UK Government Says Smart Meters Can Definitely Be Trusted Because GCHQ Designed Their Security
For some years, I have advised everyone to *not* have a smart meter fitted. Did you know that the UK is about to start suffering power shortages and brownouts, until new forms of power generation are online? Therefore with a smart meter fitted, it would allow the government to cut off power for say an hour or two, street by street. It also allows the power company to cut off your electricity supply if you were late paying, or if they lost your payment. There is one further twist to the story, GCHQ are heavily invested in the design of smart meters, against their will. Yes, Privacy advocates and GCHQ agree on one thing – that Smart meters are not a good idea. Yet, GCHQ are heavily involved in their design. Now, why is that? And the answer to that question, is the reason that smart meters are to be avoided.
The Inquirer Reported that:
INTELLIGENCE AGENCY GCHQ has intervened in the rollout of smart meters to demand better encryption to protect UK electricity and gas supplies.
GCHQ barged in after spooks cast their eyes over the plans and realised that power companies were proposing to use a single decryption key for communications from the 53 million smart meters that will eventually be installed in the UK.
The agency was concerned that the glaring security weakness could enable hackers, once they’d cracked the key, to gain access to the network and potentially wreak havoc by shutting down meters en masse, causing power surges across the network.
The security flaws would have been particularly catastrophic as the UK’s ‘Rolls Royce’ (i.e. unnecessarily expensive) smart metering system doesn’t just automate meter reading. It enables power companies to engage in power management and even to cut people off remotely if they haven’t paid their bills.
The UK’s smart metering system, which has only just started being rolled out years late, has been widely criticised.
So who is promoting the idea of smart meters?
The idea behind smart meters — that detailed information about how you consume electricity will allow you to use power more efficiently and thus cut your bills and your home’s carbon emissions — is a good one in theory. And yet smart meters are still not used very widely, even in countries like the UK, where the government has a strategy to install millions of them by 2020. Actually, the likely savings by users are small, but smart meters also promise to allow the electricity industry to lower salary costs by carrying out meter readings remotely, which is one reason why it is so keen on the idea. Another is because smart meters make it is easy to cut off someone’s supply if they don’t pay their bills.
The slow uptake of smart meters seems in part to be due to public concerns about security. People are worried that their smart meter will spy on them, sending back information to electricity companies that might be intercepted and used for targeted burglary when they are away. Similarly, there are fears that if the smart meter control system were compromised, domestic electricity supplies might be at risk on a large scale.
One of UK Parliament’s most important committees, the one monitoring science and technology, has just published a report into the UK smart meter roll-out, offering recommendations for ways to speed it up. Security is an issue it discusses, and one of the committee’s recommendations is as follows:
We recommend that the Government consider further how to communicate the level of thought that has gone into designing a secure system for smart metering
More about that “level of thought” is found in an appendix to the report, which contains the UK government’s evidence on this topic, including the following statement:
The Department of Energy and Climate Change (DECC) has worked with GCHQ since the very early design stage of the rollout, when the programme was initiated. The engagement with GCHQ has been one of partnership, issue discussion and resolution.
Helpfully, GCHQ has written a long and interesting description of its work on smart meters, and how it has tried to make UK smart meters resistant to attack. The post concludes:
We hope that this article has explained the thinking behind the design of the Smart Metering System. DECC, with support from GCHQ (part of which will be become the National Cyber Security Centre) has security right at the top of the list of things it cares about. Of course, no system is completely secure, and nothing is invulnerable. However, we’re confident that the Smart Metering System strikes the best balance between security and business needs, whilst meeting broader policy and national security objectives.
It’s interesting that the post mentions national security objectives. As Techdirt has reported, one of the worst features of the UK’s Investigatory Powers Bill that is currently wending it way through Parliament is that it creates a legal framework to allow GCHQ and the other intelligence agencies to hack into any kind of equipment in order to carry out surveillance. Of course, that’s really rather easy when you were the one who designed its security systems.
- You won’t save money.
- The data makes it easier for burglars and the state to target you.
- National states will be able to hack the smart meter and turn off your electricity. This puts our national infrastructure at risk of cyber attack.
- Power companies will be able to disconnect your supply if there is a financial dispute.
- The state will be able to introduce rolling blackouts or restrict power supply.
- The security behind the smart meter, is a joke (to be blunt). A single decryption key for 53 million homes, would have left the civilian infrastructure in a state of jeopardy.
Remember, GCHQ did not want smart meters, so who forced their hand?