Related topics
  • ,
  • ,
  • ,

We'll pull the plug on info-leak smart meters, warns UK.gov

Lose customer data and lose your licence

The government plans to place a specific obligation for data security on the suppliers of smart meters as part of its conditions for granting licences to install the technology and use it to monitor customers' energy supplies, it has confirmed.

In its latest consultation [18-page/118KB PDF] on use of the technology, the Department for Energy and Climate Change (DECC) has set out steps suppliers will have to carry out to ensure their systems are secure to an "appropriate standard" in the period running up until the launch of its Data and Communications Company (DCC).

Suppliers will have to conduct an initial risk assessment of their end-to-end systems as well as ongoing risk assessments as new threats emerge, and will have to have annual independent security risk audits conducted by external specialists.

Suppliers will also be expected to have incident management procedures, enabling them to identify and respond to security incidents in a coordinated manner, in place along with business continuity and disaster recovery procedures. They will also be expected to install physical security controls to protect equipment that interacts with the smart metering system.

"The government is committed to ensuring security is embedded into the design process for smart meters and their communication systems from the start, and to create a framework that allows systems and processes to continue to be fit for purpose as security risks, technology and the requirements continue to evolve," the DECC said in the document. "Given the potential for a security incident, of any nature, to undermine confidence in smart metering ... the government has proposed that obligations should be placed on suppliers in advance of DCC 'go live'."

Suppliers will have responsibility for security requirements, including requirements relating to the encryption of data and authentication of any commands received by the meters, at every stage of the process until the DCC takes on overall responsibility for security arrangements. Draft licence obligations for suppliers once the DCC is fully operational will be produced in the coming months, DECC said.

Smart metering technology is due to be installed across the UK from 2014, with every UK household and business – approximately 55 million meters – expected to have the technology by 2019. Smart metering enables a two-way flow of information that can deliver real-time information about energy consumption and demand for energy to suppliers and network operators. The government has said smart metering will help to slash unnecessary energy use, reduce emissions and cut consumers' energy bills.

Will this fill you with confidence?

Energy law expert Jeremy Chang of Pinsent Masons, the law firm behind Out-Law.com, said that by embedding the security requirements in supply licence conditions, DECC had sent out a "strong message" that data security was central to the smart metering programme.

"DECC recognises that tackling data privacy concerns around smart metering is key to maintaining consumer confidence in the system," he said. "Although the consultation only relates to the period before the DCC starts supplying data services, it marks an important step in addressing these concerns.

"We should also welcome the fact that DECC has been careful to balance the need, on the one hand, to be prescriptive so as to ensure that the systems suppliers put in place are secure and, on the other, giving them flexibility to determine what is required relative to their roll-out plans pre-DCC 'go-live'," he added.

Technology law expert Chris Martin of Pinsent Masons has previously indicated that smart metering systems will have to put in place "robust technical security measures" to prevent the data revealing intrusive information about individuals' lives.

"The data can reveal much about a household such as the make and model of their TV, the times during which a house is occupied and the number of people staying in a household," he explained. "This information is useful to energy suppliers but it is also potentially valuable to a whole host of other organisations too."

Earlier this week Consumer Focus published a new advice guide intended to raise consumer awareness of what the technology will mean for them. The advisory body said that nearly half of consumers had not heard of smart meters, according to its research, despite the fact that around half a million new meters had already been installed ahead of the full national roll-out.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Sponsored: Driving business with continuous operational intelligence