British Spy Agency GCHQ Moves Fast to Prevent Mass Energy Hack Attack
The UK intelligence agency GCHQ has stepped in to prevent a massive hack attack on Britain's energy networks after discovering so-called "smart meters" - designed to replace 53 million gas and electricity meters can be easily hacked.
So new smart meters – being rolled out to replace older devices used in every household to measure gas and electricity consumption – are intelligent electricity meters that enable two-way communications between businesses and homes and the energy suppliers. Using electronic communications technology, similar to SIM cards in mobile phones, the meter sends accurate meter readings and electricity usage details and allows for better management of energy flows.
However, GCHQ has discovered that the encryption being used in the meters is incredibly simplistic – using only a single decryption key. This would mean that it would be possible for hackers to take over every smart meter in the country, cut the electricity or gas, causing catastrophic blackouts and major surges in the supply networks with devastating effects.
'Too Many Cooks'
Nick Hunn, director of WiFore Consulting, told Computing magazine in January 2014, that the system designed by the utilities and metering industries was "fiendishly complicated."
"Too many cooks have ratcheted up the technical complexity to the point where it is no longer fit for purpose. As a result, it's lining up to be the next major government IT disaster," he said.
Dr Ian Levy, technical director of GCHQ's communications security group, told the Financial Times:
"The guys making the meters are really good at making meters, but they might not know a lot about making them secure. The guys making head-end systems know a lot about making them secure, but not about what vulnerabilities might be built into them."
The UK Department of Energy and Climate Change told Energy Live News: "Smart meters will operate on a secure system that only authorized parties, such as energy suppliers and network companies, can access. Working with experts across industry and across government, we have put in place robust security controls which are based on international standards and industry good practices."
|Join the GlobalSecurity.org mailing list|