Securing smart home energy management systems

Article By : Julian Durand

Data governance, privacy protection and security principles must be integrated into the fabric of how smart devices communicate to create true smart home and city ecosystems.

Smart home technologies are bringing consumers new ways to control and interact with their environments, and offer unprecedented opportunities for managing energy savings. As design and construction industries continue to include smart home energy management (HEMS) technologies in new construction and consumers incorporate smart devices to existing homes, there are a couple of consumer concerns that smart home device manufacturers must keep in mind:

  • Am I limited to certain connected devices for a home energy management system?
  • Can I trust smart home technology providers to properly handle data derived from the private realm of my home?

As smart home solutions continue to grow and have the potential to be more interconnected with HEMS systems within individual homes, and more broadly across connected cities and connected infrastructure, these concerns will continue to grow, both from a customer trust and a practical perspective: Customers want secure interoperability across vendors and technologies and regulators will demand secure interoperability across those vendors. This is especially true for HEMS systems given the wide variety of devices that could be controlled by them.

Achieving secure interoperability is both a technical and compliance challenge, but it’s one that is being solved.

How consumer IoT “ecosystems” are different

Consumer IoT devices have been on the market for years, but their original promise of creating fully interconnected systems that cooperatively manage diverse aspects of daily life and the built environment (like coordinating an individual’s sleep/wake cycle with energy costs and EV charging schedule for example) is not yet fully realized.

This fully interconnected environment would be a boon to HEMS systems—an environment of devices that seamlessly work with each other and with the occupants of a home could provide both enhanced energy efficiency and comfort.

A major factor in why this fully connected ecosystem remains out of reach for most consumers is that consumer IoT device manufacturers haven’t all agreed on interoperability standards.

From a consumer perspective, we’ve all noticed that Amazon Alexa can’t communicate with Siri or Google Assistant-controlled devices. Amazon, Apple, and Google have all agreed to support a new open IoT networking standard called Matter, which may help alleviate this issue on a basic level, but so far it doesn’t seem to have advanced enough to foster a true smart home ecosystem on its own. In fact, this attempted reboot of the Zigbee Alliance has proven to be late to market. It’s unknown if it will fulfill its promise of interoperability, the Matter v 1.0 specification was only just released recently.

Smart home ecosystems for all

Achieving widespread adoption of the HEMS ecosystem is dependent on advanced functionality that is in turn dependent on integrating diverse data from diverse sources. Indeed, thermostats will need to be able to communicate with garage door openers—but to achieve the complete HEMS dream, devices will need to be able aggregate their data into trusted data ecosystems that comprehensive applications can be built upon. For example, an HEMS application could require data from EV chargers and water heaters to be combined with price data from power companies, weather forecasts, and behavioral data such as when the home’s occupants leave the house in the morning. Once an app developer has access to this aggregated data source, they can work with APIs or applications on the devices to create an integrated experience for the consumer.

When these individual smart HEMS ecosystems can be integrated, we can then take it a step further and achieve an “ecosystem of ecosystems”—the smart city and connected infrastructure. Data from thousands of smart homes could be aggregated to inform choices around things like freeway ramp metering or frequency of commuter trains, benefiting even those without HEMS applications at all.

Before we can achieve widespread smart home and city ecosystems, technology providers must find a way to integrate these diverse data sources while maintaining regulatory compliance.

Secure data integration

Managing dozens to hundreds of individual point-to-point connections between data sources, analytics engines, and their cloud destinations is untenable. The solution to the dual problem of getting diverse data from diverse sources to work together securely and compliantly is in creating a data interoperability layer capable of working with multiple different data sources. Zero-trust security principles that cover the data from edge to cloud need to be baked in as well.

Rather than requiring data to be moved to secure locations to perform analytics, this central interoperability layer should also incorporate secure data governance principles that allow analytics processes to be brought to the data where it’s already stored.

Sharing private consumer data is possible, but it requires consent

Homes consume approximately 20% of the energy produced, and contribute over 20% to carbon emissions (U.S. Energy Information Administration). Managing home energy consumption is critical, but it requires deeper integration with energy retailers and their smart grids. That requires their private information be shared, and to be permitted under privacy regulations, individual consent must be provided and governed. Furthermore, that private information must be protected.

By integrating data governance, privacy protection and security principles into the fabric of how smart devices communicate, manufacturers are free to design devices and systems that support true smart home and city ecosystems.


This article was originally published on Embedded.

Julian Durand is Vice President Product Management and Chief Information Security Officer at Intertrust Secure Systems. Julian is an accomplished product owner, team leader, and creative inventor with more than 25 years of success in bringing breakthrough products to market at a massive scale. He is a named inventor in Digital Rights Management (DRM), Internet of Things (IoT) and virtual SIM technologies, was the technical lead for the first music phone and pioneered vSIM and IoT businesses at Qualcomm. Julian has also productized SaaS and PaaS offerings in construction telematics, real-time child tracking, and cyber risk data analytics and is currently a CISSP (Certified Information System Security Professional).


Leave a comment