Creating resilient IoT infrastructure: Safeguarding critical infrastructure deployments

The adoption of Internet of Things (IoT) devices is significantly transforming the landscape of critical infrastructures across industries. From energy grids to transportation systems, the seamless connectivity offered by IoT promises increased efficiency and automation.

The IoT ecosystem is an interconnected network of devices, systems, platforms, and applications that work together to enable seamless communication, data exchange, automation, and analytics. It involves a variety of components that collaborate to collect, process, analyze, and act upon data from the physical world

IoT ecosystem in India
India has made significant strides in IoT adoption. Industrial IoT dominates the market with a projected market volume of USD 9.67 billion in 2023 with IoT market revenue reaching USD 27.31 billion in 2023.

Government initiatives like Digital India, Smart Cities Mission, and regulatory policies like National Digital Communications Policy, as well as issuance of M2M Service Provider Guidelines and the 13-digit numbering series for M2M services have played an important part in accelerating IoT deployment and improving efficiencies and economies.

With its 5G-ready platform for the world of connected things, and being a leader in IoT, Airtel’s market share is close to 53 percent and new businesses, such as cloud and IoT, are now growing at well over 50 percent.

The imperative for resilient Advanced Metering Infrastructure (AMI) deployment
Critical infrastructures, such as power grids, water supply networks, and transportation systems, are the lifeblood of modern societies. IoT has the potential to offer new opportunities for efficiency, convenience, and innovation.

Of late, there has been an increased demand in the implementation and roll out of advanced metering infrastructure (AMI). AMI constitutes smart meters, data concentrator units (DCUs), and data management systems. Data traffic containing energy consumed and other parameters like voltage, frequency, etc., is produced by the key component of smart meter. It measures and records consumers’ electricity usage at different times of the day and sends this information to the energy supplier. One of the most prominent technologies used for AMI is RF or radio frequency mesh technology.

Network connectivity is one fundamental component of the overall technical solution for large-scale smart metering deployment project. RF mesh networks, a communication network using radio frequency signals where devices are connected in a mesh topology, is often used in various applications, including smart grids, and industrial automation.

Currently, one of the spectrum bands that DoT has permitted for tracking, tracing, and data acquisition devices and radio frequency identification applications, without acquiring a license, is 865–868 MHz. As India proceeds with its ambitious rollout plan for smart meters, cyber vulnerabilities in AMI due to the usage of unlicensed bands can risk the power system’s confidentiality, integrity, availability, and accountability. The reliability and security of these systems are paramount.

Challenges in unlicensed RF Mesh deployments
RF mesh networks in unlicensed spectrum have limited security built for data and signaling in contrast with the equipment deployed by licensed TSPs (telecom service providers), whose network is built under the trusted sources framework.

Deploying large-scale AMI solution on unlicensed spectrum can disrupt operations of public infrastructure. No oversight on connectivity compliance or monitoring, human errors, or internal incidents can also result in such failure along with major accountability issues. Quality of services can get severely impacted due to the use of low-quality or untrusted equipment, operating in the unlicensed band. This may also interfere with the licensed spectrum, causing performance issues.

Allowing unlicensed frequency bands for deploying a critical application like AMI at a wider scale will seriously compromise the security of the critical infrastructure. Hence, such a critical infrastructure should be created only by using the licensed spectrum. The TSPs acquire spectrum from auction and pay a share of revenue as spectrum charges, license fee to the government, while the users of unlicensed spectrum bands do not; thereby depriving the exchequer of its due share. The TSPs also make huge investments into network and information security.

Mitigating security threats with licensed RF Mesh networks
Telecom is among the most critical infrastructure from the perspective of national security and is being deployed on the principles of zero-trust, hence each network component undergoes rigorous testing. The National Security Directive on the Telecommunications Sector (NSDTS) was approved by the government taking this into consideration. All devices and equipment, purchased by licensed TSPs to integrate into their networks, must be certified as trusted products obtained from trusted sources as part of the compliance to NSDTS, which is not followed by the unlicensed operators.

Licensed AMI deployments can be instrumental in mitigating security threats in the following ways:

• Secure data transmission: Utilizing licensed bands allows for the implementation of robust encryption protocols, ensuring the secure transmission of sensitive data.
• Authentication mechanisms. Licensed RF mesh networks can employ advanced authentication mechanisms to verify the identity of devices and prevent unauthorized access.
• Monitoring and incident response: Real-time monitoring of licensed RF mesh networks facilitates the early detection of anomalies, enabling swift incident response to potential security breaches.

Collaboration with regulatory bodies and thoughtful planning can address spectrum licensing and compliance requirements, making the deployment resilient, safe, and secure.

Future Perspectives
The smart meters get connected to wide area network due to the city- or state-wide nature of the smart grid deployment, and the data management system in the AMI stores and processes the metering data. The critical services should also include smart meters for energy, water, gas, and other utility services and come under the purview of the machine-to-machine (M2M) authorization of the unified license.

Further, all critical M2M/IoT services as identified should utilize only licensed spectrum, follow standardization of devices, applications, and protocols as well as deploy the standardized elements, security obligations, including the trusted sources direction, along with standards for data sharing, authentication, encryption, and interoperability with each other.

As critical infrastructures become increasingly dependent on IoT devices, the need for robust and secure communication networks is non-negotiable.