Feeds

We'll pull the plug on info-leak smart meters, warns UK.gov

Lose customer data and lose your licence

The essential guide to IT transformation

The government plans to place a specific obligation for data security on the suppliers of smart meters as part of its conditions for granting licences to install the technology and use it to monitor customers' energy supplies, it has confirmed.

In its latest consultation [18-page/118KB PDF] on use of the technology, the Department for Energy and Climate Change (DECC) has set out steps suppliers will have to carry out to ensure their systems are secure to an "appropriate standard" in the period running up until the launch of its Data and Communications Company (DCC).

Suppliers will have to conduct an initial risk assessment of their end-to-end systems as well as ongoing risk assessments as new threats emerge, and will have to have annual independent security risk audits conducted by external specialists.

Suppliers will also be expected to have incident management procedures, enabling them to identify and respond to security incidents in a coordinated manner, in place along with business continuity and disaster recovery procedures. They will also be expected to install physical security controls to protect equipment that interacts with the smart metering system.

"The government is committed to ensuring security is embedded into the design process for smart meters and their communication systems from the start, and to create a framework that allows systems and processes to continue to be fit for purpose as security risks, technology and the requirements continue to evolve," the DECC said in the document. "Given the potential for a security incident, of any nature, to undermine confidence in smart metering ... the government has proposed that obligations should be placed on suppliers in advance of DCC 'go live'."

Suppliers will have responsibility for security requirements, including requirements relating to the encryption of data and authentication of any commands received by the meters, at every stage of the process until the DCC takes on overall responsibility for security arrangements. Draft licence obligations for suppliers once the DCC is fully operational will be produced in the coming months, DECC said.

Smart metering technology is due to be installed across the UK from 2014, with every UK household and business – approximately 55 million meters – expected to have the technology by 2019. Smart metering enables a two-way flow of information that can deliver real-time information about energy consumption and demand for energy to suppliers and network operators. The government has said smart metering will help to slash unnecessary energy use, reduce emissions and cut consumers' energy bills.

Will this fill you with confidence?

Energy law expert Jeremy Chang of Pinsent Masons, the law firm behind Out-Law.com, said that by embedding the security requirements in supply licence conditions, DECC had sent out a "strong message" that data security was central to the smart metering programme.

"DECC recognises that tackling data privacy concerns around smart metering is key to maintaining consumer confidence in the system," he said. "Although the consultation only relates to the period before the DCC starts supplying data services, it marks an important step in addressing these concerns.

"We should also welcome the fact that DECC has been careful to balance the need, on the one hand, to be prescriptive so as to ensure that the systems suppliers put in place are secure and, on the other, giving them flexibility to determine what is required relative to their roll-out plans pre-DCC 'go-live'," he added.

Technology law expert Chris Martin of Pinsent Masons has previously indicated that smart metering systems will have to put in place "robust technical security measures" to prevent the data revealing intrusive information about individuals' lives.

"The data can reveal much about a household such as the make and model of their TV, the times during which a house is occupied and the number of people staying in a household," he explained. "This information is useful to energy suppliers but it is also potentially valuable to a whole host of other organisations too."

Earlier this week Consumer Focus published a new advice guide intended to raise consumer awareness of what the technology will mean for them. The advisory body said that nearly half of consumers had not heard of smart meters, according to its research, despite the fact that around half a million new meters had already been installed ahead of the full national roll-out.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
Is this the real life? Is this just fantasy?
China building SUPERSONIC SUBMARINE that travels in a BUBBLE
Shanghai to San Fran in two hours would be a trick, though
Our LOHAN spaceplane ballocket Kickstarter climbs through £8000
Through 25 per cent but more is needed: Get your UNIQUE rewards!
LOHAN Kickstarter push breaks TWELVE THOUSAND POUNDS
That's right, folks, you've stumped up OVER 9000 beer tokens - and counting
SpaceX prototype rocket EXPLODES over Texas. 'Tricky' biz, says Elon Musk
No injuries or near injuries. Flight stayed in designated area
Galileo, Galileo! Galileo, Galileo! Galileo fit to go. Magnifico
I'm just a poor boy, nobody loves me. But at least I can find my way with ESA GPS by 2017
Astronomers scramble for obs on new comet
Amateur gets fifth confirmed discovery
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?