By Daniel Hunter
With the Westminster Energy, Environment and Transport Forum, earlier this week discussing the Smart Meter Implementation Programme in the UK, KPMG’s Alejandro Rivas-Vásquez believes that there are still important security risks that need to be addressed before any benefits of this new technology are truly realised.
His comments come after flaws were uncovered in smart metering devices used in the equivalent Spanish programme. Alejandro, a principle advisor in KPMG's Cyber Security practice, said:
“Spanish researchers recently found fundamental security flaws in the design of smart metering devices deployed across the Channel. Arguably, these flaws should have been identified by the Spanish deployment team, long before the meters were fitted in households. In the UK, whilst CESG has issued security specifications for smart metering vendors to prevent this type of issue, a need for overseeing compliance should not be underestimated by Ofgem and DECC.
“Not long ago, we saw similar technologies being hacked for fraudulent activities here in the UK, when prepaid metering top-up keys with false credit information were cloned and sold to customers. The lessons learned from that incident demonstrate security controls are needed in and around the individual devices, and also all the way up to the suppliers."
The government is keen to introduce smart meters across the country to make people more aware of how much energy they are using, in an attempt to cut use.
Mr Rivas-Vásquez added: “A smart meter implementation programme is a complex matter at the heart of our critical infrastructure, involving many interconnected parties but the programme is only as secure as its weakest link. That’s why in the UK, the Smart Energy Code makes specific arrangements for independent security and privacy assurance activities to take place, within each of the parties of the programme.
“The Spanish research shows smart meters could be hacked to under-report consumption and this should act as warning to the GB programme. If the technology could be hacked for fraud, hackers with more nefarious intent may use these flaws for other purposes.
“The pace at which research data is analysed and then corrective action is taken also needs to improve. Industry and regulators need to be swift in the consultation process, so that we move away from point-in-time security solutions. Cyber criminals and cyber terrorists are improving their capabilities very quickly.”
You can tweet your reactions to @freshbusiness or email firstname.lastname@example.org
Join us on