Are Smart Meters A Dumb Idea?

At one time, rolling out an ID Card to everyone in the UK seemed like a reasonably achievable aim. Aside from the concerns of the kind of privacy advocates who view Nectar cards as a 1984-esque instrument of oppression, adding another piece of plastic to people’s wallets wasn’t that controversial when the project was first mooted in the mid-90s.

But a succession of government IT gaffes prompted some hard questions about the infrastructure supporting the ID card project, and people started to ask how fit the government was to manage it. Initial media focus had been on the cards themselves, but attention shifted to the systems and databases behind the scenes where the real costs and problems lay. Pressure on the project has mounted and spiraling cost estimates saw the Labour government scale back its plans to make the cards voluntary while the Conservatives have committed to scrap the plan altogether.

Massive Overhaul By 2020

But while ID Cards may have been killed by controversy and cuts, another multi-billion pound government tech project is planning to roll out a plastic device to 26 million homes and businesses.

The UK government has committed to deploy so-called smart meters across the country by 2020 and claims the devices could help cut carbon emissions and develop a whole raft of green jobs. While this might sound like a doable task given the eight years available, as with ID cards, the real work is the background infrastructure to support the devices. Smart meters are only the “end-points” of wider networks, imaginatively titled smart grids. Most of the potential of smart meters depends on the wider infrastructure they plug into which will require a massive overhaul of the existing grid system.

Companies such as Google are already getting very excited about the potential of smart meters and are preparing web apps that will mesh with the devices and provide handy online tools for measuring consumption. But smart meters will not only plug into the utility grid, they will also potentially use wireless technologies such as Zigbee to talk to home appliances to find out how much juice they are consuming.

While this joined-up vision might have the tech-heads at Google and other tech companies including Cisco and IBM all a quiver, the reality is that the project ultimately rests in the hands of a far less blue-sky bunch – the utilities. Joshua Pennell, president and founder of security company IOActive, neatly summed up the problem when we spoke at last week’s Infosecurity 2010 conference. “A lot of guys say ‘Welcome to the energy sector: set your clock back 15 years’,” he quipped.

Must Read: IOActive On Smart Grid Security

As Pennell rightly points out, utilities are a very careful bunch and pretty slow-moving as a result. They can’t risk rolling out untried hardware or software in the same way other businesses might. If the power grid goes down it’s not just embarrassing, it’s a national disaster.

It’s not surprising then that the utilities are taking a considered approach to smart grids – as well as pushing the government hard for funding. That said however, they recognise the benefits of overhauling their infrastructure which include being able to read meters remotely, and not having to hire all those expensive men in vans. Also extremely attractive is “remote termination” whereby utilities won’t have to send someone out to cut-off customers who don’t pay on time but can do it centrally.

Remote Termination

But aspects such as remote termination also come with inherent security risks. IOActive highlighted the problem last year when it developed a theoretical worm capable of replicating itself across the smart meter network using the wireless connectivity which allows the devices to communicate with one another. Not surprisingly, the company found itself advising the US Department of Homeland Security on how to defend against such attacks and has even been talking to the UK government about its plans.

And while on the one hand utilities may be conservative, they are also relatively inexperienced when it comes to dealing with disruptive technology. A further problem is the budget constraints which utilties are putting on the smart grid process including the cost of the meters themselves. Each device has to cost less than a $100 in the US which limits how may limit how much testing they can be subjected to. UK utilities have already been criticised for their attitude to usability.

For its part, the UK government has been insistent that it is taking the issue of security seriously with smart meters and getting IOActive on board is a good sign. However, the real problem with smart meters, which experts such as Pennell concede is the difficulty of knowing, before the system is up and running, just how open the devices will be to hacking by criminals.

Even the technology companies who are pushing hard for the roll-out of smart technology concede that adding sophistication brings security concerns: “As soon as a system is digitalised, there is always the question of security…it is one of the most important aspects and before you start to roll out smart grid technology, you definitely have to have a security concept in place,” Christian Feisst, director, Smart Grids, Cisco Internet Business Solutions Group told me last year.

Overloading Power Plants

A smarter grid might allow hackers to use remote termination, to cut off specific people. More worryingly it could also include overloading the network itself to the extent that it disrupts an actual power plant. There are also plans to potentially deliver broadband to remote locations via smart grids which opens up the possibility of a simultaneous attack on communications and power networks.

This problem is critical in the US, where Pennell says smart meters are being deployed at the rate of 15,000 a day in California. Several billion dollars of federal funding has been made available to help the utilities smarten up the grid but the clock is ticking. The power companies only have a few years to use up the money before it is withdrawn which makes the strategy of roll out the tech and worry about the security later, a very attractive plan.

The UK obviously has a bit more time to play with but is still working under a wider EU plan to beef-up Europe’s power networks by 2020. We can only hope that whichever party, or parties, find themselves in power don’t repeat the mistakes of the ID Card debacle and make sure the hard questions get asked and addressed before the mistakes get made.

Anything else just wouldn’t be smart.

Andrew Donoghue

View Comments

  • Attempting to automate remote termination is the stuff of dictatorships. How often is RT needed and why not continue to do it as it is done today? Such a risk is not worth it.

    This is not the only securirty problem however, the week point will be large collections of sensitive data controlled by people in utilities and government quangos. What's changed to make such organisations trustworthy? Nothing.

    Paul (Consumer, South East UK)

  • Thanks for this great article. There is clearly a lot to discuss around this topic.

    There are many varied reasons for the utilities to upgrade the grid infrastructure and it will happen. But what is even more powerful is we know that consumers are becoming more interested and engaged in their electricity consumption. It’s a big budget line item and for a long time we have just accepted and paid it each and every month. We really see consumers getting much more interested in becoming more active in managing electricity consumption and taking steps to drive it down. $’s and cents are the primary motivator but there is also a great deal of satisfaction taken for doing the right thing and making a difference.

    What we know definitively is access to better information – real time information can make a huge difference in reducing electricity consumption. There are many academic, utility sponsored and manufacturer sponsored research studies and the general conclusion is just better information alone can reduce consumption by 5-15%. For a family spending $100 - $250 per month on electricity that’s a big deal. The aggregated potential impact from millions of homes reducing their consumption by 5-15% is huge for the economy and the environment.

    The utilities will bring solutions to the market……but there are proven energy monitoring options on the market today. For as little as $100 families can gain access to this real time information today and begin to take control of this important issue and important monthly budget item.

    We have been in the business of real time electricity information since 2003 and it’s gratifying to see this momentum. For more information go to http://www.bluelineinnovations.com.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago