UK smart meters could be vulnerable to cyber attacks – GCHQ warns

As homes across the world become smarter, the UK government wants to jump on this trend by installing smart energy meters in millions of homes across the country.

Ultimately, the government wants every home in the country to have a smart meter. At present, only 8 million out of 27 million households have signed up to the £11 billion scheme.

Smart meters, an addition of the smart home, are designed to improve efficiency and reduce costs. Instead of energy suppliers needing to send someone round to check meters, the smart meters will electronically send data to suppliers. The energy department estimates this will help dual fuel households save £26 on the average by 2020, and reduce millions of tonnes of greenhouse gas emissions.

>See also: Britain leads smart meter revolution

However, the intelligence agency GCHQ has raised security concerns over the proposal. The introduction of internet-connected smart meters could enable hackers to steal personal details and defraud UK customers.

As a result of this, the rollout of this second generation of smart meters – SMETS 2 – has been delayed.

“With smart meters in particular, they’re a risk to households across the UK for a few reasons,” says Kirill Kasavchenko, principal security technologist, EMEA at NETSCOUT Arbor.

“They’re generally always turned on, they mostly reside on residential networks which aren’t monitored for either incoming or outgoing attack traffic, and the networks where they’re deployed increasingly offer high-speed connections. Everyone needs to take responsibility for their role in protecting our connected world against criminal activities, which is why all players need to assess how they can make it harder for criminals to exploit devices. From the utilities companies, to the manufacturers of these devices, to consumers – we all need to come together to create a more cyber aware culture.”

However, Robert Cheesewright, of Smart Energy GB, the Government-funded agency promoting the smart meter roll-out, said: “Smart meters are one of the safest and most secure pieces of technology in your home.”

>See also: The smart meter debate: from energy supplier to lifestyle provider

“Only energy data is stored on a meter and this is encrypted. Your name, address, bank account or other financial details are not stored on the meter.”

Whole household at risk?

The danger of a connected smart home is that once one system is compromised, like a smart metre, then hackers may gain access other computers and internet-connected devices around the home. These devices may contain sensitive personal information.

Nick Hunn, a wireless technology expert from London-based WiFore, told The Mail on Sunday: “This smart meter technology has created a Trojan horse. My understanding is that GCHQ was not best pleased when it realised how insecure these devices could be and is still not happy.”

“The big problem is that the smart meter project is being blindly driven forward by career civil servants who do not have a clue about cyber security and who do not care as the taxpayer is footing the bill.”

>See also: How technology is revolutionising the energy sector

Security by design

Dr Ian Levy, of GCHQ, says in an article about smart metering on the National Cyber Security Centre website: “Of course, no system is completely secure, and nothing is invulnerable.”

“However, we’re confident that the Smart Metering System strikes the best balance between security and business needs, whilst meeting broader policy and national security objectives.”

IoT devices are often seen as attractive targets to attackers, because of quantity. So many, billions and billions, are shipped with basic security settings, and these embedded security systems are usually never updated in order to patch against security vulnerabilities.

However, manufacturers are waking up to the need to secure these devices in production, and as Levy suggests, these smart meters have been designed with security in mind.

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...