Feeds

We'll pull the plug on info-leak smart meters, warns UK.gov

Lose customer data and lose your licence

Build a business case: developing custom apps

The government plans to place a specific obligation for data security on the suppliers of smart meters as part of its conditions for granting licences to install the technology and use it to monitor customers' energy supplies, it has confirmed.

In its latest consultation [18-page/118KB PDF] on use of the technology, the Department for Energy and Climate Change (DECC) has set out steps suppliers will have to carry out to ensure their systems are secure to an "appropriate standard" in the period running up until the launch of its Data and Communications Company (DCC).

Suppliers will have to conduct an initial risk assessment of their end-to-end systems as well as ongoing risk assessments as new threats emerge, and will have to have annual independent security risk audits conducted by external specialists.

Suppliers will also be expected to have incident management procedures, enabling them to identify and respond to security incidents in a coordinated manner, in place along with business continuity and disaster recovery procedures. They will also be expected to install physical security controls to protect equipment that interacts with the smart metering system.

"The government is committed to ensuring security is embedded into the design process for smart meters and their communication systems from the start, and to create a framework that allows systems and processes to continue to be fit for purpose as security risks, technology and the requirements continue to evolve," the DECC said in the document. "Given the potential for a security incident, of any nature, to undermine confidence in smart metering ... the government has proposed that obligations should be placed on suppliers in advance of DCC 'go live'."

Suppliers will have responsibility for security requirements, including requirements relating to the encryption of data and authentication of any commands received by the meters, at every stage of the process until the DCC takes on overall responsibility for security arrangements. Draft licence obligations for suppliers once the DCC is fully operational will be produced in the coming months, DECC said.

Smart metering technology is due to be installed across the UK from 2014, with every UK household and business – approximately 55 million meters – expected to have the technology by 2019. Smart metering enables a two-way flow of information that can deliver real-time information about energy consumption and demand for energy to suppliers and network operators. The government has said smart metering will help to slash unnecessary energy use, reduce emissions and cut consumers' energy bills.

Will this fill you with confidence?

Energy law expert Jeremy Chang of Pinsent Masons, the law firm behind Out-Law.com, said that by embedding the security requirements in supply licence conditions, DECC had sent out a "strong message" that data security was central to the smart metering programme.

"DECC recognises that tackling data privacy concerns around smart metering is key to maintaining consumer confidence in the system," he said. "Although the consultation only relates to the period before the DCC starts supplying data services, it marks an important step in addressing these concerns.

"We should also welcome the fact that DECC has been careful to balance the need, on the one hand, to be prescriptive so as to ensure that the systems suppliers put in place are secure and, on the other, giving them flexibility to determine what is required relative to their roll-out plans pre-DCC 'go-live'," he added.

Technology law expert Chris Martin of Pinsent Masons has previously indicated that smart metering systems will have to put in place "robust technical security measures" to prevent the data revealing intrusive information about individuals' lives.

"The data can reveal much about a household such as the make and model of their TV, the times during which a house is occupied and the number of people staying in a household," he explained. "This information is useful to energy suppliers but it is also potentially valuable to a whole host of other organisations too."

Earlier this week Consumer Focus published a new advice guide intended to raise consumer awareness of what the technology will mean for them. The advisory body said that nearly half of consumers had not heard of smart meters, according to its research, despite the fact that around half a million new meters had already been installed ahead of the full national roll-out.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Securing Web Applications Made Simple and Scalable

More from The Register

next story
World Solar Challenge contender claims new speed record
One charge sees Sunswift travel 500kms at over 100 km/h
SMELL YOU LATER, LOSERS – Dumbo tells rats, dogs... humans
Junk in the trunk? That's what people have
The Sun took a day off last week and made NO sunspots
Someone needs to get that lazy star cooking again before things get cold around here
Boffins discuss AI space program at hush-hush IARPA confab
IBM, MIT, plenty of others invited to fill Uncle Sam's spy toolchest, but where's Google?
Bad back? Show some spine and stop popping paracetamol
Study finds common pain-killer doesn't reduce pain or shorten recovery
BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
We have found the Holy Grail (of batteries) - boffins
Forty-five years ago: FOOTPRINTS FOUND ON MOON
NASA won't be back any time soon, sadly
Jurassic squawk: Dinos were Earth's early FEATHERED friends
Boffins research: Ancient dinos may all have had 'potential' fluff
MARS NEEDS OCEANS to support life - and so do exoplanets
Just being in the Goldilocks zone doesn't mean there'll be anyone to eat the porridge
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.