Posted by: @scalextrix

↑

I suppose our ASHP will need to go on the general VLAN so the Mrs can set the heating schedule,

It's the UK Government who want to set your heating schedule...
as part of their Delivering a Smart and Secure Electricity System (SSES).

Turning off heat-pumps remotely is their No.1 target.
DESNZ are building the framework for the database which links together customer addresses, Smart Metering and your account with your Energy Supplier,
with advice from NCSC on cyber security and command-encryption.

But it's 3rd party agents who will sign up households and be responsible for crediting your account whenever your ASHP has been switched off for a few hours.

What could possibly go wrong? 🤔 

If you can think of any flaws, there's still time to submit a response to the current (3rd) stage of consultation.

There is also a live online discussion next week (Tue 16th, 14:30) where the DESNZ team leading the SSES Programe will respond to questions.
As I'm known to them, I received an invitation by email,
but I can't find a link to this session on their website.

If you want to take part, then email SSESconsultation@energysecurity.gov.uk and ask for an invitation!

You have to Register 24hrs ahead, for which you will be sent a (traceable/individual) link,
which is why I can't post mine here!

Posted by: @transparent

↑

What could possibly go wrong? 🤔 

Quite, yes it's a disaster waiting to happen and just extends the nationally sensitive equipment map.

Smart meters should never have had remote shutoff.

Personally speaking, they can send any commands they like, but they will get filtered.

P.S. I have left a consultation response, I doubt they will like it 😁

Posted by: @scalextrix

↑

Smart meters should never have had remote shutoff

Erm... DESNZ isn't intending to use either the ALCS or the Messaging systems within our Smart Meters.

The SSES remote-control mechanism is to operate via the internet.
That's why I'm raising the issue in this topic about broadband.
Apologies... I should've stated that explicitly!

There are two reasons why the system needs access to your Smart Meter, but they've probably only thought of the first one:

1: to verify that there is a genuine reduction in household demand when the Heat-Pump OFF command is sent

2: to read the Randomised Offset to the Tariff Matrix, and thereby synchronise the OFF/ON commands with the time-periods for your particular meter.
That not only means the amount credited to your account is correct,
but also prevents surges on the grid when n-thousand heat-pumps are turned back on.

Imagine someone on Octopus Agile whose HP gets turned off for 2½ hours, and you'll begin to appreciate the logistical problems to be overcome.

Of course, most consumers won't understand how the system works anyway.

Those that do will hook up a battery which charges at cheap-rate,
and then runs the Heat-Pump when the SSES agent turns it off.
They'll easily pay for the battery with the credits accumulated on their electricity account.

The worst problem I can imagine is that the server gets hit with a DOS attack when all the Heat Pumps are off.

That'll leave the Agents unable to send commands to turn them back on,
and yet having to continue crediting their customers' accounts.

You don't even need to hack the servers or break into the encryption to create that havoc.

@transparent Just because it would be possible, doesn’t mean it won’t happen! Toodles.

Posted by: @transparent

↑

Erm... DESNZ isn't intending to use either the ALCS or the Messaging systems within our Smart Meters.

Sure I get it but I was going off topic, kinda, but not really.

The key point from my perspective is not placing critical national infrastructure inside consumers homes.

If a malicious actor can turn on/off large swathes of equipment, that could collapse the grid.

I don't see how adding heat pumps makes it any better, because of course it only makes it worse.

Posted by: @scalextrix

↑

The key point from my perspective is not placing critical national infrastructure inside consumers homes.

If a malicious actor can turn on/off large swathes of equipment, that could collapse the grid.

True,

But the GB grid itself is likely to be compromised already.

See this press release from Reuters on 15th May '25, which was written into stories carried by four newspapers on the following weekend.
Since they didn't understand the technical background, those stories incorrectly referred to the concealed communications channels as a Kill Switch.

There was a better technical write up in Security Affairs Online magazine.

Although the forensic engineers in USA discovered the threat by taking apart inverters used for commercial solar farms,
there's just as likely to be compromised inverters used for wind-farms and Battery Electricity Storage Systems (BESS).

Inverter electronics being incorrectly managed will adversely affect the grid almost instantaneously.

NESO refer to such power sources as 'lacking inertia', which conveys the right idea.

The opposite of this would be power derived from rotating turbines, which clearly do have inertia.

I could expand further on this...
... but few people would find it here in a topic about broadband routers. 🤔 

The better approach would be to take up our concerns with our Regional Energy Strategic Plan organisation.
Those RESPs need to pick up responsibility for energy-based Planning Applications alongside the existing Local Planning Authorities (LPAs).

LPAs are constrained to operate within the scope of the Planning Act.

Thus Councillors may not reject an application for an energy source merely because it imposes a threat to the UK electricity supply.

@transparent what I don't understand about these "rogue communication devices" is just what they will connect to, to present their risk profile.  I get it's scary, and certainly not to be ignored, but a cellular device must connect to a cellular network.  Last time I checked UK is out of range of China, this seems trivial to counter for our network operations, especially as the UK internet is already filtered.

My sceptical approach to these stories is the question of the motivations of the parties who broke the story (the anti-renewables US administration).

@scalextrix You're assuming that the source of the command is to be China.
It could just as easily be someone sitting in a field a couple of miles away.

Nor is their nationality certain.
If there was a cyber attack on our energy supplies initiated from someone sat on the steps outside the Russian Embassy, would he be Russian?

This year, both M&S and Land Rover appear to have been subjected to hacking from British teenagers.
Which country manufactured the motherboards of their PCs?
Would that make it a 'foreign' operation?

It's non-trivial to counteract such an approach.

Posted by: @scalextrix

↑

My sceptical approach to these stories is the question of the motivations of the parties who broke the story (the anti-renewables US administration).

But is that so?

The official stance from the USA was not to announce what had been found.
The US Government hasn't acknowledged the story since it broke in May.
The discovery wasn't revealed for many months... possibly more than a year.

Reuters, an organisation which relies of the quality of its information in order to sell its news stories,
only learned of the issue from a whistle-blower.

Although six compromised inverters are known to have been found, we have no idea of the sample size.

I hear you on the locality issue @transparent, and I agree if that's FM or AM type radio, or even LoRaWAN, but for cellular technology it seems unlikely that a local actor could access the backbone, or if they could do that then they would have a much bigger attack surface than renewable inverters.

My problem with the reports is that they were unofficial leaks, but that doesn't mean they aren't government sponsored.  I have not seen any similar reports from the hacker community.

Posted by: @scalextrix

↑

for cellular technology it seems unlikely that a local actor could access the backbone

If the 'cellular technology' is actually the GSM system (and we can't be certain of that),
then there's no need to access the backbone.

A malicious actor would simply use a mobile phone to contact the receiver within the inverter.

We should note that the mobile network in UK is different to that in USA in a number of respects,
and that it would be theoretically possible here to detect the presence of a GSM receiver hidden within an inverter.

However, I can think of several ways to overcome that issue,
including one strategy which we already use within the British Smart Meter Network.

For obvious reasons I'm not going to elaborate here on an open forum!

Posted by: @scalextrix

↑

I have not seen any similar reports from the hacker community

If you have the ear of the hacker community,
can you please ask them to release Jaguar Land Rover from their grip?

Posted by: @transparent

↑

If you have the ear of the hacker community,
can you please ask them to release Jaguar Land Rover from their grip?

Unfortunately I'm not that well connected 😂 

I definitely agree with you that any closed source hardware, firmware and software always presents a risk.  But by the same token if this was a dastardly plot, just using some software would be much less detectable, more affordable and allow for greater impact, because let's face it, how many people or organisations actually do robust outbound filtering at their firewall?  Practically zero.  Going to all this effort so a bloke can run around the country turning off heat pumps and solar inverters with a mobile phone is not going to have nearly as much impact.

The reports of back-doors seems far more likely motivated by fossil fuel interests creating FUD, than a genuine security issue, in my opinion.

But I suppose time will tell, my devices will be secured regardless.