Smart Meters Part Two – Privacy and security?

Smart Meters Part Two – Privacy and security?

Posted 29 April 2012

Regarding the implementation of smart meters, each stakeholder has different goals. Power companies are motivated to increase profits. Governments have targets to reduce greenhouse gases. Consumers wish for reliable and affordable energy supply.

There is no doubt that electricity costs are rising and will continue to rise in the future. The electricity network infrastructure is in need of significant upgrade. In NSW alone, the cost of this upgrade is said to be $7.5 billion and will cause electricity charges to increase by 42% in the next 3 years. Added to the cost of electricity will be a Carbon Pollution tax (if adopted by Federal Government), which will drive up the cost of electricity even further; possibly doubling the price for electricity. As well as additional costs to replace existing power plants, those are well past their use by date, plus additional power plants to meet increased need from population growth. All these factors will ensure that electricity is set to become an increasingly expensive commodity in the future, possibly two or three times the current price.

Government are looking for means to meet future greenhouse gas reduction targets: with increased industrialisation and population growth, this could be difficult without moderating power usage; as could be done with smart meters.

Due to aging power plants; lack of investment in new power generators; and, population growth: it is feasible that we will experience a ‘supply crunch’ in the future. One feature of smart meters outlined on page 42 of Cost Benefit Analysis 10/12/09 by Futura Consulting, prepared for the Victorian Department of Primary Industries is the ability to set limits on how much electricity can be consumed by each individual and such load limit settings can be remotely changed.

Victorian smart meters incorporate ZigBee protocol for communication with energy company and individual appliances. The following statement comes from the ZigBee website

 ‘ZigBee Smart Energy offers utilities and energy service providers secure, easy-to-use wireless home area networks (HAN) for managing energy. ZigBee Smart Energy gives these groups and their customers the power to directly communicate with thermostats and other smart appliances.

New advanced metering and demand response programs can be implemented in homes easily and securely because of ZigBee wireless technology. Now utilities and energy service providers can easily implement energy management and efficiency programs to meet changing government requirements.’

These are significant reasons to explain why governments across the world are feverishly rolling out smart meters. There are approximately 250 smart meter projects worldwide, around 49 million meters installed and 800 million smart meters planned for installation.

Benefits of smart meters for the power companies include: reduced costs (as meters do not have to be manually read), disconnections and reconnections could be done remotely. Accurate measurements of usage can help minimise power companies purchasing costly power to meet peak demand spikes. Minimising peak demand usage could offer significant cost reductions to power suppliers.

Being mindful that in the future, we could be paying twice or three times the current price for electricity. Smart meters could allow the introduction of prepayment options for power supply. For example; in South Africa, during the 1990’s, the cost of billed meters was about 20-30% of turnover. Due to the labour costs for meter reading, bill collection and write-offs due to bad debt. It was found that a prepayment system could operate for between 5-10% of turnover. In 1992 South Africa introduced prepaid meters, by 1994 there were 850,000 prepayment meters. Currently there are over 6 million prepayment meters in South Africa. Prepayment meters have been implemented in 40 countries, including, UK, Brazil & Russia. In Ireland, use of prepayment meters has shown a reduction of energy usage of about 10%.

People who have difficulty paying their bill could be switched over to a prepay system.

Why is it that consumers are paying the cost for the introduction of smart meters, when it is the power companies and the Government who significantly benefit? If consumers are paying for smart meters, then why do they remain the property of the energy distribution company?

There have been concerns in USA and Europe regarding privacy issues: what data will be collected and with whom will it be shared? In the future, it is possible (and likely) that individual appliances may communicate (as part of a home network) to the smart meter. There are also concerns about whether the data that will be transmitted be encrypted and whether digital security keys or smart chips will be employed.

In a paper ‘On the security economics of electricity metering’ by Ross Anderson and Shailendra Fuloria at Cambridge University state:

 ‘Studies [18, 20] show that it is possible to identify some of the appliances in use through load monitoring. It might also be possible to detect the lifestyle of the customers – when they eat, which programs they watch on TV, when they take a shower, whether individuals tend to cook microwave meals or on a stove, whether they have breakfast, the time at which individuals are at home, and so on…Other studies [30] show that fine-grained meter data, combined with side knowledge such as work hours and whether one has children, could yield sensitive personal information: that the homeowner returns shortly after the bars close, or is a restless sleeper, or leaves late for work, or leaves appliances on while at work.’

It is little surprising that marketing giants Google through Google PowerMeter and Microsoft through HOHM are becoming involved in smart meter initiatives.

Under the European Convention on Human Rights (section 8): citizens have the right that the privacy of their family life be respected. On 7th April 2009, the Dutch senate refuted legislation for the mandatory implementation of smart meters, regarding it as an unacceptable infringement of privacy and security of citizens.

Where is the customer consent in regards to information sharing?

What about the security of the information that smart meters transmit? To be competitive, manufacturers are unlikely to add expensive security features onto their devices. Generally, there seems to be a lack of government standards regarding security standards that smart meters will need to employ. It is the government that needs to set the security standards for smart meters.

In a CNET article ‘Are smart meters security disasters?’  Karsten Nohl, a security researcher based in Germany  stated “Prominently missing are signed and encrypted firmware, secure [smart card] chips for key storage, unique cryptographic keys and physical tamper protection. Jonathan Pollet, founder of Red Tiger Security stated “…we’ve been able to cause meters themselves to fail by sending it different types of traffic that cause it to reboot or crash”

In the abovementioned paper by Ross and Shailendra of Cambridge University. They do not advocate that a smart meter be deployed with a remote switch off effect built into the meters. In the growing interest and occurrence of cyber-warfare, it could be a strategic venerability and a ‘prudent nation state might be weary of a facility that could let an attacker turn off the lights…capable motivated agencies will devote considerable resources to getting access to it. Being able to turn out the lights in another country is the cyber equivalent of a nuclear strike – a completely disabling strategic attack that would reduce the enemy population to nineteenth-century standards of living.’

Apart from having smart meters for electricity, there are moves in Italy and UK to commence rolling out of smart meters for natural gas.