Feeds

We'll pull the plug on info-leak smart meters, warns UK.gov

Lose customer data and lose your licence

Internet Security Threat Report 2014

The government plans to place a specific obligation for data security on the suppliers of smart meters as part of its conditions for granting licences to install the technology and use it to monitor customers' energy supplies, it has confirmed.

In its latest consultation [18-page/118KB PDF] on use of the technology, the Department for Energy and Climate Change (DECC) has set out steps suppliers will have to carry out to ensure their systems are secure to an "appropriate standard" in the period running up until the launch of its Data and Communications Company (DCC).

Suppliers will have to conduct an initial risk assessment of their end-to-end systems as well as ongoing risk assessments as new threats emerge, and will have to have annual independent security risk audits conducted by external specialists.

Suppliers will also be expected to have incident management procedures, enabling them to identify and respond to security incidents in a coordinated manner, in place along with business continuity and disaster recovery procedures. They will also be expected to install physical security controls to protect equipment that interacts with the smart metering system.

"The government is committed to ensuring security is embedded into the design process for smart meters and their communication systems from the start, and to create a framework that allows systems and processes to continue to be fit for purpose as security risks, technology and the requirements continue to evolve," the DECC said in the document. "Given the potential for a security incident, of any nature, to undermine confidence in smart metering ... the government has proposed that obligations should be placed on suppliers in advance of DCC 'go live'."

Suppliers will have responsibility for security requirements, including requirements relating to the encryption of data and authentication of any commands received by the meters, at every stage of the process until the DCC takes on overall responsibility for security arrangements. Draft licence obligations for suppliers once the DCC is fully operational will be produced in the coming months, DECC said.

Smart metering technology is due to be installed across the UK from 2014, with every UK household and business – approximately 55 million meters – expected to have the technology by 2019. Smart metering enables a two-way flow of information that can deliver real-time information about energy consumption and demand for energy to suppliers and network operators. The government has said smart metering will help to slash unnecessary energy use, reduce emissions and cut consumers' energy bills.

Will this fill you with confidence?

Energy law expert Jeremy Chang of Pinsent Masons, the law firm behind Out-Law.com, said that by embedding the security requirements in supply licence conditions, DECC had sent out a "strong message" that data security was central to the smart metering programme.

"DECC recognises that tackling data privacy concerns around smart metering is key to maintaining consumer confidence in the system," he said. "Although the consultation only relates to the period before the DCC starts supplying data services, it marks an important step in addressing these concerns.

"We should also welcome the fact that DECC has been careful to balance the need, on the one hand, to be prescriptive so as to ensure that the systems suppliers put in place are secure and, on the other, giving them flexibility to determine what is required relative to their roll-out plans pre-DCC 'go-live'," he added.

Technology law expert Chris Martin of Pinsent Masons has previously indicated that smart metering systems will have to put in place "robust technical security measures" to prevent the data revealing intrusive information about individuals' lives.

"The data can reveal much about a household such as the make and model of their TV, the times during which a house is occupied and the number of people staying in a household," he explained. "This information is useful to energy suppliers but it is also potentially valuable to a whole host of other organisations too."

Earlier this week Consumer Focus published a new advice guide intended to raise consumer awareness of what the technology will mean for them. The advisory body said that nearly half of consumers had not heard of smart meters, according to its research, despite the fact that around half a million new meters had already been installed ahead of the full national roll-out.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
LIFE, JIM? Comet probot lander found 'ORGANICS' on far-off iceball
That's it for God, then – if Comet 67P has got complex molecules
Rosetta probot drilling DENIED: Philae has its 'LEG in the AIR'
NOT best position for scientific fulfillment
'Yes, yes... YES!' Philae lands on COMET 67P
Plucky probot aces landing on high-speed space rock - emotional scenes in Darmstadt
HUMAN DNA 'will be FOUND ON MOON' – rocking boffin Brian Cox
Crowdfund plan to stimulate Blighty's space programme
THERE it is! Philae comet lander FOUND in EXISTING Rosetta PICS
Crumb? Pixel? ALIEN? Better, it's a comet-catcher!
SEX BEAST SEALS may be egging each other on to ATTACK PENGUINS
Boffin: 'I think the behaviour is increasing in frequency'
Post-pub nosh neckfiller: The MIGHTY Scotch egg
Off to the boozer? This delicacy might help mitigate the effects
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.