Utility companies worldwide are rolling out smart meters but are they secure?
The quarterly lecky bill is on its way out - the smart grid will give the customer instant feedback - but is smart also secure? The debate is heating up, says Hannah Prevett.
The race is on. Utility companies across the world are rushing to roll out smart meters to millions of consumer homes and business premises. Across the pond in the US, for example, six per cent of the population has a smart meter. Closer to home, Italian trailblazer Enel, Europe's third-largest energy supplier by market capitalisation, had deployed smart meters to its entire 27 million customer base by 2005. The UK has caught on too, with plans to install a smart meter in every home by 2020 – or three years sooner, if new prime minister David Cameron gets his way. This may all come at a cost: security experts claim that the utilities' haste to deploy smart meters ahead of rivals means that important security implications may have been overlooked.
The type of meter installed will vary from country to country and from one vendor to another, but in essence they will have certain key characteristics: they will measure how much energy a household or business uses, information which will then be fed back in real-time to the utility provider via a GPRS connection. The basic premise is that smart meters allow customers to monitor their own energy use, enabling them to make reductions in consumption and carbon emissions.
A noble intention indeed, but this is not to say that consumers' hands won't be forced somewhat: in fact, meters will be compulsory. “You don't actually have a choice,” explains Joshua Pennell, founder and president of security company IOActive. “If and when the utilities decide to deploy a meter, you cannot ask them to not install one.”
Pennell cites cases in the US where customers tried to discourage their utility provider from installing a meter in their home. “The utility basically said, ‘if you don't allow us to install one, we'll simply remove the old meter and you'll have no power to your home'.”
And it's no wonder that the utility companies are so keen to deploy them. The information they collate will be used to devise a series of tiered pricing models. This means, for example, that they can price energy higher at times of peak use, to encourage consumers to use less electricity or gas at these times. As a result, thrifty customers will save money by opting to use their high-energy appliances, such as washing machines and dishwashers, at off-peak times. It could spell good news for the Government too – if consumers respond to the incentives and use less energy, it may not be necessary to build new power stations. No wonder prime minister David Cameron pledged to commit £1bn to the smart grid project in his manifestos for both the European and UK elections.
This isn't the only benefit for utility companies. It will also cut their costs on two fronts. First, they won't have to foot the bill for staff to go out and read the meters. Second, as first:utility, the Midlands-based energy company discovered, more than 80 per cent of the queries handled by its call centres used to be about billing queries. Now, with smart meters installed, “that figure just falls off a cliff”, according to Mark Daeche, chief executive of first:utility. “The customer can see how much they're using and when they're using it, so it really has reduced the number of disputes quite dramatically,” he adds.
But it is this detailed information that is at the centre of concerns about privacy. If the energy consumption data collated by a smart meter fell into the wrong hands, it could be useful to burglars, as they would be able to easily deduce whether a property's occupants were likely to be at home or not.
“This is where I see issues of security on the roll-out of smart meters,” admits Daeche. “We know how important it is that this information stays private.” To reduce personal data theft, first:utility, which has more than 20,000 smart meters installed in the UK, encrypts information at the ‘head-end' servers that manage the data collection before it is sent via an SMS packet. It is then decrypted when it reaches the utility provider's system, which manages and monitors the meters.
Trevor Niblock, who is head of security for British Gas smart metering, agrees that privacy is “a really big challenge. We have the potential to collect a lot of information about our customers,” he admits. That could be the least of his worries. By Niblock's own admission, attacks on the head-end system are also a pressing concern. They could cause wide-scale outages – a denial-of-service attack. “If someone were to take control of the head-end, the potential is there to turn off a number of meters,” he says.
British Gas, and parent company Centrica, has gone to some lengths to help mitigate such threats. It employs two full-time staff with experience in security dedicated to the project, as well as a central policy and governance team that establishes the policies and practice standards Centrica has to conform to. It also partners with Deloitte & Touche, which helps the company with things such as penetration testing and risk assessment of its supply chain.
Concerns around security become even more pressing as the proliferation of smart meters paves the way for the implementation of a national ‘smart grid'. “For me, the main concern is that whole areas of countries or cities could be taken out,” explains security expert – and a Jericho Forum founding director – David Lacey. “Not only would the amount of disruption caused be massive, but it also makes you very vulnerable to other forms of attack.”
Utility companies such as British Gas and first:utility are adamant that this is impossible, with first:utility boss Daeche even going so far as to accuse the press of “scaremongering”. Admittedly, it does seem unlikely at present: there is no connection between meters, so it would be difficult to take out a neighbourhood, let alone a city. But with the arrival of the smart grid, which Niblock predicts will be in the next ten years, further steps will have to be taken to mitigate the threat.
The lengthy life-span of the meters means that the technology decisions being made now by the utility companies will undoubtedly have an impact in the future. “If you make a poor choice today, you may be stuck for the next ten to 15 years with that technology,” says Pennell.
Or worse still, if a vulnerability is discovered, every meter may need to be replaced, at a cost of millions of pounds. Pennell's advice for the utility providers? Do your homework. “It really is a case on this one of ‘measure twice, cut once'.”
Smart pros and cons
Not everyone is convinced of the viability of smart meters – or that there are adequate protections in place. Some say that, once hacked, the devices could infect the UK's entire smart grid – which the Government has already stated is a part of the critical national infrastructure.
Security expert David Lacey outlines a scary scenario where people could exploit security holes in smart meters to not only find out when an inhabitant is away – to burgle the home – but eventually shut off air conditioning units or city streetlights and even cause wide-scale outages by damaging distribution systems.
“The level of the threat is very sophisticated,” Lacey warns, “which means that the smart meters have to be designed to the highest standard to ensure that they can withstand a sophisticated, sustained and strategic attack.” As he points out, the companies who sell meters don't normally have an awful lot of expertise in security. “They are doing their best,” he says – but their best may not be good enough when it “has to be almost beyond the state of the art to get this right”.
Lacey also warned that a lack of industry standards for security, reliability, data sharing and privacy could result in the utilities and government wasting a lot of money on systems that could be obsolete in a few years' time. “I think the approach has been very much ‘hands off industry', but there needs to be a much tougher line.”
A main cause for concern is the remote connect/disconnect feature. It pretty much does what it says on the tin: it will allow the utility companies to turn the power on and off without actually having to access the property, as would have been the case previously. And because UK providers want to have this feature across all three main utility services – electricity, gas and water – that will mean all three services can be shut off remotely via a communications channel (such as GPRS) that has been plagued with security issues in the past.
Lacey may well have a point when he says that security measures currently in place – on both sides of the Atlantic – aren't up to scratch.
Seattle-based security firm IOActive went so far as to develop its own worm to infiltrate a network of devices in the US, to prove the weakness of smart meters. Joshua Pennell, IOActive founder and president, says that the experiment prompted US standards bodies to release a raft of information and guidance material to help educate the public and also get them to ask the right questions of the vendor community. “That's not to say we're out of the woods yet, though,” he warns.