Are you looking forward to receiving your shiny new smart meter? If you live in the UK it doesn’t matter whether you answered yes or no to that question because, soon enough, you will be getting one whether you want it or not.

It doesn’t matter that the Public Accounts Committee thinks that the new tech will only save the average household a mere £26 a year because the government, via the Department of Energy and Climate Control, wants to press ahead anyway at a cost of £10.6 billion, or £215 per household.

Whether the economics of installing smart meters vs the potential benefit to the climate are worthwhile is a matter of opinion but what is for certain is the fact that experts in the field have concerns over the implementation of the devices and their susceptibility to hacking.

During a meeting of the Westminster Energy, Environment & Transport Forum earlier this week, KPMG’s Alejandro Rivas-Vásquez highlighted how recent issues in Spain could have a bearing upon the Smart Meter Implementation Programme in the UK.

Commenting on how flaws discovered in the Spanish programme could affect the UK scheme, Rivas-Vásquez said:

“Spanish researchers recently found fundamental security flaws in the design of smart metering devices deployed across the Channel. Arguably, these flaws should have been identified by the Spanish deployment team, long before the meters were fitted in households. In the UK, whilst CESG has issued security specifications for smart metering vendors to prevent this type of issue, a need for overseeing compliance should not be underestimated by Ofgem and DECC.

Not long ago, we saw similar technologies being hacked for fraudulent activities here in the UK, when prepaid metering top-up keys with false credit information were cloned and sold to customers. The lessons learned from that incident demonstrate security controls are needed in and around the individual devices, and also all the way up to the suppliers.”

Even though the UK published guidelines for protecting and securing smart meters in August of this year, Rivas-Vásquez reiterated the need for independent security and privacy assurance, saying:

“A smart meter implementation programme is a complex matter at the heart of our critical infrastructure, involving many interconnected parties but the programme is only as secure as its weakest link. That’s why in the UK, the Smart Energy Code makes specific arrangements for independent security and privacy assurance activities to take place, within each of the parties of the programme.”

Even though the thought of having household items hacked tends to worry consumers on the privacy level, such as in the case of the far too smart TV that can eavesdrop on conversations, the government and other bodies behind smart meters, perhaps unsurprisingly, seem to have their collective eyes on the bottom line and the damage that fraud could do to corporate profits:

“The Spanish research shows smart meters could be hacked to under-report consumption and this should act as warning to the GB programme.”

That said, there is at least a recognition that the bad guys could be smart enough to cook up other nefarious plans involving the soon-to-be-thrust-upon-us meters that give us our own bit of IoT, whether we desire it or not:

“If the technology could be hacked for fraud, hackers with more nefarious intent may use these flaws for other purposes.

The pace at which research data is analysed and then corrective action is taken also needs to improve. Industry and regulators need to be swift in the consultation process, so that we move away from point-in-time security solutions. Cyber criminals and cyber terrorists are improving their capabilities very quickly.”