In light of discussions regarding the Smart Meter Implementation Programme at the Westminster Energy, Environment and Transport Forum, KPMG says the priority is to address key security risks.
With the Westminster Energy, Environment and Transport Forum, today, discussing the Smart Meter Implementation Programme in the UK KPMG’s Alejandro Rivas-Vásquez argues that there are still important security risks that need to be addressed before any benefits of this new technology are truly realised.
His comments also come after flaws were uncovered in smart metering devices used in the equivalent Spanish programme. Alejandro, a principle advisor in KPMG's Cyber Security practice, says:
“Spanish researchers recently found fundamental security flaws in the design of smart metering devices deployed across the Channel. Arguably, these flaws should have been identified by the Spanish deployment team, long before the meters were fitted in households. In the UK, whilst CESG has issued security specifications for smart metering vendors to prevent this type of issue, a need for overseeing compliance should not be underestimated by Ofgem and DECC."
“Not long ago, we saw similar technologies being hacked for fraudulent activities here in the UK, when prepaid metering top-up keys with false credit information were cloned and sold to customers. The lessons learned from that incident demonstrate security controls are needed in and around the individual devices, and also all the way up to the suppliers."
“A smart meter implementation programme is a complex matter at the heart of our critical infrastructure, involving many interconnected parties but the programme is only as secure as its weakest link. That’s why in the UK, the Smart Energy Code makes specific arrangements for independent security and privacy assurance activities to take place, within each of the parties of the programme."
“The Spanish research shows smart meters could be hacked to under-report consumption and this should act as warning to the GB programme. If the technology could be hacked for fraud, hackers with more nefarious intent may use these flaws for other purposes."
“The pace at which research data is analysed and then corrective action is taken also needs to improve. Industry and regulators need to be swift in the consultation process, so that we move away from point-in-time security solutions. Cyber criminals and cyber terrorists are improving their capabilities very quickly.”
- ENDS -
Mike Petrook, KPMG press office
T: +44 (0)20 7311 5271
M: +44 (0)7917 384576
KPMG Press Office: +44 (0) 207 694 8773
KPMG LLP, a UK limited liability partnership, operates from 22 offices across the UK with approximately 11,500 partners and staff. The UK firm recorded a turnover of £1.8 billion in the year ended September 2013. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 155 countries and has 155,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.
This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.