Infosec 2010: Smart Meters Bring Security Risks

Utility companies and governments are pushing ahead with ambitious deadlines for the deployment of smart meters in Europe and the US, but security may suffer as a result say experts.

Speaking to eWEEK Europe UK at the Infosecurity Europe 2010 event in London this week, Joshua Pennell, president and founder of security company IOActive, said that the relatively little time alotted to deploy smart meters and associated smart grid technology could compromise the infrastructure.

Short time frame

In particular, Pennell pointed out the short time-frame available for utilities to access a $4 billion (£2.6bn) government fund to roll-out smart infrastructure.

“The crux of the problem in the US is with the American Recovery and Reinvestment Act – they have to spend the money in like 48 months. So they are in a different mode now,” he said. “If they don’t spend the money then it goes away, so they have to roll out the technology in some state or lose the funding, which is not in their normal mode of operations.”

In March 2009, researchers from IOActive created a worm that could spread from one smart metering device to another, thanks to the wireless technology that is used to connect them.

Conservative Utilities

Christian Feisst, director, Smart Grids, Cisco Internet Business Solutions Group told eWeek Europe UK last year that making energy grids “smarter” comes with inherent security risks. “As soon as a system is digitalised, there is always the question of security…it is one of the most important aspects and before you start to roll out smart grid technology, you definitely have to have a security concept in place,” he said.

According to IOActive’s Pennell, the whole approach to smart meters in the US and Europe would probably be one of rolling out the technology and focusing on security afterwards.  “In California alone they are installing 15,000 meters a day and that is one utility that is doing that and that is pretty agressive in my mind,” he said.

Utilities and governments are addressing some security concerns however and both the US Department of Homeland Security and the UK government are working with IOActive on securing smart infrastructure.

Pennell also said that smart meter makers are also taking the issue of security more seriously but faced cost constraints. “There are two smart meter manufacturers that are doing a pretty good job of securing the smart meters themselves, whereas last year if you asked me that question I would have said no one is giving it enough attention,” he said. “They are doing a pretty good job considering each smart meter has to be built for less than a $100 to make it affordable to the utilities.”

In line with European law, the UK has committed to roll-out smart meters to every home by 2020 in a move which the government says will help generate jobs.

Some of the technical challenges of rolling out smart meters to consumers and upgrading utilities’ infrastructure to become smart grids was compounded by the conservative nature of utilities and the costs involved, according to IOActive.

“A lot of guys say welcome to the energy sector set your clock back 15 years. They are held to a different standard. They are held to  the five nines uptime which makes them incredibly conservative,” said Pennell. “The utilities are looking to save money too because they have to roll-out 50 million of these things – that is how many the UK alone has committed to.”

Asked whether he thought the UK’s target was achievable, Pennell admitted that there was significant work ahead. “I don’t know. There are around 50,000 meters deployed already in the UK. But getting to 50 million is a lot of meters.”

Andrew Donoghue

View Comments

  • Thanks for this great article. There is clearly a lot to discuss around this topic.

    There are many varied reasons for the utilities to upgrade the grid infrastructure and it will happen. But what is even more powerful is we know that consumers are becoming more interested and engaged in their electricity consumption. It’s a big budget line item and for a long time we have just accepted and paid it each and every month. We really see consumers getting much more interested in becoming more active in managing electricity consumption and taking steps to drive it down. $’s and cents are the primary motivator but there is also a great deal of satisfaction taken for doing the right thing and making a difference.

    What we know definitively is access to better information – real time information can make a huge difference in reducing electricity consumption. There are many academic, utility sponsored and manufacturer sponsored research studies and the general conclusion is just better information alone can reduce consumption by 5-15%. For a family spending $100 - $250 per month on electricity that’s a big deal. The aggregated potential impact from millions of homes reducing their consumption by 5-15% is huge for the economy and the environment.

    The utilities will bring solutions to the market……but there are proven energy monitoring options on the market today. For as little as $100 families can gain access to this real time information today and begin to take control of this important issue and important monthly budget item.

    We have been in the business of real time electricity information since 2003 and it’s gratifying to see this momentum. For more information go to

Recent Posts

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

8 hours ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

10 hours ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

11 hours ago

Elon Musk Wants Staff Names Of Twitter’s Bot Counters

Fight with Twitter, sees Elon Musk's legal team requesting names of those employees who calculate…

12 hours ago

Former Twitter Executive Convicted Of Spying For Saudi Arabia

Spying scandal. Former Twitter executive found guilty in San Francisco courtroom of spying for Saudi…

16 hours ago

Meta Raises $10 Billion In Bond Offering

First ever bond offering sees Facebook parent Meta Platforms raise $10 billion, as it seeks…

17 hours ago