UK Government Says Smart Meters Can Definitely Be Trusted Because GCHQ Designed Their Security
from the oh,-that's-OK,-then dept
The idea behind smart meters -- that detailed information about how you consume electricity will allow you to use power more efficiently and thus cut your bills and your home's carbon emissions -- is a good one in theory. And yet smart meters are still not used very widely, even in countries like the UK, where the government has a strategy to install millions of them by 2020. Actually, the likely savings by users are small, but smart meters also promise to allow the electricity industry to lower salary costs by carrying out meter readings remotely, which is one reason why it is so keen on the idea. Another is because smart meters make it is easy to cut off someone's supply if they don't pay their bills.
The slow uptake of smart meters seems in part to be due to public concerns about security. People are worried that their smart meter will spy on them, sending back information to electricity companies that might be intercepted and used for targeted burglary when they are away. Similarly, there are fears that if the smart meter control system were compromised, domestic electricity supplies might be at risk on a large scale.
One of UK Parliament's most important committees, the one monitoring science and technology, has just published a report into the UK smart meter roll-out, offering recommendations for ways to speed it up. Security is an issue it discusses, and one of the committee's recommendations is as follows:
We recommend that the Government consider further how to communicate the level of thought that has gone into designing a secure system for smart metering
More about that "level of thought" is found in an appendix to the report, which contains the UK government's evidence on this topic, including the following statement:
The Department of Energy and Climate Change (DECC) has worked with GCHQ since the very early design stage of the rollout, when the programme was initiated. The engagement with GCHQ has been one of partnership, issue discussion and resolution.
Helpfully, GCHQ has written a long and interesting description of its work on smart meters, and how it has tried to make UK smart meters resistant to attack. The post concludes:
We hope that this article has explained the thinking behind the design of the Smart Metering System. DECC, with support from GCHQ (part of which will be become the National Cyber Security Centre) has security right at the top of the list of things it cares about. Of course, no system is completely secure, and nothing is invulnerable. However, we’re confident that the Smart Metering System strikes the best balance between security and business needs, whilst meeting broader policy and national security objectives.
It's interesting that the post mentions national security objectives. As Techdirt has reported, one of the worst features of the UK's Investigatory Powers Bill that is currently wending it way through Parliament is that it creates a legal framework to allow GCHQ and the other intelligence agencies to hack into any kind of equipment in order to carry out surveillance. Of course, that's really rather easy when you were the one who designed its security systems.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: gchq, security, smart meters, surveillance, trust, uk
Reader Comments
Subscribe: RSS
View by: Time | Thread
Having GCHQ secure something is like putting...
... the CIA in charge of making sure that prisoners are treated well.
... the FBI in charge of stopping terrorist plots.
... EA in charge of ensuring quality games.
... Hollywood in charge of financial auditing to spot dodgy accounting employed by movie studios.
... AT&T in charge of reviewing potential monopoly abuses regarding cable/fiber deployment.
... the East Texas courts in charge of approving or denying patent applications.
[ link to this | view in chronology ]
Re: Having GCHQ secure something is like putting...
[ link to this | view in chronology ]
Re: Having GCHQ secure something is like putting...
...Microsoft in charge of technology vision and innovation.
[ link to this | view in chronology ]
Re: Having GCHQ secure something is like putting...
[ link to this | view in chronology ]
You have a mistake in your article. The above line should read:
that detailed information about how you consume electricity will allow your power use to be controlled more efficiently
[ link to this | view in chronology ]
Power Meter Security
Shouldn't a power meter be Transmit Only?
Sort of like an internet troll. But whatever.
[ link to this | view in chronology ]
Re: Power Meter Security
See, the key thing about smart meters is that they necessarily have to transmit power usages and they also need to receive updated pricings and similar things.
Not that I trust GCHQ-designed anything, buyt rather to point out use-cases where transceiving is an appropriate method.
[ link to this | view in chronology ]
Re: Re: Power Meter Security
It would seem like a meter could be designed securely enough to have an ultra simple protocol for receiving this, and simply fall back to ignoring it in the case of any failure.
In fact, even transmitting is a non essential function. The main function is to keep the power flowing. Secondarily to measure it.
If a microcontroller has the separate and only function of talking to the outside world, then this would seem to limit the damage that anyone could remotely do to the power meter. Assuming it were to be designed with security in mind FROM THE START, not bolted on later.
Of course a proper GOVERNMENT design would be:
1. The power meter smart features must use the customer's network. (Let's make it use the customers electrical power to just to add insult.)
2. The power meter can get remote updates from the government
3. The microcontroller has plenty of extra processor power and local flash. Useful for future updates which add 'features' that have little or nothing to do with a power meter's primary function.
Later:
4. The optional power meter smart features become mandatory.
The EULA clearly states that any information the power meter finds on your personal network, or as a result of injecting penetration code into other devices / systems on your local network is collected for the government. For your own good. Purely for statistical purposes only. Trust us. Your agreement acknowledges your assent and affirmation that the government is your friend and you trust the government.
[ link to this | view in chronology ]
Re: Re: Re: Power Meter Security
I have a theory that most modern computer power supplies already have powerline ethernet capability and all one has to do is send the proper signal to it to access the computer bus traffic. The smart meters are just local repeaters and also provide geographic location.
[ link to this | view in chronology ]
Re: Re: Power Meter Security
But like all things, you need 2 way communication. The smart meter is normally just doing what a meter reader would do. Send the current usage. Subtract last month number to the currant number and you get how much power was used.
2 way is so the meter knows the power company received it's data. It's also so they can turn on/off your power without someone coming in a truck and pulling the meter to kill your power. It's killing lots of jobs. It's all just done in the office.
[ link to this | view in chronology ]
Re: Re: Re: Power Meter Security
People make up dumb shit all the time.
[ link to this | view in chronology ]
Re: Power Meter Security
Think about that for a bit. I was going to go into my thoughts, but I've decided to keep them to myself. But I'm sure you can think of some things.
[ link to this | view in chronology ]
It's not a question of trusting CESG
Currently, gas or electricity supplies can only be disconnected if you've got a pre-pay meter and don't feed it, or if you're so far behind on your payments they've had to get a court order to physically enter your home and throw the switch.
Putting a smart meter in, which under the standards agreed for use in the UK allows for remote disconnection, makes everyone essentially a pre-pay meter user. The cost of turning someone off at the flick of a switch is far less than having to go through the courts, so the threshold for doing so will fall. Miss a single payment for whatever reason, whether it's because of an emergency or the bank messing up a direct debit, and the lights could go out and the heating go off.
Leaving aside the argument that if you don't want to be cut off you should pay up, which is valid and has great merit, there's then the risk of being cut off accidentally - and neither of my suppliers is even thinking about compensation for that, just giving assurances it will never happen.
Yeah, as they say, right.
[ link to this | view in chronology ]
Re: It's not a question of trusting CESG
Given that UK energy suppliers - especially the so-called Big Six - have a lengthy history of monumental cockups with regards to billing, it's entirely possible that scores of people who have never had a late or missed payment will be erroneously disconnected.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Or because someone insulted the delicate feelings of someone in law enforcement. Especially if the insult was by use of the simply truth. Plain unvarnished facts made public.
[ link to this | view in chronology ]
One algorithm on Electricity usage can tell the GHCQ the a very good approximation of the quantity of humans living within the house.
Add Water meter usage monitoring and they will know exactly.
They will know when you have guests, they will know if it is a Cell safe house....
Bottom line is. They will know.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Translation
...strikes the best balance between pretending it does what we say, whilst leaving a nice backdoor that we can use to gather more information about you and hope no-one else notices it."?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Greed is what drives smart meters installs
You can thank smart meters for that since they now know how much is being used and when.
Pure evil.
[ link to this | view in chronology ]
thinks: see-saw: mouse / elephant
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Read as layoffs.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Australia
http://i35.photobucket.com/albums/d196/kat-cassidy/Randomness/No_zpso2f8fprc.png
[ link to this | view in chronology ]
"Shoo, shoo, I need to check the box, you can come back once I'm done."
[ link to this | view in chronology ]
[ link to this | view in chronology ]