilities and manufacturers in the field of cybersecurity and data protection. These are underlined by several certifications and memberships that demonstrate Diehl Metering’s commitment to data security, including ISO standards.
- GDPR: Our software and hardware solutions are designed to enable utilities to process data in accordance with the requirements of the General Data Protection Regulation.
- NIS2 Directive: Our products support utilities in fulfilling the requirements of the NIS2 directive, which focuses on cyber security.
- RED (Radio Equipment Directive): Ensuring compliance of our portfolio with RED Cyber Security Requirements.
- CRA (Cyber Resilience Act): Addressing cyber security requirements in all hardware and software products with digital elements.
- Membership in Standardization Groups and Associations: We are active members of several standardization groups, ensuring we stay updated with the latest security practices and standards.
Deep Dive into security topics
In our Campus workshop about cyber security, you will get two days, packed with knowledge around data security, GDPR, and regulations for utilities.
FAQ
-
Why is cybersecurity so important for smart metering and utilities?
-
How does Diehl Metering protect metering data in practice?
Diehl Metering combines governance, data privacy, security by design and threat protection. In practice, this means encrypted meter-to-system communication, role-based access control, restricted software rights and EU-based data hosting.
-
How do your solutions support GDPR and NIS2 compliance?
Our hardware and software are designed to help utilities process metering data securely and transparently, aligned with GDPR principles and NIS2-style risk management. Utilities remain in control of governance and policies, while our solutions provide the technical foundations.
-
What makes Diehl Metering’s security approach different?
Security is integrated from the design phase across meters, communication and software, not added as an afterthought. We follow relevant European standards and specifications and continuously improve security over the product lifecycle to support long-term resilience.
-
Where is meter data hosted, and why does that matter?
Meter data is hosted on servers located in Germany, within the EU. This supports data-residency and data-protection requirements that many utilities apply when operating critical infrastructure.
-
*What is CIA Triad?
In Data security there are 3 main core principles for protecting data:
Confidentiality: Definition: Ensures that information is accessible only to those authorized to view it.
Goal: Prevent unauthorized access or disclosure of sensitive data.
Examples: Encryption, access controls, authentication mechanisms.
Integrity: Definition: Guarantees that data remains accurate, consistent, and unaltered except by authorized processes.
Goal: Prevent unauthorized modification or corruption of data.
Examples: Hashing, checksums, digital signatures, version control.
Availability: Definition: Ensures that data and systems are accessible to authorized users when needed.
Goal: Prevent downtime or denial of access due to attacks or failures.
Examples: Redundancy, backups, disaster recovery plans, DDoS protection.
Together, these principles form the backbone of data security strategies, balancing protection against breaches, tampering, and service disruptions.