Smart Meters Will Be Hacked, Warn Researchers

The technology at the heart of the government’s plans to roll out smart meters to every home and small business in the country are fundamentally insecure and will be successfully attacked by hackers, according to researchers.

In a report published this week – Smart Meter Security – clean technology analyst group Pike Research states that governments and industry have rushed to develop smart meter technology but have not considered all the security issues around the technology.

“It would be naïve to think that smart meters will not be successfully attacked. They will be,” the report states. “In fact, smart meters represent a worst-case scenario in terms of security: the devices lack sufficient power to execute strong security software; they are placed in physically non- secure locations; and they are installed in volumes large enough that one or two may not be missed.”

Specifically, Pike believes that smart meters are an inherent weak point in the various networks which will ultimately form smart power grids, stated Pike industry analyst Bob Lockhart. “Smart meters are one of the weakest links in the smart grid security chain,” he said. “Home area networks, commercial building networks, and utility networks all perform well in terms of keeping data encrypted within their domains. However, these domains terminate at the smart meter, and the only way for data to pass from one network to the other is for the smart meter to decrypt the data from one side and re-encrypt it on the other. Consequently, the data are, for a short while, unencrypted on the meter and could be successfully eavesdropped.”

Inherent Weakness

The UK Department For Energy and Climate Change (DECC) published its Smart Meter Prospectus last week, detailing plans for rolling out smart meters to every home and small business in the country. Energy regulator Ofgem and DECC Ofgem intend to introduce a package of measures in spring 2011, following a public consultation, and have set out a proposed timetable with the aim of beginning the mandated roll-out of smart meters in autumn 2013. This is ahead of the EU target of rolling out meters to 80 percent of homes by 2020.

According to Pike, the gap in smart meter and grid security won’t be solved using existing architectures and it will take until at least 2013 for solutions to be properly developed. However this will be an opportunity for security providers to secure smart grids.

“We do not believe a solution to this problem is possible with today’s architectures; moreover, we do not expect a solution to be in place before 2012,” the report states. “In fact, we have discovered little interest in solving this problem, as both NAN and HAN providers seemed content that they were adequately protecting data within their own domains. Yet, solving this problem could present a significant business opportunity.”

The issue of security has dogged smart meter and smart grid plans recently, with experts claiming that protecting the infrastructure is taking second place to rushing out the technology – especially in the US where providers are pushing to take advantage of government funding before it dries up.

Security An After-Thought

Speaking to eWEEK Europe UK at the Infosecurity Europe 2010 event in London in April, Joshua Pennell, president and founder of security company IOActive, said that the relatively little time allotted to deploy smart meters and associated smart grid technology could compromise the infrastructure.

“The crux of the problem in the US is with the American Recovery and Reinvestment Act – they have to spend the money in like 48 months. So they are in a different mode now,” he said. “If they don’t spend the money then it goes away, so they have to roll out the technology in some state or lose the funding, which is not in their normal mode of operations.”

Christian Feisst, director of Smart Grids at Cisco Internet Business Solutions Group told eWEEK Europe UK last year that making energy grids “smarter” comes with inherent security risks. “As soon as a system is digitalised, there is always the question of security … it is one of the most important aspects and before you start to roll out smart grid technology, you definitely have to have a security concept in place,” he said.

The cost of the smart grid roll-out has also been questioned by experts. In an article published in July, consumer rights organisation Which? warned that the cost of the smart meter project – which could reportedly hit £10 billion – should not be passed on to the consumer. “Smart meters could be great news for consumers, with the potential for accurate bills along with real-time information people need to cut their energy use and costs,” said Which? chief executive, Peter Vicary-Smith.