UK Government Says Smart Meters Can Definitely Be Trusted Because GCHQ Designed Their Security

from the oh,-that's-OK,-then dept

The idea behind smart meters — that detailed information about how you consume electricity will allow you to use power more efficiently and thus cut your bills and your home’s carbon emissions — is a good one in theory. And yet smart meters are still not used very widely, even in countries like the UK, where the government has a strategy to install millions of them by 2020. Actually, the likely savings by users are small, but smart meters also promise to allow the electricity industry to lower salary costs by carrying out meter readings remotely, which is one reason why it is so keen on the idea. Another is because smart meters make it is easy to cut off someone’s supply if they don’t pay their bills.

The slow uptake of smart meters seems in part to be due to public concerns about security. People are worried that their smart meter will spy on them, sending back information to electricity companies that might be intercepted and used for targeted burglary when they are away. Similarly, there are fears that if the smart meter control system were compromised, domestic electricity supplies might be at risk on a large scale.

One of UK Parliament’s most important committees, the one monitoring science and technology, has just published a report into the UK smart meter roll-out, offering recommendations for ways to speed it up. Security is an issue it discusses, and one of the committee’s recommendations is as follows:

We recommend that the Government consider further how to communicate the level of thought that has gone into designing a secure system for smart metering

More about that “level of thought” is found in an appendix to the report, which contains the UK government’s evidence on this topic, including the following statement:

The Department of Energy and Climate Change (DECC) has worked with GCHQ since the very early design stage of the rollout, when the programme was initiated. The engagement with GCHQ has been one of partnership, issue discussion and resolution.

Helpfully, GCHQ has written a long and interesting description of its work on smart meters, and how it has tried to make UK smart meters resistant to attack. The post concludes:

We hope that this article has explained the thinking behind the design of the Smart Metering System. DECC, with support from GCHQ (part of which will be become the National Cyber Security Centre) has security right at the top of the list of things it cares about. Of course, no system is completely secure, and nothing is invulnerable. However, we?re confident that the Smart Metering System strikes the best balance between security and business needs, whilst meeting broader policy and national security objectives.

It’s interesting that the post mentions national security objectives. As Techdirt has reported, one of the worst features of the UK’s Investigatory Powers Bill that is currently wending it way through Parliament is that it creates a legal framework to allow GCHQ and the other intelligence agencies to hack into any kind of equipment in order to carry out surveillance. Of course, that’s really rather easy when you were the one who designed its security systems.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “UK Government Says Smart Meters Can Definitely Be Trusted Because GCHQ Designed Their Security”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Having GCHQ secure something is like putting...

… the NSA in charge of ensuring your privacy.

… the CIA in charge of making sure that prisoners are treated well.

… the FBI in charge of stopping terrorist plots.

… EA in charge of ensuring quality games.

… Hollywood in charge of financial auditing to spot dodgy accounting employed by movie studios.

… AT&T in charge of reviewing potential monopoly abuses regarding cable/fiber deployment.

… the East Texas courts in charge of approving or denying patent applications.

Anonymous Coward says:

Re: Power Meter Security

Sort of.

See, the key thing about smart meters is that they necessarily have to transmit power usages and they also need to receive updated pricings and similar things.

Not that I trust GCHQ-designed anything, buyt rather to point out use-cases where transceiving is an appropriate method.

DannyB (profile) says:

Re: Re: Power Meter Security

Even if the meter could use pricing information to show a cost total for the billing cycle, this is a non essential function.

It would seem like a meter could be designed securely enough to have an ultra simple protocol for receiving this, and simply fall back to ignoring it in the case of any failure.

In fact, even transmitting is a non essential function. The main function is to keep the power flowing. Secondarily to measure it.

If a microcontroller has the separate and only function of talking to the outside world, then this would seem to limit the damage that anyone could remotely do to the power meter. Assuming it were to be designed with security in mind FROM THE START, not bolted on later.

Of course a proper GOVERNMENT design would be:
1. The power meter smart features must use the customer’s network. (Let’s make it use the customers electrical power to just to add insult.)
2. The power meter can get remote updates from the government
3. The microcontroller has plenty of extra processor power and local flash. Useful for future updates which add ‘features’ that have little or nothing to do with a power meter’s primary function.

4. The optional power meter smart features become mandatory.

The EULA clearly states that any information the power meter finds on your personal network, or as a result of injecting penetration code into other devices / systems on your local network is collected for the government. For your own good. Purely for statistical purposes only. Trust us. Your agreement acknowledges your assent and affirmation that the government is your friend and you trust the government.

Anonymous Coward says:

Re: Re: Re: Power Meter Security

Of course there is also such a thing as powerline ethernet typically used when wireless isn’t that good. The gov’t won’t want to sniff those packets either……

I have a theory that most modern computer power supplies already have powerline ethernet capability and all one has to do is send the proper signal to it to access the computer bus traffic. The smart meters are just local repeaters and also provide geographic location.

JBDragon (profile) says:

Re: Re: Power Meter Security

Smart meters don’t need to update pricing, that’s just dumb! They measure the electricity used. Your electric company takes that number that it gets from your smart meter and charges you the currant rate. If you’re one that is setup to charge different rates depending on the hour, lower prices at night, higher prices during the day, it’ll send that Data. In fact, if you look at your bill, it’ll generally show you how much power you’re using at each hour.

But like all things, you need 2 way communication. The smart meter is normally just doing what a meter reader would do. Send the current usage. Subtract last month number to the currant number and you get how much power was used.

2 way is so the meter knows the power company received it’s data. It’s also so they can turn on/off your power without someone coming in a truck and pulling the meter to kill your power. It’s killing lots of jobs. It’s all just done in the office.

Harry Payne (profile) says:

It's not a question of trusting CESG

It’s a question of “do you trust your supplier not to cut you off arbitrarialy?”

Currently, gas or electricity supplies can only be disconnected if you’ve got a pre-pay meter and don’t feed it, or if you’re so far behind on your payments they’ve had to get a court order to physically enter your home and throw the switch.

Putting a smart meter in, which under the standards agreed for use in the UK allows for remote disconnection, makes everyone essentially a pre-pay meter user. The cost of turning someone off at the flick of a switch is far less than having to go through the courts, so the threshold for doing so will fall. Miss a single payment for whatever reason, whether it’s because of an emergency or the bank messing up a direct debit, and the lights could go out and the heating go off.

Leaving aside the argument that if you don’t want to be cut off you should pay up, which is valid and has great merit, there’s then the risk of being cut off accidentally – and neither of my suppliers is even thinking about compensation for that, just giving assurances it will never happen.

Yeah, as they say, right.

Anonymous Howard II says:

Re: It's not a question of trusting CESG

Leaving aside the argument that if you don’t want to be cut off you should pay up, which is valid and has great merit, there’s then the risk of being cut off accidentally

Given that UK energy suppliers – especially the so-called Big Six – have a lengthy history of monumental cockups with regards to billing, it’s entirely possible that scores of people who have never had a late or missed payment will be erroneously disconnected.

Ninja (profile) says:

If there’s a system that does the reading automatically and no human can touch anything real time then it could be ok. It’s actually more efficient and exposes less people to exhaustive work conditions (having to visit every single meter). However that’s as far as smart should go. Having the power to easily cut the power is very problematic in many ways. I can personally see trigger happy law enforcement ordering power cuts without any oversight… Because national security. Or something.

Anonymous Coward says:

Missing the big picture here.

One algorithm on Electricity usage can tell the GHCQ the a very good approximation of the quantity of humans living within the house.

Add Water meter usage monitoring and they will know exactly.

They will know when you have guests, they will know if it is a Cell safe house….

Bottom line is. They will know.

Not an Electronic Rodent (profile) says:


However, we’re confident that the Smart Metering System strikes the best balance between security and business needs, whilst meeting broader policy and national security objectives.

Did anyone else read that as: “
…strikes the best balance between pretending it does what we say, whilst leaving a nice backdoor that we can use to gather more information about you and hope no-one else notices it.”?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...