Auditing firm KPMG warned of smart meter security risks at the Westminster Energy, Environment and Transport Forum.
Its cyber security specialist Alejandro Rivas-Vásquez was discussing UK’s smart meter implementation programme in the light of flaws found during the equivalent Spanish programme.
“Spanish researchers recently found fundamental security flaws in the design of smart metering devices deployed across the Channel,” he said. “Arguably, these flaws should have been identified by the Spanish deployment team, long before the meters were fitted in households. In the UK, whilst CESG has issued security specifications for smart metering vendors to prevent this type of issue, a need for overseeing compliance should not be underestimated by Ofgem and DECC.”
CESG is the UK government’s national technical authority for information assurance.
He went on to say: “Not long ago, we saw similar technologies being hacked for fraudulent activities here in the UK, when prepaid metering top-up keys with false credit information were cloned and sold to customers. The Spanish research shows smart meters could be hacked to under-report consumption and this should act as warning to the GB programme.”
If the technology could be hacked for fraud, hackers with more nefarious intent may use these flaws for other purposes, and Rivas-Vásquez pointed out that smart meters will be at the heart of critical national infrastructure, and that any interconnected system is only as strong as its weakest link. “That’s why in the UK, the Smart Energy Code makes specific arrangements for independent security and privacy assurance activities to take place, within each of the parties of the programme,” he said.
KPMG advice to government:
- Analyse research data faster
- Take corrective action sooner
- Swifter industry and regulator consultation
- Move away from point-in-time security solutions.
“Cyber criminals and cyber terrorists are improving their capabilities very quickly,” said Rivas-Vásquez.
from News http://ift.tt/1q3t4l2
via Yuichun
沒有留言:
張貼留言