UK Government Says Smart Meters Can Definitely Be Trusted Because GCHQ Designed Their Security

from the oh,-that's-OK,-then dept

The idea behind smart meters -- that detailed information about how you consume electricity will allow you to use power more efficiently and thus cut your bills and your home's carbon emissions -- is a good one in theory. And yet smart meters are still not used very widely, even in countries like the UK, where the government has a strategy to install millions of them by 2020. Actually, the likely savings by users are small, but smart meters also promise to allow the electricity industry to lower salary costs by carrying out meter readings remotely, which is one reason why it is so keen on the idea. Another is because smart meters make it is easy to cut off someone's supply if they don't pay their bills.

The slow uptake of smart meters seems in part to be due to public concerns about security. People are worried that their smart meter will spy on them, sending back information to electricity companies that might be intercepted and used for targeted burglary when they are away. Similarly, there are fears that if the smart meter control system were compromised, domestic electricity supplies might be at risk on a large scale.

One of UK Parliament's most important committees, the one monitoring science and technology, has just published a report into the UK smart meter roll-out, offering recommendations for ways to speed it up. Security is an issue it discusses, and one of the committee's recommendations is as follows:

We recommend that the Government consider further how to communicate the level of thought that has gone into designing a secure system for smart metering
More about that "level of thought" is found in an appendix to the report, which contains the UK government's evidence on this topic, including the following statement:
The Department of Energy and Climate Change (DECC) has worked with GCHQ since the very early design stage of the rollout, when the programme was initiated. The engagement with GCHQ has been one of partnership, issue discussion and resolution.
Helpfully, GCHQ has written a long and interesting description of its work on smart meters, and how it has tried to make UK smart meters resistant to attack. The post concludes:
We hope that this article has explained the thinking behind the design of the Smart Metering System. DECC, with support from GCHQ (part of which will be become the National Cyber Security Centre) has security right at the top of the list of things it cares about. Of course, no system is completely secure, and nothing is invulnerable. However, we’re confident that the Smart Metering System strikes the best balance between security and business needs, whilst meeting broader policy and national security objectives.
It's interesting that the post mentions national security objectives. As Techdirt has reported, one of the worst features of the UK's Investigatory Powers Bill that is currently wending it way through Parliament is that it creates a legal framework to allow GCHQ and the other intelligence agencies to hack into any kind of equipment in order to carry out surveillance. Of course, that's really rather easy when you were the one who designed its security systems.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 29 Sep 2016 @ 2:44am

    Having GCHQ secure something is like putting...

    ... the NSA in charge of ensuring your privacy.

    ... the CIA in charge of making sure that prisoners are treated well.

    ... the FBI in charge of stopping terrorist plots.

    ... EA in charge of ensuring quality games.

    ... Hollywood in charge of financial auditing to spot dodgy accounting employed by movie studios.

    ... AT&T in charge of reviewing potential monopoly abuses regarding cable/fiber deployment.

    ... the East Texas courts in charge of approving or denying patent applications.

    reply to this | link to this | view in chronology ]

    • icon
      Agonistes (profile), 29 Sep 2016 @ 3:49am

      Re: Having GCHQ secure something is like putting...

      Might as well just start referring to them as the "International Secret Police Community" since the revelations within the last few years have shown the massive amounts of information sharing and collaboration occurring.

      reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 29 Sep 2016 @ 5:27am

      Re: Having GCHQ secure something is like putting...

      You left out . . .

      ...Microsoft in charge of technology vision and innovation.

      reply to this | link to this | view in chronology ]

    • icon
      Lord Lidl of Cheem (profile), 30 Sep 2016 @ 1:31am

      Re: Having GCHQ secure something is like putting...

      ....the NSA deliver your firewall.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Sep 2016 @ 4:39am

    that detailed information about how you consume electricity will allow you to use power more efficiently

    You have a mistake in your article. The above line should read:

    that detailed information about how you consume electricity will allow your power use to be controlled more efficiently

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 29 Sep 2016 @ 5:30am

    Power Meter Security

    Why would a power meter need to receive any information at all?

    Shouldn't a power meter be Transmit Only?

    Sort of like an internet troll. But whatever.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Sep 2016 @ 5:36am

      Re: Power Meter Security

      Sort of.

      See, the key thing about smart meters is that they necessarily have to transmit power usages and they also need to receive updated pricings and similar things.

      Not that I trust GCHQ-designed anything, buyt rather to point out use-cases where transceiving is an appropriate method.

      reply to this | link to this | view in chronology ]

      • icon
        DannyB (profile), 29 Sep 2016 @ 6:16am

        Re: Re: Power Meter Security

        Even if the meter could use pricing information to show a cost total for the billing cycle, this is a non essential function.

        It would seem like a meter could be designed securely enough to have an ultra simple protocol for receiving this, and simply fall back to ignoring it in the case of any failure.

        In fact, even transmitting is a non essential function. The main function is to keep the power flowing. Secondarily to measure it.

        If a microcontroller has the separate and only function of talking to the outside world, then this would seem to limit the damage that anyone could remotely do to the power meter. Assuming it were to be designed with security in mind FROM THE START, not bolted on later.

        Of course a proper GOVERNMENT design would be:
        1. The power meter smart features must use the customer's network. (Let's make it use the customers electrical power to just to add insult.)
        2. The power meter can get remote updates from the government
        3. The microcontroller has plenty of extra processor power and local flash. Useful for future updates which add 'features' that have little or nothing to do with a power meter's primary function.

        Later:
        4. The optional power meter smart features become mandatory.

        The EULA clearly states that any information the power meter finds on your personal network, or as a result of injecting penetration code into other devices / systems on your local network is collected for the government. For your own good. Purely for statistical purposes only. Trust us. Your agreement acknowledges your assent and affirmation that the government is your friend and you trust the government.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 29 Sep 2016 @ 9:37am

          Re: Re: Re: Power Meter Security

          Of course there is also such a thing as powerline ethernet typically used when wireless isn't that good. The gov't won't want to sniff those packets either......

          I have a theory that most modern computer power supplies already have powerline ethernet capability and all one has to do is send the proper signal to it to access the computer bus traffic. The smart meters are just local repeaters and also provide geographic location.

          reply to this | link to this | view in chronology ]

      • icon
        JBDragon (profile), 29 Sep 2016 @ 9:37am

        Re: Re: Power Meter Security

        Smart meters don't need to update pricing, that's just dumb! They measure the electricity used. Your electric company takes that number that it gets from your smart meter and charges you the currant rate. If you're one that is setup to charge different rates depending on the hour, lower prices at night, higher prices during the day, it'll send that Data. In fact, if you look at your bill, it'll generally show you how much power you're using at each hour.

        But like all things, you need 2 way communication. The smart meter is normally just doing what a meter reader would do. Send the current usage. Subtract last month number to the currant number and you get how much power was used.

        2 way is so the meter knows the power company received it's data. It's also so they can turn on/off your power without someone coming in a truck and pulling the meter to kill your power. It's killing lots of jobs. It's all just done in the office.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Sep 2016 @ 2:01pm

          Re: Re: Re: Power Meter Security

          Smart meters don't need to update pricing, that's just dumb!

          People make up dumb shit all the time.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Sep 2016 @ 8:02pm

      Re: Power Meter Security

      Smart meters can be commanded to turn off the mains supply.

      Think about that for a bit. I was going to go into my thoughts, but I've decided to keep them to myself. But I'm sure you can think of some things.

      reply to this | link to this | view in chronology ]

  • identicon
    Harry Payne, 29 Sep 2016 @ 5:42am

    It's not a question of trusting CESG

    It's a question of "do you trust your supplier not to cut you off arbitrarialy?"

    Currently, gas or electricity supplies can only be disconnected if you've got a pre-pay meter and don't feed it, or if you're so far behind on your payments they've had to get a court order to physically enter your home and throw the switch.

    Putting a smart meter in, which under the standards agreed for use in the UK allows for remote disconnection, makes everyone essentially a pre-pay meter user. The cost of turning someone off at the flick of a switch is far less than having to go through the courts, so the threshold for doing so will fall. Miss a single payment for whatever reason, whether it's because of an emergency or the bank messing up a direct debit, and the lights could go out and the heating go off.

    Leaving aside the argument that if you don't want to be cut off you should pay up, which is valid and has great merit, there's then the risk of being cut off accidentally - and neither of my suppliers is even thinking about compensation for that, just giving assurances it will never happen.

    Yeah, as they say, right.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Howard II, 29 Sep 2016 @ 8:05am

      Re: It's not a question of trusting CESG

      Leaving aside the argument that if you don't want to be cut off you should pay up, which is valid and has great merit, there's then the risk of being cut off accidentally


      Given that UK energy suppliers - especially the so-called Big Six - have a lengthy history of monumental cockups with regards to billing, it's entirely possible that scores of people who have never had a late or missed payment will be erroneously disconnected.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 29 Sep 2016 @ 6:39am

    If there's a system that does the reading automatically and no human can touch anything real time then it could be ok. It's actually more efficient and exposes less people to exhaustive work conditions (having to visit every single meter). However that's as far as smart should go. Having the power to easily cut the power is very problematic in many ways. I can personally see trigger happy law enforcement ordering power cuts without any oversight... Because national security. Or something.

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 29 Sep 2016 @ 6:46am

      Re:

      . . . or something.

      Or because someone insulted the delicate feelings of someone in law enforcement. Especially if the insult was by use of the simply truth. Plain unvarnished facts made public.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Sep 2016 @ 6:45am

    Missing the big picture here.

    One algorithm on Electricity usage can tell the GHCQ the a very good approximation of the quantity of humans living within the house.

    Add Water meter usage monitoring and they will know exactly.

    They will know when you have guests, they will know if it is a Cell safe house....

    Bottom line is. They will know.

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 29 Sep 2016 @ 6:47am

      Re:

      They will know if it is grow house for certain kinds of plants.

      reply to this | link to this | view in chronology ]

      • identicon
        I.T. Guy, 29 Sep 2016 @ 12:08pm

        Re: Re:

        Not with compact fluorescent bulbs anymore. Used to take thousands of watts of HPS and/or Metal Halide for an 8' x 11' room. Those days are gone.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Sep 2016 @ 1:03am

        Re: Re:

        The grower is trying to make money for themselves, and not the electricity supplier, and so the first thing they do is bypass the meter. They do not need to disconnect the meter, just take the growing supply from before the meter, so that the meter continues to report the same power usage as before.

        reply to this | link to this | view in chronology ]

  • icon
    Not an Electronic Rodent (profile), 29 Sep 2016 @ 6:48am

    Translation

    However, we’re confident that the Smart Metering System strikes the best balance between security and business needs, whilst meeting broader policy and national security objectives.
    Did anyone else read that as: "
    ...strikes the best balance between pretending it does what we say, whilst leaving a nice backdoor that we can use to gather more information about you and hope no-one else notices it."?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Sep 2016 @ 7:34am

    We have the right to hack you anytime, anywhere, because we think we can.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Sep 2016 @ 7:53am

    Greed is what drives smart meters installs

    Once everyone where I live were converted over to smart meters, amazingly we started paying more during "peak" hours.

    You can thank smart meters for that since they now know how much is being used and when.

    Pure evil.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Sep 2016 @ 9:37am

    reads: balance between security and business needs

    thinks: see-saw: mouse / elephant

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Sep 2016 @ 9:40am

    GCHQ can't be trusted. They are NSA's best friends.

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 29 Sep 2016 @ 12:00pm

    "lower salary costs by carrying out meter readings remotely"
    Read as layoffs.

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 29 Sep 2016 @ 12:01pm

    From the people that are proud to protect pedophiles when they are caught with your children

    reply to this | link to this | view in chronology ]

  • icon
    charliebrown (profile), 29 Sep 2016 @ 2:58pm

    Australia

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 29 Sep 2016 @ 3:08pm

      "Shoo, shoo, I need to check the box, you can come back once I'm done."

      This is Australia you're talking about, where everything up to and including the ground itself is trying to kill you, I'd think a mamma spider and a hundred or so baby spiders would be just another day on the job for an electrician there.

      reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 30 Sep 2016 @ 8:48am

    You know, it doesn't have to be "smart" to be read remotely...

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Home Cooking Is Killing Restaurants
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.