The government's vision to have every home in the UK equipped with smart energy meters is getting closer. Next year comes the mass rollout stage but in the meantime, three remaining bidders are battling it out for the right to provide the smart meters: SmartReach, Telefonica and Cable & Wireless.
Analysis: Industrial control systems under attack Smart meter rollout presents numerous technical challenges Computing research: Industrial control systems under attack
But IT industry insiders are concerned by the potential security risks smart meters present. Unscrupulous consumers could commit fraud by manipulating the data captured by the meter, or a hacker could compromise a smart meter to find out about a home owners' peaks of use to learn when they are likely to be out. More worryingly, smart meters are connected to smart grids, meaning that if someone is able to attack the system, they could impact the load balancing for energy supply on the whole grid, which may bring down part or all of the system.
However, David Green, business development director of SmartReach, a consortium of companies including BAE Detica, BT, Sensus and Arqiva, believes the system is secure, and there is no chance that they can be hacked.
In an interview with Computing, he explains why.
Computing: What are the steps you have taken to ensure that smart meters are secure?
David Green: Step one was completely revamping our network to make sure everything that should be secure, is secure. We formed a consortium, which involved Detica (now BAE Detica) which is a world-renowned cyber security expert company. Detica did a lot of cyber security work for government, large financial institutions and large corporate firms, where security is essential for the business. As we were building a new network, we were able to design security in from the outset, so we weren't trying to secure an old network and see how we're going to lock it down.
On top of that, we are working closely with CESG [Communications Electronics Security Group], to make sure that the end-to-end security model is as robust as it needs to be; what that means to a communications service provider is that we will be carrying encrypted data, between the energy companies and the metering systems, but on top of that we layer our own security and encryption.
Our solution is a radio-based network, based on a technology supplied by a company called Sensus. Sensus has deployed more than 12 million smart metering and smart grid devices, mainly in North America, and there have been no hacks on the system to date. What we have done is layer on security at various points of our network. So we have an AES256 encryption on the air interface, and we have a very secure operation sensor, which is also supported by a security operations centre. What that centre does is monitor the network 24-7, looking for potential intrusions and unusual activity on the network. Detica has some very sophisticated tools that can identify those potential intrusions before they actually happen.