Anyone having a gas/leccy meter replaced with a Smart Meter? Something you need to know

(68 Posts)
Tianc Sun 23-Oct-11 19:09:15

As requested, a thread about Smart Meters.

The power companies are intending to replace all electricity and gas meters with Smart Meters starting this year (govt prospectus). They're loudly selling this idea as energy-saving, because Smart Meters have big screens to show your energy consumption.

But Smart Meters do an awful lot more than that. Including things the companies are keeping rather quieter about.

Smart Meters will be reprogrammable remotely. If a power company thinks you owe it money - or makes a typo - it will flick your meter over to Prepayment mode and load it with whatever it thinks your debt is (see p16).

Currently they cannot do this without physically installing a prepayment meter, for which they need a court warrant to access your premises. So they have to demonstrate to a neutral body like a court that they are not talking complete bollocks. And they very often talk bollocks because power company records are notoriously shite (phantom meters, zillion pound bills, and a Mumsnet Classic).

Plus going to court, installing meters, etc, costs money, and meanwhile the company's not getting paid, because the consumer can simply decline to pay an obviously bonkers bill. So the current set-up focuses their little minds somewhat on sorting the problem out.

With Smart Meters, tick a box on your account and lo! your meter is a prepayment one loaded with the debt of £944994594984 they've decided you owe.

There are also other v serious problems with reprogrammable Smart Meters, including that they're potentially hackable and brickable. The cybersecurity people like Prof Ross Anderson are doing their nuts about it. Meanwhile Ofgem, which is supposed to represent the consumers' interests, has in fact been tasked with pushing through the change.

TBF, some of the Smart Meter functions actually are trying to tackle genuine problems, but in such a way the remedy may be far worse than the disease. Other functions are purely for the benefit of the power companies.

I'll shortly do a list of papers from the consultation process and other useful reading, and also try to précis and reference the major issues.

Tianc Sat 29-Oct-11 16:18:52

It's just a relief to know anyone's reading it. Not that I know what we can do, but at the moment the power companies seem incredibly blasé about security – they're out of their depth and don't realise it.

They're also slipping through purely profit-driven functions, like the credit/prepayment switching, on the back of DECC enthusiasm for energy-efficiency.

Well-informed, noisy debate about all these functions is the very least we should demand.

PattySimcox Sat 29-Oct-11 22:47:07

I've mailed this to a friend whose DH teaches in the construction industry - he had heard some rumours that these smart meters weren;t all that customer friendly, so this info will permeate the wider world.

garlicBreathZombie Sat 29-Oct-11 23:56:12

Don't lose heart, Tianc, this is really important!

Your commentary is being web-ified smile

garlicBreathZombie Sun 30-Oct-11 15:22:25
Tianc Mon 31-Oct-11 16:31:32

4) The Smart Grid is intended be an end-to-end control system, where power to individual devices and sockets in your smart house can be remotely controlled from the other end of the network by you, the power companies or third parties. (ref 1)

The Smart Grid will look approximately like this (more sophisticated diagram at ref 2):

Home Area Network
(HAN: control system in your house connected to individual "smart" appliances and sockets which can be remotely switched on/off, through apps from power companies and independent app suppliers)
||
Smart Meter (gas meter + electricity meter + control and communications module)
||
Wide Area Network (WAN: communications to/from DCC)
||
DataCommsCo (DCC: centrally managing your meter data)
||
power companies, independent suppliers of apps and services

The idea of the "smart house" or HAN was described in the Guardian recently,(ref 3) extolling the virtues of remotely switching off the socket for your hair straighteners or turning down your spouse's heating while you're out (I shit you not, the Guardian called this "a boon".) Initially this would be controlled by the consumer via a website or mobile phone commands, but eventually it would also be connected to the Smart Meter,(ref 3) which would open control to the power company, suppliers of independent apps, and anyone who could gain access at any point along the Smart Grid.

This has serious problems on many levels.

Let's assume the system remains secure.

a) The aim of this system is not to give the consumer choice and control – because you already have choice and control. It's to give the power company control to carry out "load management" within your home through "appliance switching events". To translate, during peak times they will switch off appliances like your fridge, freezer, water heater, and washing machine.(ref 4)(ref 5)(ref 6)(ref 7)

This switch-off will be done by software within a smart appliance or socket, or by an app talking to the HAN. The power company will encourage you to install such apps by offering a Time-of-Use tariff, where the price you pay for electricity will vary at half-hourly intervals (like Economy 7 on acid).(ref 4)(ref 8) When the price rises above a certain amount, the HAN will switch off the appliance.

Initially these TOU tariffs + switch-off apps may be promoted as being a discount on normal electricity prices. However it’s not hard to envisage that once the system has been fully rolled-out, the boot will change foot: TOU will become the norm and anyone not having switch-off apps may be charged a premium for the sort of uninterrupted supply we currently take for granted. Much as the train companies charge eye-watering prices for tickets outside regulated fares.(ref 9)

So money has been decided on as the mechanism for rationing, once power supply can't meet demand, over other methods of rationing such as rotating power-restrictions round a series of substations. Maybe this is what we as a nation want: it's certainly a thing we should discuss democratically.

b) There is plenty of talk of switching appliances off – but I've seen very little about switching them back on again. What will happen to the food in the freezer if the price peak lasts for hours? The washing trapped in the washing machine? How energy-efficient is it to be reheating washing water? Or tumbling clothes that missed the good drying weather?

Think it can't get worse?

c) You know how, when there's an upgrade or patch from Microsoft or Apple, your machine or your apps fall over? Now that can be your home's power supply. The power company will remotely upgrade and patch your programmable Smart Meter, and you'll come home to find the app from your independent supplier has crashed and switched the freezer off.(ref 10) Or switched the hair straighteners on.

But in fact the system won’t remain secure.

a) There are multiple points of entry to the Smart Grid, eg directly via the Smart Meter, via apps, via the web interface, via the wireless HAN.

b) Most of the technology being used for Smart Grids has well-known vulnerabilities.(ref 11) Eg the US is installing about 52 million Smart Meters of a type "riddled with security bugs that could bring down the power grid".(ref 12) It is possible to build much more secure systems, but that costs money. And even supposedly secure systems are not safe against a dedicated attack, as weapons manufacturer Lockheed Martin discovered in March 2011.(ref 13)

c) The Smart Grid will be highly connected and communication is two-way, so once malware gets in it can rapidly infect thousands of individual Smart Meters as well as attack the power companies' control systems.(ref 11) Once in, malware can do more that just crash a computer system: Stuxnet halted the Iranian nuclear programme by taking control of centrifuges and running them so they broke.(ref 14)

Ross Anderson's analysis of the situation is thus:
"Electricity and gas supplies might be disrupted on a massive scale by failures of smart meters, whether as a result of cyber-attack or simply from software errors. The introduction of hundreds of millions of these meters in North America and Europe over the next ten years, each containing a remotely commanded off switch, remote software upgrade and complex functionality, creates a shocking vulnerability. An attacker who takes over the control facility or who takes over the meters directly could create widespread blackouts; a software bug could do the same."(ref 15)

Summary
A Smart Grid is a control system allowing appliances in your house to be remotely controlled by you, the power companies and anyone who can gain access to the Smart Grid. The power companies plan to use this to switch off your appliances at peak times, because this is cheaper and on, the face of it, more energy efficient that providing adequate peak supply.

Smart Grids are a massive new vulnerability in critical infrastructure. They are profoundly vulnerable to hacking at all levels, from script kiddies to hostile states. They are also vulnerable to software error and failure of multiple apps to interoperate smoothly. The consequences of a software failure or attack or could be anything from your house burning down to sudden, catastrophic failure of critical national infrastructure.

References
(ref 1) "The Fourth Carbon Budget - Reducing emissions through the 2020s", UK Committee on Climate Change, Chap 6 p273 Box.6.11
(ref 2) "New bill would accelerate UK smart meter rollout", Smart Grid Watch published by eMeter (US company selling Smart Grid technology)
(ref 3) "Smart homes: take remote control", The Guardian
(ref 4) "Smarter Grids: The Opportunity", DECC, pp2, 17
(ref 5) "Guest post: Roger Hunt on Smart Homes", British Gas Customer Newsroom
(ref 6) "Gov confirms plans for Sky box in charge of your house", The Register
(ref 7) Smart Metering Implementation Programme: Statement of Design Requirements, DECC & Ofgem, Table 1
(ref 8) Smart Metering Implementation Programme: A call for evidence on data access and privacy, DECC & Ofgem, §30
(ref 9) "Train fares set to fall in 2010", BBC News
(ref 10) "Who Controls the Off Switch??, Ross Anderson & Shailendra Fuloria, Cambridge University Computer Laboratory, chap. IV §D
(ref 11) Report: World Cyber Security Technology Research Summit, Belfast 2011, Centre for Secure Information Technologies, Queen's University Belfast, §2.1.3
(ref 12) "Buggy 'smart meters' open door to power-grid botnet", The Register
(ref 13) "RSA to Replace SecurID Tokens After Lockheed Cyber Attack", PCMag
(ref 14) "Stuxnet: Cyber attack on Iran 'was carried out by Western powers and Israel'", The Telegraph
(ref 15) "Who Controls the Off Switch??, Ross Anderson & Shailendra Fuloria, Cambridge University Computer Laboratory, Chap. V

Tianc Mon 31-Oct-11 16:35:22

Sorry it took so long.^^

Yet to come: wireless communications probs, prepay/credit switching and creative disconnection.

garlicBreathZombie Mon 31-Oct-11 17:29:00

Bloody hell.

I read up on the home networks yesterday. I was boggled by the fact that anyone could think this was a good idea! Thank you very much for your ongoing precis, Tianc.

It's reminding me of abusive situations, where people fail to intervene because of thinking "They wouldn't do that, would they?" Guantanamo, the Maze, military rapes, the banking business ... They would, as long as they can get away with it and nobody asks.

Tianc Mon 31-Oct-11 17:41:27

You speak my branes, garlicBreathZombie... I actually deleted a bit at the end:

By now you'll be saying "This can't possibly be true. No one would be that stupid, there must somehow be some cunning Plan B."

No. They really are that stupid. DECC's Plan B is to wave its hands and say, "Oh we don't understand that computer stuff, it'll be fine. Just fine," while the power companies chant "Think of all the money we'll save. Think of all the money."

Tianc Mon 31-Oct-11 17:55:44

Thing is, the power companies expect to save vast amounts of money with the Smart Grid.

(They won't have to provide adequate power to cover peaks, and they anticipate sacking meter-reading staff and call-centre staff. Plus they'll dump the risk of buying electricity half-hourly but selling it averaged.)

So while the smart appliances ideas is good in (very small) parts, the implementation being is driven by the freight train of commercial interest. Trains not being known for their flexibility of direction...

The current process is, IMHO, very unlikely to yield us the safest, most secure, most consumer-oriented system – which might not be Smart Meters at all, as they're currently envisaged.

brokenwingedflier Mon 31-Oct-11 18:06:36

Thanks for this, T.

harbingerofdoom Mon 31-Oct-11 21:11:38

tianc thanks for bringing this to our attention. It shouldn't be overlooked at all. I wonder if most constituency MPs are up to speed with this.

Soon will be!

Quite shocking but.......

Tianc Tue 01-Nov-11 16:32:15

Smart meters debated in parliament yesterday.

This was the Public Accounts Select Committee, who are concerned that "A gap exists in communicating the benefits of smart meters to taxpayers on lower incomes", rather than that benefits to all consumers may be completely outweighed by power company behaviour and inherent massive cyber risk.

However they are also completely correct that poorer households are less likely to benefit from Smart Meters – excellent concise Guardian article on commercial and social aspects.

Does anyone fancy writing to this committee (doesn't have to be your own MP), casting your concerns in terms of "value-for-money criteria which are based on economy, effectiveness and efficiency"? (Committee doesn't do "merits of policy".) I'll also have a go.

List of members and committee clerks.

I'm trying to think of what points to make. Maybe:

• that the costs of security failure may massively outweigh the costs of investing in new generating capacity

• that power companies see this as a cost-saving exercise(ref 1)(ref 2), and therefore are choosing less secure hardware, software and architecture of the whole system than they would if they put security (national and personal) first.

• anything that else that strikes you

References
(ref 1) Smarter Grids: The Opportunity, pp1, 2, 7, 18
(ref 2) Smart Metering Implementation Programme: Statement of Design Requirements Tables 2, 3.
NB Love the way on Table 2, "load shifting" and "TOU tariffs" are described as Consumer Benefits. No dear, load shifting is a consumer sacrifice which is a supplier benefit. And TOU is a best an incentive/compensation for that consumer sacrifice, at worst a licence to charge the earth in the evenings.

Tianc Fri 04-Nov-11 15:11:12

Sorry, illness stopping play at the moment. Will resume as soon as I can.

Tianc Tue 15-Nov-11 15:15:21

Have resumed reading. And have to share another gem.

"An accreditation process is being considered as part of smart metering security governance activities for key players operating within the smart metering system. Conclusions will need to be made for the arrangements for determining whether DCC and smart metering deployments, implemented by suppliers, are in line with the security requirements both in the foundation and enduring stages."
§6.18 Smart Metering Implementation Programme, Response to Consultation Process, Design Requirements, DECC & Ofgem, March 2011.

Translation: "It's March 2011, we haven't even worked out how we're going test or licence Smart Meters as secure – and the energy companies are out there installing thousands of the things. Which may fail the security tests."

So, what will happen if the immovable force of STEG* security requirements is met by the irresistible force of commercial companies which have rolled out millions of pounds' worth of white elephants?

I think making it politically unacceptable to brush the issues under the carpet could be important at that point.

There's already a background patter of bland, head-patting noises: "Nothing to worry about dear, it'll all be secure." "The computers are terribly clever you know." "Look, it's even encrypted." This patter may well become a deafening din. But personally I'll wait for the nice people at CPNI and CESG to be happy before I decide I'm happy.

* Security Technical Experts Group (STEG), which includes govt bodies like CESG, which is connected to GCHQ, and the Centre for Protection of National infrastructure (CPNI).

Tianc Wed 16-Nov-11 13:41:24

Dates & numbers.

"mass roll-out to start at the beginning of the second quarter of 2014 " (ref 1)

Full roll-out to be completed in 2019. The current smaller scale installation is called the Foundation phase (think this is largely new builds and replacement of elderly meters as they become due).

British Gas boasted to Parliament in October that they had installed 400,000 Smart Meters. And that "less than 19 out of 100,000 we wrote to recently" have opted out of half-hourly data collection. Indeed they were writing to lobby Parliament for half-hourly data to be made the default.(ref 2)

(ref 1) Smart Metering Implementation Programme: A consultation on draft licence conditions and technical specifications for the roll-out of gas and electricity smart metering equipment, §52
(ref 2) "Supplementary written evidence from British Gas"

Tianc Mon 21-Nov-11 14:23:54

Apologies, for further delay 've been ill again plus I'm a lazy mare.

But in the meanwhile, news of a cyber attack on a Supervisory Control And Data Acquisition (SCADA) system, this time hackers in Russia supposedly damaging the water provision in Illinois.

"Hackers 'hit' US water treatment systems"

Tianc Thu 09-Feb-12 01:18:17

Uff. I haven't forgotten this thread but have been overrun by personal stuff. Sorry, will do more in the not hugely distant future.

And I used Xmas to talk to telecoms-y friends who are doing the silent scream about the insecure mobile phone technology some meters are using.

So more anon.

Tianc Tue 29-Apr-14 14:57:42

"Many so-called smart devices, such as home routers, CCTV cameras, baby monitors and home-management gadgets that control heating and power, were now known to be vulnerable to Heartbleed-based attacks..."

Imagine my surprise.

As it happens, the device confirmed as vulnerable was the Nest internet-controlled thermostat ("It?s Crazy What Can Be Hacked Thanks to Heartbleed", Wired, Apr 2014), but this is the future.

If you connect an object in your house to the internet, eventually it will be hacked.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now