INTELLIGENCE AGENCY GCHQ has intervened in the rollout of smart meters to demand better encryption to protect UK electricity and gas supplies.
GCHQ barged in after spooks cast their eyes over the plans and realised that power companies were proposing to use a single decryption key for communications from the 53 million smart meters that will eventually be installed in the UK.
The agency was concerned that the glaring security weakness could enable hackers, once they'd cracked the key, to gain access to the network and potentially wreak havoc by shutting down meters en masse, causing power surges across the network.
The security flaws would have been particularly catastrophic as the UK's 'Rolls Royce' (i.e. unnecessarily expensive) smart metering system doesn't just automate meter reading. It enables power companies to engage in power management and even to cut people off remotely if they haven't paid their bills.
The UK's smart metering system, which has only just started being rolled out years late, has been widely criticised.
Telecoms industry veteran Nick Hunn, director of WiFore Consulting, told INQ's sister publication Computing 15 months ago that the system designed by the utilities and metering industries was "fiendishly complicated".
"Too many cooks have ratcheted up the technical complexity to the point where it is no longer fit for purpose. As a result, it's lining up to be the next major government IT disaster," he said at the time.
Hunn suggested that old-style gas and electricity meter makers in the UK are typically metal bashers rather than technology companies, and don't fully understand the complexities of the smart meters they have been asked to design.
Dr Ian Levy, technical director of GCHQ's communications security group, agreed that this may be the case.
"The guys making the meters are really good at making meters, but they might not know a lot about making them secure. The guys making head-end systems know a lot about making them secure, but not about what vulnerabilities might be built into them," he said in an interview cited by The Financial Times.
Most other countries rolling out smart meters have gone for far less ambitious and expensive schemes. They have largely focused on communicating data back to base securely in a bid to prevent theft and fraud. This has contributed to big savings in places like India and Brazil where power theft is rife.
Savings in the UK are expected to come from consumers using the information generated by smart meters to cut wasteful consumption.
The £11bn scheme is expected to save consumers £26 per year, notwithstanding the £30 cost of a proprietary wireless device to get minute-by-minute readings direct from the meter.
In other words, the UK has opted for an insecure smart metering system that is one of the most expensive, while offering the least scope for savings. µ
The INQUIRER's sister site V3 is hosting the Digital Technology Leaders Awards 2016 in London in June - and it wants YOUR nominations. The deadline is 22nd April, so enter now.
It's time for our regular two-step through the Google news
Bug bounty offer: accepted