GCHQ is The British version of the CIA. Usually, they are out chasing bad guys in foreign countries. This week they are protecting British citizens. With all of the news of intelligence agencies eavesdropping on citizens, it is nice to hear a story where they are decidedly, doing the right thing.
This all started with a plan to roll out smart meters to manage electricity and gas to every building in England.
This amounted to 53 million meters.
These smart meters don’t just read the amount of electric or gas that you use, they can shut off your utilities completely and do other things as well.
Imagine, if a hacker – or unfriendly government – were to gain control of all of these meters and shut down power to every building in the country, what would happen. What if, they not only did that, but overwrote the firmware in the meters so that the utilities could no longer control those meters to turn the electric back on and had to replace all 53 million meters. This is not far fetched. This is basically what happened in Ukraine last December when the Russian government decided to mess with Ukraine’s infrastructure.
Well, how could that happen? It appears that the utilities and meter manufacturers, according to sources, understand a lot more about how to make a meter than how to write software. In reality, this is not a big surprise.
So what did they do? They created a system where all 53 million meters were protected with the same encryption key.
If that one key was compromised – say by reverse engineering a meter – the attacker might then be able to control every other meter in the country.
What could possibly go wrong.
In this case, GCHQ,which apparently does not have a vested interest in reading your electric meter, but the kibosh on the whole thing. Good for them!
The program to replace all the meters is already forecast to cost about $18 billion. Customers are supposed to save about $39 a year, but they will have to buy a $45 device to read their usage.
Depending on how bad the software that these “metal bashers”, as the meter companies are called not so fondly, is, how much more rewriting the software, both for the meters and at the utilities will cost. The software will need to manage 50 million encryption keys instead of just one key, which could be simple or could be very complex.
In this case, hopefully, no one is going to complain about the spy agency watching because if the utilities had their way, it would only be a matter of when, not if, Britain went dark.
As I always say – security or convenience. Pick one.