Evidence Check: Smart metering of electricity and gas Contents

5Technical, security, and privacy issues

Interoperability

68.Interoperability of smart meters between different suppliers was explored previously by the Energy and Climate Change Committee in 2013 and 2015.103 Witnesses to our inquiry remained concerned that SMETS 1 meters—those deployed in the foundation stage—may not necessarily be able to work in “smart mode” if the customer switched supplier. Those deployed in the mass rollout phase are not expected to suffer from this limitation because they operate in a different way, by connecting with the national communications infrastructure known as the Data Communications Company (DCC) that will link smart meters in homes and businesses to energy suppliers. It is expected that the DCC will be operational later this year, after several significant delays.104

69.DECC told us that “in some cases” foundation stage meters could still be operated as smart meters after a consumer switches, but acknowledged that this was “subject to agreement between energy suppliers”.105 It was the Government’s “aim” that foundation stage smart meters would become interoperable in the future, through these meters being “adopted and operated by the DCC”. In the meantime, DECC told us, Energy UK (the trade association for the UK energy industry) was “working with energy suppliers on interim commercial and technical solutions for increasing the likelihood of consumers keeping a smart service when they switch”.106 The DCC has been commissioned to undertake a feasibility project to assess options for achieving this, with the “ambition” that the meters will be adopted ahead of the completion of the rollout in 2020.107

70.We note that the Energy and Climate Change Committee recommended some 18 months ago that the DCC must “urgently” find ways of incorporating foundation stage meters into the communication infrastructure108 and that it appears that the issue will remain for a number of customers for several years. Clearly this will affect the benefits of smart meters to some consumers in terms of the ability to switch suppliers with greater ease. The problem of interoperability of some early smart meters has still not been resolved, despite having been raised previously. This undermines efforts to encourage consumers to switch suppliers to get the best tariff deals and requires timely action.

Data granularity

71.Nick Hunn provided an explanation of how a smart meter records and transmits data:

Basically it measures the usage every 15 minutes in the course of the day in each home. At the end of the day, it sends that amount of usage back through DCC and then to the energy supplier. The energy supplier uses that for its billing.109

He argued that this transmission schedule would not be of any significant advantage to the network, since receiving data 24 hours in arrears was “not a vast improvement on what the grid operators already know”,110 and that as a result the Government was “missing an opportunity to put out a system that can provide data in real time […] It feels as if an old, out-of-date system is being put in, just at the point when we need something to cope with distributed generation”.111

72.Pam Conway of British Gas argued that from a supplier point of view the smart meter data was “of a standard that we have not had previously and that we certainly do not get from standard meters”, and believed that “if we can get more frequent data it can be aggregated to help to inform product design and grid efficiencies and innovations”.112 Northern Powergrid, the Distribution Network Operator for the North East of England, told us that “the availability of smart meter data to suppliers in half hourly increments at the end of each day, albeit not real-time, is a significant upgrade on the situation today when there is no such granularity and it may take more than a year for an estimate of the customer’s consumption to be processed”.113 Northern Powergrid noted that the availability of smart meter data on a daily (as opposed to real-time) basis would “still require suppliers to use forecasts and assumptions to manage their share of the circa 30m GB electricity customers”, but that “these new abilities will enable the development of demand side response”.114

Reliance on the 2G mobile network

73.There is some uncertainty about whether and when 2G mobile phone networks might be turned off, and what the consequences might be for early smart meters using that technology. Nick Hunn was concerned that the smart meter technology being deployed will need to be replaced, because “the UK’s GPRS networks are scheduled to be turned off by 2026 at the latest”, and two out of the three Carriage Service Provider contracts specify GPRS technology.115 He told us that “if smart meters are to remain operational after 2026, then all of the comms hubs in these areas will need to be replaced”. The Royal Academy of Engineering, on the other hand, told us that GPRS was “being replaced by 3G/4G from 2023”. There has been some speculation that operators might stop supporting 2G as soon as 2020.116

74.Pam Conway told us that suppliers’ interests in this were protected by “clear and robust commercial contracts to ensure the longevity and robustness of that technology, and that it works and is sufficient for communications”.117 Daron Walker added that suppliers’ contracts were such that “from the last point at which they install a SMETS1 meter, they will have at least 10 years of communications coverage”, and that “our understanding from working with Ofcom is that there is no evidence that [2G] will close down in the early 2020s”.118

Smart meter security

75.British Gas told us that “Smart meters are extremely secure and they meet robust security standards specified by Government”, and that the company had “not seen any security issues so far”. British Gas describes the security features as follows:

76.The Royal Academy of Engineering told us that “the smart meter network is being installed before its requirements as an Internet-connected energy system have been fully determined”. Smart Energy GB clarified that smart meters “do not use the internet, they use their own dedicated secure communication system”.119 The Academy told us that “the threat of cyber attacks—either to gain information, ‘steal’ electricity or disrupt supply—is real and pressing. […] Disruption to energy and gas supplies at a massive scale is possible, either from cyber attack or errors in software”.120

77.Nick Hunn raised specific concerns about the ability of smart meters to disconnect consumers, and about the need to maintain smart meter firmware, arguing that “the level of firmware engineering in many metering companies is best described as hobbyist”. He argued that the inclusion of an isolation switch in every smart meter was “an unnecessary risk”, and that “if somebody could hack into that or turn off very large numbers of meters by mistake, the sudden shock of taking them off the grid—even worse if they were all turned back on at the same time—would cause significant damage”.121 He was also concerned about this risk of a “rogue programmer” in a metering company, claiming that “if I were working for one of those companies, I could insert code that would make every meter turn off on a particular date in a year’s time”.122

78.On 18 March 2016, the Financial Times reported that GCHQ had “intervened” in smart metering security, claiming that the agency had “discovered glaring loopholes in meter designs”.123 Given these concerns we held a private informal meeting with a representative of GCHQ to explore the issue of smart meter security, and asked DECC for further information. After our meeting we were provided with assurances on the issues raised above. On the involvement of GCHQ and the design of the system, DECC told us that:

DECC has worked with GCHQ since the very early design stage of the rollout, when the programme was initiated […] The media reports relating to “loopholes” in the Smart Meter system are based on misunderstanding. Security lies at the heart of the smart metering system and has been a key consideration at every stage of system development to ensure there are no ‘loopholes’. The system operates on a national scale and has been designed as a secure end-to-end system, not just a collection of meters, energy suppliers and other components that have evolved individually.124

On the risk of mass-disconnection, we learned that:

The smart metering security architecture has been designed to ensure that any unintended impact on energy supply would require the compromise of multiple layers of security by multiple parties. The layers of security controls that have been designed into the end-to-end smart metering system ensure that messages sent to the meter that could affect supply must be digitally signed by the sender and checked for any unintended consequences. The message must then be digitally countersigned by the Data and Communications Company (DCC) and subjected to a further check to detect any potential for anomalous consequences.125

On the scope for a “rogue programmer” disrupting the system, we heard that:

Personnel security arrangements must be implemented by the DCC, energy suppliers and any other users of the system. These arrangements will include segregation of duties and security vetting for privileged users that have access to sensitive system components. […] The end-to-end security architecture further mitigates the potential impact that a rogue employee could have on the overall system, and the capability for any vulnerability to be exploited at scale.126

79.The Government’s statement on smart meter security is at Appendix 3, and a detailed description of the design of the smart metering system can be found on GCHQ’s website.127

80.The public is already familiar with IT-based systems having been hacked. It would be unfortunate if unwarranted concerns in media reports about smart meter security diminished public trust in the programme. GCHQ’s recent blog post describing the security features of the system is a good example of communication with a technically-literate specialist security audience, but further efforts may be necessary to convince the wider public that smart meters are secure. We recommend that the Government consider further how to communicate the level of thought that has gone into designing a secure system for smart metering.

Big data and privacy

81.In our 2016 report The Big Data Dilemma we explored the potential for large datasets to open up opportunities for innovation and unlock new lines of research, tempered by the need to ensure privacy is respected.128 We asked our witnesses how the data provided by smart meters could be used, and how privacy concerns were being met. Daron Walker, the then Senior Responsible Officer for the smart meter rollout at DECC, told us that access to different levels of data granularity required different permissions:

The existing framework is that energy suppliers will have access to monthly data automatically, to allow them to do billing. The more disaggregated you get, the more explicit the consumer consent has to be. For daily data, individual consumers have to opt out. When you get down to the really granulated half-hourly data, consumers have to opt in actively and explicitly. The whole framework is about making sure that consumers take the decisions about how other parties make use of their data.129

82.Smart Energy GB confirmed that “consumer energy data belongs to the consumer”,130 and DECC clarified that “No central repository of smart metering energy consumption data is held by the DCC, Government or any other organisation”.131 Indeed, our discussions on security and privacy with GCHQ led the Government to provide the following written statement:

There is currently a large volume of academic work on the potential for reidentification in anonymised datasets, an example of which is a paper by Paul Ohm132 which raises a potential problem in managing privacy and the laws that surround it. The paper highlights that our faith in the privacy protecting power of anonymising “personal data” in large data sets has been undermined and that the possibility to “reidentify” or “deanonymise” individuals hidden in anonymised data has been demonstrated sometimes with astonishing ease. The paper also contains the observation that the usefulness and privacy of data are intrinsically linked in such a way that regulation cannot increase data privacy without decreasing the usefulness of the data. Once again, appropriate balances need to be struck.133

83.Sacha Desmukh speculated on some of the future uses of the data on an individual-access basis, rather than as an anonymised large dataset:

Organisations such as Citizens Advice, some of the age charities and some of the more vulnerable charities—even some of the energy suppliers themselves—are looking to see how they could develop a relatively simple algorithm that would allow you, if you wanted, or, let us say, a parent if you were caring for them, to have data matched against temperature. If the data indicated they were not heating at the time when the temperature was dropping to show that they should, you can either speak to them directly if you are the care service or speak to their designated carer […] it could finally mean that we can get information support and advice for people to say, “Don’t turn your heating off, or if you have run out of money, we’ll solve the money problem but in the meantime we don’t want you to freeze to death or end up in an NHS hospital,” which costs us all a lot more [compared with] targeting some of that support”.134

Vulnerable consumers are currently able to sign up to energy companies’ Priority Services Registers135 which require the suppliers to meet particular safeguards. The Government’s evidence check statement also emphasises that licence conditions for smart meters will address the needs of “vulnerable, low income and pre-payment consumers” (see Appendix 1, paragraph 12).

84.As with many examples of big data, there are opportunities to explore as well as risks to manage. We look forward to seeing how the data that smart meters produce can be put to use beyond the obvious applications for energy network management, including how data can be used to support vulnerable customers. We were assured that consumers will own their data and be able to decide who can access it. Wider questions about processes for anonymisation and the ethics of data usage and consent will need to be considered carefully by the Data Services Ethics Council being set up by the Government following our Big data dilemma report.


103 Energy and Climate Change Committee, Ninth Report of Session 2014–15, Smart meters: progress or delay?, HC 665

104 “Smart meter IT system delayed until autumn”, BBC News website, 17 August 2016

105 Department of Energy and Climate Change (SME 42) paras 7–8

106 Department of Energy and Climate Change (SME 42) para 9

107 Department of Energy and Climate Change (SME 42) para 9

108 Energy and Climate Change Committee, Ninth Report of Session 2014–15, Smart meters: progress or delay?, HC 665, para 24

109 Q40

110 Nick Hunn (SME 2)

111 Q40 [Nick Hunn]

112 Q44

113 Northern Powergrid (SME 44)

114 Northern Powergrid (SME 44)

115 Nick Hunn (SME 2)

116 USwitch.com, “2G and 3G to be phased out by 2020”, accessed 1 September 2016

117 Q49

118 Q93

119 Smart Energy GB (SME 19) para 8.2

120 Royal Academy of Engineering (SME 37) para 23

121 Q57

122 Qq57–59

124 Appendix 3, para 1

125 Appendix 3, para 6

126 Appendix 3, paras 16–18

127 Consumer Electronics Security Group, “The smart security behind the GB Smart Metering System” (25 April 2016), accessed 1 September 2016

128 Science and Technology Committee, Fourth report of Session 2015–16, The big data dilemma, HC 468

129 Q77

130 Smart Energy GB (SME 19) para 8.3

131 Appendix 3, para 19

133 See Appendix 3

134 Q112

135 Citizens Advice, “Priority Services Register for older and disabled people”, accessed 14 September 2016




© Parliamentary copyright 2015

16 September 2016