Smart meters – benefit or information security threat?

Smart Meters: A benefit or information security threat?
Smart Meters: A benefit or information security threat?

Automatic meter reading (AMR) devices – otherwise known as smart meters – are already installed in about one-third of US homes. There are fewer in the UK; but there is an active program for their installation. In January this year the UK government suggested, “Most households will have smart meters installed by their energy company between 2014 and 2019, although some energy companies are starting to install smart meters now.”

But smart meters are not without opposition. In the US, a campaign group called Stop Smart Meters claims it is ‘fighting for health, privacy and safety.’ A similar group (Stop Smart Meters UK) operates in the UK – and there are others around the world. One of the primary (not sole) concerns is over a potential invasion of privacy. Since data is transmitted by AMRs wirelessly (in some cases continuously), there is potential for this to be sniffed. An empty house could easily be detected by its current power usage, and burgled. But there are wider concerns over what data is transmitted and how and by whom it is subsequently shared.

There are also concerns – not merely about the personal data that is transmitted outwards, but the outside control that could be let into the household. The smartmeters website published a report yesterday stating, “The communication hub located within smart meters have the potential to create a home area network (HAN) that acts as a gateway to future services in a connected home, such as remotely managing household appliances, heating systems, home security systems, and even eHealth services for managing chronic conditions. Analysts predict consumers will have anywhere from 15 to 30 appliances and devices connected to a home network in the smart home of the near future.” 

While the purpose of this remotely controllable connected home will be to allow householders to come home to a pre-heated oven, it will also become a target for hackers. Security firm Tripwire wanted to gauge UK public awareness of smart meters and particularly smart meter privacy issues; and with the help of One Poll questioned 1000 UK residents. It found the public perception to be that smart meters will prove more of a benefit (61% believe it will encourage people to use less electricity), than a threat (only 11% believe they will capture ‘too much’ personal information). Even fewer (8.9%) believe that they will be vulnerable to cyber attack despite all the empirical evidence to the contrary; and only 12.2% think that smart meters need additional security and privacy protection.

Nevertheless, 34.7% of people expect the utility companies to retain the data indefinitely; while 73.4% believe that it is the consumer who should own the data. It’s the 'Facebook factor': people know there’s an issue but aren’t sufficiently concerned to do anything about it. Dwayne Melancon, Tripwire’s CTO, thinks there should be more concern. “Smart grids – the energy infrastructure connected to smart meters – comprise an enormous range of technology,” he explained; “each of which introduces many potential vulnerabilities that may be susceptible to cyber attack, and we are adding new technologies all the time. This ever-increasing rate of network complexity, combined with the lure of easily monetized consumer data, will inevitably draw the attention of a wide variety of cyber attackers.” 

Meanwhile, the government’s Smart meters: a guide explains much about the benefits but nothing about the pitfalls in smart metering. It does, however, add, “there will not be a legal obligation on individuals to have one,” and “we do not expect energy companies to take legal action to fit a smart meter if they cannot get the householder’s co-operation.”

What’s hot on Infosecurity Magazine?