Feeds

We'll pull the plug on info-leak smart meters, warns UK.gov

Lose customer data and lose your licence

The Power of One Infographic

The government plans to place a specific obligation for data security on the suppliers of smart meters as part of its conditions for granting licences to install the technology and use it to monitor customers' energy supplies, it has confirmed.

In its latest consultation [18-page/118KB PDF] on use of the technology, the Department for Energy and Climate Change (DECC) has set out steps suppliers will have to carry out to ensure their systems are secure to an "appropriate standard" in the period running up until the launch of its Data and Communications Company (DCC).

Suppliers will have to conduct an initial risk assessment of their end-to-end systems as well as ongoing risk assessments as new threats emerge, and will have to have annual independent security risk audits conducted by external specialists.

Suppliers will also be expected to have incident management procedures, enabling them to identify and respond to security incidents in a coordinated manner, in place along with business continuity and disaster recovery procedures. They will also be expected to install physical security controls to protect equipment that interacts with the smart metering system.

"The government is committed to ensuring security is embedded into the design process for smart meters and their communication systems from the start, and to create a framework that allows systems and processes to continue to be fit for purpose as security risks, technology and the requirements continue to evolve," the DECC said in the document. "Given the potential for a security incident, of any nature, to undermine confidence in smart metering ... the government has proposed that obligations should be placed on suppliers in advance of DCC 'go live'."

Suppliers will have responsibility for security requirements, including requirements relating to the encryption of data and authentication of any commands received by the meters, at every stage of the process until the DCC takes on overall responsibility for security arrangements. Draft licence obligations for suppliers once the DCC is fully operational will be produced in the coming months, DECC said.

Smart metering technology is due to be installed across the UK from 2014, with every UK household and business – approximately 55 million meters – expected to have the technology by 2019. Smart metering enables a two-way flow of information that can deliver real-time information about energy consumption and demand for energy to suppliers and network operators. The government has said smart metering will help to slash unnecessary energy use, reduce emissions and cut consumers' energy bills.

Will this fill you with confidence?

Energy law expert Jeremy Chang of Pinsent Masons, the law firm behind Out-Law.com, said that by embedding the security requirements in supply licence conditions, DECC had sent out a "strong message" that data security was central to the smart metering programme.

"DECC recognises that tackling data privacy concerns around smart metering is key to maintaining consumer confidence in the system," he said. "Although the consultation only relates to the period before the DCC starts supplying data services, it marks an important step in addressing these concerns.

"We should also welcome the fact that DECC has been careful to balance the need, on the one hand, to be prescriptive so as to ensure that the systems suppliers put in place are secure and, on the other, giving them flexibility to determine what is required relative to their roll-out plans pre-DCC 'go-live'," he added.

Technology law expert Chris Martin of Pinsent Masons has previously indicated that smart metering systems will have to put in place "robust technical security measures" to prevent the data revealing intrusive information about individuals' lives.

"The data can reveal much about a household such as the make and model of their TV, the times during which a house is occupied and the number of people staying in a household," he explained. "This information is useful to energy suppliers but it is also potentially valuable to a whole host of other organisations too."

Earlier this week Consumer Focus published a new advice guide intended to raise consumer awareness of what the technology will mean for them. The advisory body said that nearly half of consumers had not heard of smart meters, according to its research, despite the fact that around half a million new meters had already been installed ahead of the full national roll-out.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Eight steps to building an HP BladeSystem

More from The Register

next story
Malaysian Airlines flight MH17 claimed lives of HIV/AIDS cure scientists
Researchers, advocates, health workers among those on shot-down plane
The Sun took a day off last week and made NO sunspots
Someone needs to get that lazy star cooking again before things get cold around here
Mwa-ha-ha-ha! Eccentric billionaire Musk gets his PRIVATE SPACEPORT
In the Lone Star State, perhaps appropriately enough
MARS NEEDS OCEANS to support life - and so do exoplanets
Just being in the Goldilocks zone doesn't mean there'll be anyone to eat the porridge
Diary note: Pluto's close-up is a year from … now!
New Horizons is less than a year from the dwarf planet
Forty-five years ago: FOOTPRINTS FOUND ON MOON
NASA won't be back any time soon, sadly
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.