Independent security researchers have discovered that smart meters widely used in Spain can be hacked to under-report energy use. Javier Vidal told the BBC that he and Alberto Illera took one of these meters apart because ‘we feared the security would be easy to break and we confirmed that’.
Mr Vidal found that they could intercept and alter the data being sent from the device to the utility company and that it wouldn’t take a great leap to turn off the devices, effectively controlling the power supply.
On the surface this might seem like a light-hearted story for a Friday afternoon.
But consider the fact that there are millions of these devices set to be installed in Spanish homes in the next couple of years. In fact, smart meters are expected to be the norm for most western households by 2018.
The ‘internet of things’ – that is, any device connected to the internet – will facilitate a fast-paced, inter-connected modern world, but it brings potentially huge issues concerning cyber security.
At the moment it seems that products and services are being developed so quickly that security is a secondary issue to economic necessity.
The bigger issue that this feeds in to is the notion of a cyber attack on critical national infrastructure. While your average cyber criminal is far more interested in money-making escapades than turning out the lights, these critical services are exactly the sort of target that interest terrorists or rogue states.
What have we learnt from this post? Cybersecurity is an issue that transcends individuals, affecting large organisations and states as well.
As for these utility meters, the company has yet to be named and is rapidly looking to fix the problem. This company would be well advised to look into adopting the international standard ISO27001.
It advocates creating an information management system (ISMS) that protects the confidentiality, integrity and availability of its information assets. You can find out more about this standard by downloading our free green paper on ISO27001.
If you are already aware of the ISO27001 Standard then we have a range of packaged solutions which will help you find the quickest and most cost-effective way of implementing it. Find out more about our packaged solutions here >>