UK Government Says Smart Meters Can Definitely Be Trusted Because GCHQ Designed Their Security
from the oh,-that's-OK,-then dept
The idea behind smart meters — that detailed information about how you consume electricity will allow you to use power more efficiently and thus cut your bills and your home’s carbon emissions — is a good one in theory. And yet smart meters are still not used very widely, even in countries like the UK, where the government has a strategy to install millions of them by 2020. Actually, the likely savings by users are small, but smart meters also promise to allow the electricity industry to lower salary costs by carrying out meter readings remotely, which is one reason why it is so keen on the idea. Another is because smart meters make it is easy to cut off someone’s supply if they don’t pay their bills.
The slow uptake of smart meters seems in part to be due to public concerns about security. People are worried that their smart meter will spy on them, sending back information to electricity companies that might be intercepted and used for targeted burglary when they are away. Similarly, there are fears that if the smart meter control system were compromised, domestic electricity supplies might be at risk on a large scale.
One of UK Parliament’s most important committees, the one monitoring science and technology, has just published a report into the UK smart meter roll-out, offering recommendations for ways to speed it up. Security is an issue it discusses, and one of the committee’s recommendations is as follows:
We recommend that the Government consider further how to communicate the level of thought that has gone into designing a secure system for smart metering
More about that “level of thought” is found in an appendix to the report, which contains the UK government’s evidence on this topic, including the following statement:
The Department of Energy and Climate Change (DECC) has worked with GCHQ since the very early design stage of the rollout, when the programme was initiated. The engagement with GCHQ has been one of partnership, issue discussion and resolution.
Helpfully, GCHQ has written a long and interesting description of its work on smart meters, and how it has tried to make UK smart meters resistant to attack. The post concludes:
We hope that this article has explained the thinking behind the design of the Smart Metering System. DECC, with support from GCHQ (part of which will be become the National Cyber Security Centre) has security right at the top of the list of things it cares about. Of course, no system is completely secure, and nothing is invulnerable. However, we?re confident that the Smart Metering System strikes the best balance between security and business needs, whilst meeting broader policy and national security objectives.
It’s interesting that the post mentions national security objectives. As Techdirt has reported, one of the worst features of the UK’s Investigatory Powers Bill that is currently wending it way through Parliament is that it creates a legal framework to allow GCHQ and the other intelligence agencies to hack into any kind of equipment in order to carry out surveillance. Of course, that’s really rather easy when you were the one who designed its security systems.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: gchq, security, smart meters, surveillance, trust, uk
Comments on “UK Government Says Smart Meters Can Definitely Be Trusted Because GCHQ Designed Their Security”
Having GCHQ secure something is like putting...
… the NSA in charge of ensuring your privacy.
… the CIA in charge of making sure that prisoners are treated well.
… the FBI in charge of stopping terrorist plots.
… EA in charge of ensuring quality games.
… Hollywood in charge of financial auditing to spot dodgy accounting employed by movie studios.
… AT&T in charge of reviewing potential monopoly abuses regarding cable/fiber deployment.
… the East Texas courts in charge of approving or denying patent applications.
Re: Having GCHQ secure something is like putting...
Might as well just start referring to them as the “International Secret Police Community” since the revelations within the last few years have shown the massive amounts of information sharing and collaboration occurring.
Re: Having GCHQ secure something is like putting...
You left out . . .
…Microsoft in charge of technology vision and innovation.
Re: Having GCHQ secure something is like putting...
….the NSA deliver your firewall.
that detailed information about how you consume electricity will allow you to use power more efficiently
You have a mistake in your article. The above line should read:
that detailed information about how you consume electricity will allow your power use to be controlled more efficiently
Power Meter Security
Why would a power meter need to receive any information at all?
Shouldn’t a power meter be Transmit Only?
Sort of like an internet troll. But whatever.
Re: Power Meter Security
Sort of.
See, the key thing about smart meters is that they necessarily have to transmit power usages and they also need to receive updated pricings and similar things.
Not that I trust GCHQ-designed anything, buyt rather to point out use-cases where transceiving is an appropriate method.
Re: Re: Power Meter Security
Even if the meter could use pricing information to show a cost total for the billing cycle, this is a non essential function.
It would seem like a meter could be designed securely enough to have an ultra simple protocol for receiving this, and simply fall back to ignoring it in the case of any failure.
In fact, even transmitting is a non essential function. The main function is to keep the power flowing. Secondarily to measure it.
If a microcontroller has the separate and only function of talking to the outside world, then this would seem to limit the damage that anyone could remotely do to the power meter. Assuming it were to be designed with security in mind FROM THE START, not bolted on later.
Of course a proper GOVERNMENT design would be:
1. The power meter smart features must use the customer’s network. (Let’s make it use the customers electrical power to just to add insult.)
2. The power meter can get remote updates from the government
3. The microcontroller has plenty of extra processor power and local flash. Useful for future updates which add ‘features’ that have little or nothing to do with a power meter’s primary function.
Later:
4. The optional power meter smart features become mandatory.
The EULA clearly states that any information the power meter finds on your personal network, or as a result of injecting penetration code into other devices / systems on your local network is collected for the government. For your own good. Purely for statistical purposes only. Trust us. Your agreement acknowledges your assent and affirmation that the government is your friend and you trust the government.
Re: Re: Re: Power Meter Security
Of course there is also such a thing as powerline ethernet typically used when wireless isn’t that good. The gov’t won’t want to sniff those packets either……
I have a theory that most modern computer power supplies already have powerline ethernet capability and all one has to do is send the proper signal to it to access the computer bus traffic. The smart meters are just local repeaters and also provide geographic location.
Re: Re: Power Meter Security
Smart meters don’t need to update pricing, that’s just dumb! They measure the electricity used. Your electric company takes that number that it gets from your smart meter and charges you the currant rate. If you’re one that is setup to charge different rates depending on the hour, lower prices at night, higher prices during the day, it’ll send that Data. In fact, if you look at your bill, it’ll generally show you how much power you’re using at each hour.
But like all things, you need 2 way communication. The smart meter is normally just doing what a meter reader would do. Send the current usage. Subtract last month number to the currant number and you get how much power was used.
2 way is so the meter knows the power company received it’s data. It’s also so they can turn on/off your power without someone coming in a truck and pulling the meter to kill your power. It’s killing lots of jobs. It’s all just done in the office.
Re: Re: Re: Power Meter Security
Smart meters don’t need to update pricing, that’s just dumb!
People make up dumb shit all the time.
Re: Power Meter Security
Smart meters can be commanded to turn off the mains supply.
Think about that for a bit. I was going to go into my thoughts, but I’ve decided to keep them to myself. But I’m sure you can think of some things.
It's not a question of trusting CESG
It’s a question of “do you trust your supplier not to cut you off arbitrarialy?”
Currently, gas or electricity supplies can only be disconnected if you’ve got a pre-pay meter and don’t feed it, or if you’re so far behind on your payments they’ve had to get a court order to physically enter your home and throw the switch.
Putting a smart meter in, which under the standards agreed for use in the UK allows for remote disconnection, makes everyone essentially a pre-pay meter user. The cost of turning someone off at the flick of a switch is far less than having to go through the courts, so the threshold for doing so will fall. Miss a single payment for whatever reason, whether it’s because of an emergency or the bank messing up a direct debit, and the lights could go out and the heating go off.
Leaving aside the argument that if you don’t want to be cut off you should pay up, which is valid and has great merit, there’s then the risk of being cut off accidentally – and neither of my suppliers is even thinking about compensation for that, just giving assurances it will never happen.
Yeah, as they say, right.
Re: It's not a question of trusting CESG
Given that UK energy suppliers – especially the so-called Big Six – have a lengthy history of monumental cockups with regards to billing, it’s entirely possible that scores of people who have never had a late or missed payment will be erroneously disconnected.
If there’s a system that does the reading automatically and no human can touch anything real time then it could be ok. It’s actually more efficient and exposes less people to exhaustive work conditions (having to visit every single meter). However that’s as far as smart should go. Having the power to easily cut the power is very problematic in many ways. I can personally see trigger happy law enforcement ordering power cuts without any oversight… Because national security. Or something.
Re: Re:
. . . or something.
Or because someone insulted the delicate feelings of someone in law enforcement. Especially if the insult was by use of the simply truth. Plain unvarnished facts made public.
Missing the big picture here.
One algorithm on Electricity usage can tell the GHCQ the a very good approximation of the quantity of humans living within the house.
Add Water meter usage monitoring and they will know exactly.
They will know when you have guests, they will know if it is a Cell safe house….
Bottom line is. They will know.
Re: Re:
They will know if it is grow house for certain kinds of plants.
Re: Re: Re:
Not with compact fluorescent bulbs anymore. Used to take thousands of watts of HPS and/or Metal Halide for an 8′ x 11′ room. Those days are gone.
Re: Re: Re:
The grower is trying to make money for themselves, and not the electricity supplier, and so the first thing they do is bypass the meter. They do not need to disconnect the meter, just take the growing supply from before the meter, so that the meter continues to report the same power usage as before.
Translation
Did anyone else read that as: “
…strikes the best balance between pretending it does what we say, whilst leaving a nice backdoor that we can use to gather more information about you and hope no-one else notices it.”?
We have the right to hack you anytime, anywhere, because we think we can.
Greed is what drives smart meters installs
Once everyone where I live were converted over to smart meters, amazingly we started paying more during “peak” hours.
You can thank smart meters for that since they now know how much is being used and when.
Pure evil.
reads: balance between security and business needs
thinks: see-saw: mouse / elephant
GCHQ can’t be trusted. They are NSA’s best friends.
“lower salary costs by carrying out meter readings remotely”
Read as layoffs.
From the people that are proud to protect pedophiles when they are caught with your children
Australia
We need smart meters in Australia. Here’s why:
http://i35.photobucket.com/albums/d196/kat-cassidy/Randomness/No_zpso2f8fprc.png
Re: "Shoo, shoo, I need to check the box, you can come back once I'm done."
This is Australia you’re talking about, where everything up to and including the ground itself is trying to kill you, I’d think a mamma spider and a hundred or so baby spiders would be just another day on the job for an electrician there.
You know, it doesn’t have to be “smart” to be read remotely…