Why Cybersecurity in AMI Networks Demands Open Standards
- Last Updated: July 15, 2026
Wi-SUN Alliance
- Last Updated: July 15, 2026



Smart meters are transforming how utilities operate. But every connected endpoint is also a potential point of cyber-attack. Standardized, IT-grade security — the foundation of Wi-SUN Field Area Network (FAN) — is the only durable defense for advanced metering infrastructure.
Connecting meters and making them intelligent has driven one of the most consequential operational shifts at utilities over the past decade and a half. Advanced metering infrastructure (AMI) 1.0 has moved utilities from monthly truck rolls to continuous, granular visibility, and the operational gains are hard to overstate:
A foundation has been laid for today’s advanced AMI 2.0 use cases. AMI 2.0 networks will place additional edge intelligence demands at the meter for waveform capture and analysis, load disaggregation, EV charging coordination, and distributed energy resource integration.
However, the advantages of digitization create new challenges by expanding the cybersecurity attack surface of AMI systems. While much of a utility’s kit is locked within a substation’s physical perimeter or pole-mounted enclosures, an AMI network is the opposite. It’s distributed across an entire service territory, with every single endpoint physically accessible to anyone who can reach a meter base. There is no AMI perimeter to defend in the traditional sense, because the perimeter is everywhere.
This accessibility changes the level of required security. Protecting each endpoint from rogue access is critical to protect the network, the system behind it, and the privacy of the consumption data tied to every customer. Compromising one meter cannot, under any circumstance, be allowed to compromise the network of meters or the services that ride on top of it.
This is exactly how sophisticated attackers operate. They don’t break down the front door. They find the weakest entry point in the network, get in, and move laterally until they reach the system that they actually want to bring down. In an AMI deployment, the weakest entry point could be any one of millions of distributed devices. The math is unforgiving: the security of the whole is bounded by the security of the least-defended endpoint.
If there’s one lesson from decades of enterprise IT security, it’s that proprietary, custom-built, “we rolled our own crypto” approaches do not hold up. The defenses that survive contact with real-world adversaries share a common shape: they’re standardized, they’ve been independently scrutinized, and they’ve been deployed at scale long enough for weaknesses to be found and fixed.
For AMI, the need for standards translates into a clear set of requirements:
Proprietary stacks lock utilities into a single vendor’s security roadmap, a single vendor’s patching cadence, and a single vendor’s view of what “good enough” looks like. Open standards distribute that responsibility across a broad ecosystem of researchers, vendors, and operators who all have a considerable stake in maintaining security.
Wi-SUN is, to date, the most complete answer to the security challenges AMI presents — because it was designed from the start around the same kinds of standards that have hardened enterprise IT for decades.
At the physical and MAC layers, Wi-SUN leverages IEEE 802.15.4-2024, the established standard for smart utility networks that defines the operation of constrained bandwidth wireless personal area networks (PANs).
At the networking layer, Wi-SUN uses 6LoWPAN and IPv6 — the same routing and addressing technology that runs the modern internet, adapted for constrained devices. There’s no proprietary translation layer, no opaque hop logic, no vendor-specific dialect.
For device and network authentication, Wi-SUN uses EAP-TLS with RADIUS — the same authentication framework securing enterprise Wi-Fi in offices, hospitals, and government facilities worldwide. IEEE 802.1X network access control governs which devices are permitted on the network, and trust is anchored in IEEE 802.1AR device certificates issued by a standard Public Key Infrastructure (PKI). Every meter has a cryptographic identity. Every connection is authenticated. Every session is protected.
On top of this secure transport, utilities can run standard application-layer protocols like DLMS, OpenCSMP, and LwM2M, meaning the security model extends from the meter chipset all the way to the head-end system without proprietary gaps.
And critically, Wi-SUN’s standards-based foundation is what makes it ready for what comes next. Post-Quantum Cryptography (PQC) algorithms are now being standardized by NIST and others, and any AMI deployment built on a proprietary security stack will face a painful migration when quantum-resilient algorithms become a regulatory requirement. A standards-based stack — where the PKI, the authentication framework, and the application protocols all follow open specifications — is the only realistic path to a smooth PQC transition.
Smart metering is revolutionizing utility operations. But the same connectivity that’s delivering those benefits also exposes the grid to a class of cybersecurity risk that proprietary, closed-stack approaches are not equipped to handle for the long term.
The defenses that work are the ones that have been tested exhaustively: open standards, IT-grade authentication, certificate-based trust, and a clear path to evolve as the threat landscape shifts. That’s the model Wi-SUN was built on — and it’s why utilities deploying Wi-SUN networks are positioning themselves not just for today’s threats, but for the post-quantum, post-AI, post-everything-we-haven’t-thought-of-yet world that’s coming.
Standards aren’t a constraint. They’re what make networks scale securely.
The Most Comprehensive IoT Newsletter for Enterprises
Showcasing the highest-quality content, resources, news, and insights from the world of the Internet of Things. Subscribe to remain informed and up-to-date.
New Podcast Episode

Related Articles