UK govt warned of smart meter risks in 2012

The UK government was warned back in 2012 that its planned nationwide smart meter rollout represented a potentially significant security and privacy threat, according to reports.

Following a report from the Financial Times asserting that the UK Government Communications Headquarters (GCHQ) had intervened in the project to boost its security, ComputerWeekly has indicated that the security flaws in the project were raised as early as March 2012.

According to the original Financial Times article, every smart meter used the same encryption key for data communications, opening up the entire system to a single point of failure. The GCHQ has therefore added further security measures.

But according to ComputerWeekly, these issues were predicted in 2012. The publication has read a copy of a report produced by government CTO Liam Maxwell that was highly critical of the proposed technical model for the project.

The report states that the technical model “inserts a new third-party between consumers and energy providers. It thus introduces an additional and potentially significant security and privacy vulnerability.”

With all 28 million households intended to be connected to the system, this presents a major vector for cyber attacks, Maxwell's report adds. It notes that GCHQ’s information security arm has voiced strong concerns about the proposed approach.

But the Department for Energy and Climate Change has insisted that the Financial Times article was misleading and that it has worked with GCHQ from the beginning of the project.

Image courtesy of miheco under CC