Detica, the information intelligence specialist, today warns that the UK Government’s environmental initiative to install smart utility meters into every home and small businesses could present a national cyber security risk unless adequate safeguards are put in place from the outset.  The business and technology consultancy outlined its concerns in its response to a consultation from the Department of Energy and Climate Change (DECC), arguing that retro-fitting a cyber security solution into smart metering will be risky, ineffective and costly.

The UK Government recently announced its intention to fit every home and small- to medium-sized enterprise (SME) in the UK with smart utility meters for gas and electricity by 2020.  Ian Watts, Head of Energy and Utilities at Detica, feels lessons should be learned from the experience with smart meters so far.  “There are already around 40 million smart meters in use worldwide and, even at this early stage, we have seen a number of security breaches.  These have included insecure meters, hacking of customer details, denial of service attacks and suspected infiltration by foreign intelligence services.”

Watts continues: “The utilities network has been defined by the Government as a key part of the Critical National Infrastructure.  The impact of any large-scale power cut could not only put people’s lives at risk but be potentially paralysing for the economy.  Whilst there are many potential benefits of smart meters that justify their introduction, we must be aware it also brings new risks and should therefore ‘design in’ security from the outset to guard against this.  Cyber security safeguards should be an integral part of the design both of the meters themselves and the network supporting it, in order to manage these new threats effectively.”

In the paper Detica presented to DECC — ‘Smart Metering for Electricity and Gas’ — the company outlines recommendations to ensure that smart meter security is handled properly.  It argues that the security approach should take a wider view of network risks and focus on proactive threat monitoring in order to identify new cyber security threats before they can compromise the smart meter infrastructure.  These mechanisms need to be sophisticated enough to detect threats from what at first may appear to be ‘normal’ activity.

The paper also stresses the need to establish strong governance, such as the formulation of standards and policies, development of processes and technology, training of users and ongoing compliance audits.  In particular, Detica backs government proposals for a ‘Central Communications Model’ to serve as a single nationwide body with overall responsibility for coordinating the smart meter infrastructure and enforcing standards, policies and processes.

Watts concludes: ‘The potential risk to national cyber security from not adequately securing smart meters or not responding to public concerns — whether they be founded or unfounded — is too significant to ignore and merits urgent action from utilities companies.”  But inaction, warns Watts, also presents these companies with an additional business risk.  “The surge in customer information received will provide priceless insight into customer behaviour and offer the opportunity to create tailored energy tariffs to help smooth out peaks in energy demand and respond to new customer needs.  Utility companies that fail to exploit the opportunity hidden within that secured data will see themselves left behind as competitors and new market entrants quickly take the advantage.”

For a full copy of Detica’s response to DECC, please click here.