How 'smart' are smart meters?

Smart Meters are proposed to be offered or installed in every UK home and business by 2020.

This post is based towards the technical challenges and consequences of smart meters as opposed to the generic advantages the providers give, looking at how they network and what happens to their data.

Generally with Smart Meters

Advantages	Disadvantages
No manual readings needed	Have security vulnerabilities
Can get cheaper prices off peak	Personal data safety
Informs you of energy habits	Readings have to be verified
You know exactly what energy you use when	Real world savings UK estimated 2%

Data collection

British Smart Meters communicate back to the Data Communications Company (DCC - a Capita subsidiary) through SIM cards, the data is then transferred to individual energy companies.

I originally thought they would connect via a powerline networking back to the substation and network from there which would limit the potential for external interference as the attack vector is limited to either physical access to the smart meter or interception between the home and substation, but instead smart meters are opened up to an internet of things and a lot of potential vulnerabilities.

Is it actually secure?

Diagram from ncsc.gov.uk

The point in this network I would be most concerned about is the communications service which is exposed to the wider internet and at risk as a result.

However the NCSC have put in some pretty neat failsafes into their network with the following:

• All smartmeters have unique authentication keys for each meter and message, reducing vulnerability at the smart meter’s side and making it very hard to reverse engineer
• Per role permissions, restricting who can do disconnects to only your supplier
• All meters have to be introduced and set up with a public/private key pair certified by the DCC’s own CA
• The active checking for a anomaly’s, i.e. if many service disconnect commands are send from an infiltrated supplier the commands will be ignored and the alarm raised
• Limiting the number of simultaneous connections, so not every household is connected at once

Obviously, these don’t make the system impenetrable by any means, but an attacker would have to infiltrate both a provider and the DCC to be able to shut off even a few households.

Who owns the data

Onzo is one of the first companies to move in on this field of Big Data in the smartmeter industry, using customer data to create a personal profile and tailor ad or sales campaigns to customers. You have the right to opt-in or out of data sharing however with third parties by your energy supplier, likely by ringing the up or visiting their website.

For the moment data usage is very restricted, likely as an attempt to reduce the large stigma and backlash that they’ve received. You can choose how often daily to send readings, if your supply details can be used for marketing and if third parties can see them.

Where they don’t work

Smart meters dependency on the mobile network, most mobile providers promise service covering 99% of the country on a coverage map, but travelling around you can see this really isn’t the case. Fitting smart meters in a semi-rural settlement or a home in a valley with no service will have no impact, as the meter will be unable to communicate with the service provider so manual readings will need to be taken.

The smart meter network was designed to accommodate provider changes, however at least for now there are incompatibility issues within the smart meter network, as some of the first 8 million smart meters are incompatible with other providers, meaning that potentially you would need a new meter or having to take manual readings to move to a new provider, to simply reprogramme all of these smart meters it will cost at least £500m.