smart meter cryptographic audit

Global smart meter cryptographic audit & PQC roadmap

Book a 30-minute discovery call About SafeCipher

Trusted by regulated industries • Member of the PKI Consortium • Expertise across Keyfactor, EJBCA, Entrust, DigiCert, Azure, AWS, HashiCorp Vault

Sanitised engagement (Smart metering)

Global smart meter manufacturer — enterprise cryptographic audit & PQC roadmap

SafeCipher was engaged as a specialist cryptography sub-contractor to a tier-1 IT consultancy to review the end-to-end cryptographic estate for one of the world’s largest smart meter manufacturers. Client details are withheld; outcomes focus on availability, auditability, PQC readiness and crypto risk reduction.

Context

  • Millions of deployed smart meters across multiple regulatory jurisdictions
  • Embedded IoT/IIoT devices using long-lived keys and certificates
  • Hardware key injection stations used during meter manufacturing
  • Multiple PKI components, CAs and certificate profiles evolving over time
  • Mix of on-prem and cloud services with HSM-protected keys

What Was Done

  • Mapped the symmetric and asymmetric key estate across devices, gateways and backend services
  • Reviewed PKI hierarchy, trust anchors, certificate validity periods and revocation strategy
  • Assessed on-prem and cloud HSM usage, key ceremonies, operator roles and separation of duties
  • Analysed key injection stations and supply-chain cryptographic handling for meter provisioning
  • Evaluated algorithm choices, key sizes and lifetimes against NIST and industry guidance
  • Identified areas exposed to “harvest now, decrypt later” risk for long-lived devices
  • Produced a practical PQC readiness assessment and staged transition approach

Outcomes

  • A structured cryptographic audit report covering algorithms, key lifecycles, PKI, HSM usage and supply-chain flows
  • A prioritised remediation roadmap with 1-, 3- and 5-year milestones aligned to product and firmware release cycles
  • Clear guidance on PQC transition options, including hybrid approaches for firmware signing and device identity
  • Recommendations to tighten HSM governance, ceremonies and role separation, without disrupting production
  • Improved confidence for internal stakeholders and regulators around the security of the metering cryptography stack

Discuss a project: Book a call
See more work: Selected engagements

Engagement details have been generalised for confidentiality. Names/logos are not used and do not imply endorsement.