Fellow auditors, I'm dealing with something new down here in Texas with Oncor's AMI deployment. Had a large industrial client where the smart meter data showed unexplained gaps and inconsistencies that the utility claims are due to 'cybersecurity protocols' blocking certain data transmissions. They're saying some meter readings are quarantined by their security software if they don't match expected patterns, but they won't provide details about what triggers these quarantines. This is making it impossible to verify billing accuracy. Has anyone else run into AMI data being filtered or modified by cybersecurity systems before it reaches the billing department?
AMI cybersecurity concerns affecting audit trails
Howard, this is a huge red flag. Out here in Arizona, APS has been very secretive about their AMI cybersecurity protocols, but I've noticed similar data anomalies. Had a solar customer where the smart meter showed zero reverse power flow for three weeks, then suddenly showed massive export credits. When I questioned it, they claimed the security system had been 'validating' the readings and finally released them. Sounds like they're using cybersecurity as an excuse to manipulate data. We need to demand access to these quarantine logs as part of our audit rights.
Carlos makes an excellent point about audit rights. Here in Louisiana, Entergy has deployed some kind of machine learning system that flags 'anomalous' AMI readings for manual review. The problem is this review process can take days or weeks, during which time the customer gets billed based on estimates. I've seen cases where the security system flagged legitimate high-usage days as 'suspicious' and excluded them from billing, then hit the customer with massive catch-up bills later. The old mechanical meters never had this kind of data manipulation capability.
This cybersecurity angle is concerning but not surprising. Down here in Texas, I've been hearing about CenterPoint's AMI system having similar issues after some high-profile cyber attacks on the grid. They've implemented what they call 'data integrity protocols' that can delay or modify meter readings if they don't pass certain validation tests. The scary part is customers have no visibility into when their data is being quarantined or modified. At least with mechanical meters, what you saw on the dial was what got billed - no black box algorithms in between.
Vivian brings up a great point about transparency. Here in Ohio, Duke Energy's AMI cybersecurity measures have created a new category of billing errors I've never seen before. Had a data center client where the security system flagged their constant 24/7 load profile as 'potentially compromised' and started applying demand charges based on estimated peaks instead of actual readings. Took 4 months to get it resolved because nobody at Duke could explain how their cybersecurity algorithms work. They kept saying it was 'proprietary security information.'
Chuck's experience with Duke sounds familiar. Here in Cincinnati, we've got the same utility and I'm seeing similar issues. Their AMI cybersecurity system seems to have a bias against high-usage accounts - it flags anything above certain thresholds as suspicious. Had a steel fabrication shop where the system kept quarantining their weekend shift usage because the algorithm thought the facility should be closed on Saturdays. The billing department didn't even know the readings were being held in cybersecurity review. This is a nightmare for audit documentation.
This whole thread is eye-opening. Out in California, PG&E has been pretty tight-lipped about their AMI security measures, but now I'm wondering if some of the billing inconsistencies I've been seeing are related to these quarantine systems. Had a client with a Schedule E-19 rate where demand readings would randomly drop to zero for single days, then spike back up. PG&E claimed it was 'meter communication errors' but maybe it's actually their cybersecurity system filtering the data. We need to start specifically requesting information about any security-related data modifications as part of our standard audit process.
Dan's suggestion about requesting security modification logs is smart. Down here in Alabama, Tennessee Valley Authority just upgraded their AMI cybersecurity after some grid attacks in other regions. I'm starting to ask for documentation of any data filtering, validation delays, or quarantine processes that might affect billing accuracy. Most utility customer service reps don't even know these systems exist, so you have to escalate to the AMI technical teams. It's adding weeks to audit timelines but we can't verify billing accuracy if we don't know when the data has been manipulated.
Albert is absolutely right about escalating to technical teams. Here in Birmingham, Alabama Power's front-line folks had no clue about their AMI security protocols. Had to go through three levels of management to find someone who could explain their 'data validation queue' system. Turns out they've been holding suspicious readings for up to 30 days before either accepting or rejecting them. During that holding period, customers get billed on estimates. This is creating a whole new category of billing disputes that didn't exist with mechanical meters.
Val's experience with Alabama Power is troubling. Here in South Carolina, Dominion Energy has been much more transparent about their AMI security measures, probably because of state regulatory requirements. They provide a monthly report showing any readings that were delayed or modified by security protocols. Other utilities should be required to provide similar transparency. These cybersecurity systems are essentially creating a new layer of potential billing errors that customers and auditors can't see. We need regulatory action to ensure AMI security measures don't compromise billing accuracy or audit rights.
This is a fascinating discussion that highlights how AMI technology is creating new challenges for our profession. George's point about regulatory transparency is crucial - we need consistent standards across all utilities for disclosing when cybersecurity measures affect billing data. I'm going to reach out to some contacts at NARUC to see if there's interest in developing model AMI audit requirements that address these cybersecurity issues. The old mechanical meter world was simpler in many ways, but we can't go backward. We need to adapt our audit methodologies to handle these new complexities while protecting customer rights.