How secure is smart metering?
There have been some recent reports painting an inaccurate picture of the security of smart meters. With consumer engagement so critical to the success of this initiative, presenting a clear and accurate view of the reality becomes more important than ever.
There’s no doubt that security is high on the agenda of everyone involved in the Smart Meter Implementation Programme (SMIP). This is a key national infrastructure project, significant in both its scale and potential to transform the way we consume energy in the UK. The integrity of the infrastructure and safety of consumer data is being treated with the upmost importance, with the Department of Energy and Climate Change (DECC) defining a multi-layered security model that takes into account learnings from smart meter experiences across the globe.
Will it be possible to physically hack into smart meter hardware in the home?
All UK smart meters and communications hubs will be required to conform to European Union technical specifications (Smart Metering Equipment Technical Specifications or SMETS 2) and manufacturers must meet the CESG’s (UK Government’s National Technical Authority for Information Assurance) Commercial Product Assurance (CPA) scheme. This standard will ensure that manufacturers integrate the necessary security features into smart metering equipment, which includes the protection of information when stored on the smart meter or communications hub as well as protecting data as it is transmitted from the consumer premise to the energy supplier.
Will security features get dropped to save on costs?
No, because if smart meter equipment does not meet the SMETS 2 certification (see above) it will not be possible to supply it in the UK.
Can data from the smart meters be intercepted between the home and the energy supplier – i.e through hacking the mobile network?
Firstly, there are a number of different potential transmission technologies – mobile/cellular, long-range radio and RF mesh for example. The Government is currently running a tender process which will decide which combination of these will be used.
Whichever transmission technology is used, an array of security controls will be adopted to protect consumers from interception of their data or an attack on their smart meters. Data will be encrypted twice or more by different parties as it passes from the consumer premise to the energy supplier. Protective controls will adopt open standards such as Public Key Infrastructure (PKI).
In the case of cellular/mobile technology, it’s important to note that there are no known attacks on 3G networks where the attacker has been able to intercept 3G communications.
Haven’t there been real life examples of smart meters being hacked?
An often cited example is from the FBI who found an example of smart meters being hacked into in Puerto Rico. However this example dates back to 2010 and smart meter technology has progressed significantly since then. What’s more, the security features implemented in the UK have taken studies such as this into account.
Consumers should feel reassured that the security of smart meters is a top priority and wide range of measures will be in place to protect the infrastructure.