SMETS1 and 3G SIM turn off

The SMETS1/2 meters can use 2G which is around until 2030-33. By that time a lot of meters would have been ungraded to 4G or communications hubs can be replaced. 2G carries the all important Short Message Service, SMS.

Thank you, ​@Peter E. I was just curious why I’d heard nothing from Ovo. I believe Octopus has an active programme to update the modems in the old meters to 4G. Maybe Ovo does too and I’ll hear from them one day…. 

Thanks for your post ​@Rootbeer, and for your help ​@Peter E.

​@Rootbeer not to worry - we’ll make sure your meter or communications hub is upgraded if it becomes necessary to do so, and this would be free of charge. We’d reach out to you about this when the time comes.

Hi ​@Rootbeer 

The issue with updating meters /communications hubs has it's own issues in terms of technology sunset dates. You might think that the migration would be to 4G but 5G operates better in urban environments although we are only talking about a small amount of data here. The link below talks about the issue around the retirement of 4G and it also mentions 5G and the upcoming 6G system.

https://www.uctel.co.uk/blog/when-will-4g-be-phased-out-in-the-uk-is-4g-still-relevant-today

But there is another possible solution that needs approval for actual metering that could work alongside 4/5/6G for areas that don't have sufficient mobile coverage. 

I moved to Octopus about two years ago with my SMETS1 meter and recently I needed a meter change to SMETS2 with an added component. It's the Octopus Mini Pod that allows my phone the be the IHD. It can decode the encrypted HAN signals (the ones that would go to an IHD) from the meter and send them to Octopus via my router forming a secure bridge between the two. Octopus then process the data into the normal format for present energy consumption and today's energy use.  I've shown yesterday's readings because I haven't used any gas today as I have a heat pump taking the heating load at the moment whereas yesterday it was just a little bit colder and the gas boiler just came in a bit to help.

At the moment all metering that results in billing has to be done via the DCC until such time that alternative methods like a secure bridge are approved but it could be one version of the future. 

Peter 

Interesting,
I was wondering how they were getting around the security restrictions.

But I see that it sends the data to Kraken and not the DCC, then Kraken sends it back to the app on your phone.

I’d guess that they have cleared it’s use with Ofgem?
Although it is still a potential security concern, but only for Octupus mini users at the moment.
(Unless some bad actor can use it to ‘backdoor’ into Kraken/Octopus more generally, and then from there into the national network?)

However it is proving the technology can work, IF a suitable security protocol can be devised and put in place for general use by DCC.
(And no doubt Arqiva and Vodaphone are not going to be happy about all the current/future sm business they might lose so will be resisting any change).

As Peter mentions, the mini (and data) is not used for billing. It is simply used as a guide for customers as any ‘profiled’ tariff does not show correctly on a IHD.

Actually Kraken is used as a billing system by several suppliers.

Just a few points here. The traffic from the meter to the Home Mini will be encoded according to the HAN standard so it will be secure. I'm sure Octopus will encrypt the traffic through the router back to Octopus HQ so that will be secure. It is possible that they don't even need to encrypt it again as the Home Mini might not need to decrypt it. It only needs to be paired with the meter in some way.

As they are not using it for billing and it's secure I'm not sure they need to get Ofgem's approval. It's just unreadable by anybody who doesn't have the decryption key. The tariff processing (Agile in this case) will be applied by Octopus before being sent to the phone. It shows the calculations correctly. The only thing that won't be correct is the energy value and the cost of the gas as they won't have the correct gas CV at that time. That will be applied later and will show up on the phone in the normal way as historic data.

I don't see how the Mini Home can be used as a means of attack. It will only respond to to one meter. To inject data into the Home Mini you would need to know the encryption key for that meter.

A quick update. Yesterday, for the first time, the Pod disconnected from the electricity usage data but strangely it continued to report gas usage. The led had gone green which indicates ‘not paired’ but this morning, without any intervention from me, it has gone white again and reporting electricity usage. So from the Pod I've lost data but the DCC will grab that in parallel anyway and I'll get that in a couple of days.

So the Pod is not an equivalent to the DCC. If you lose live data you don't get it back. Only the DCC can get historic meter data. 

I think that we are talking about different things, there are 2 different levels/types of 'security' involved here.

Data Protection of users data is the most talked about concern.
Cyber Security is the other, less discussed in public, concern.

"not using it for billing".
It's HAN/WAN encrypted.

OK those are good for Data Protection.

However they do little or nothing for Cyber Security, and it's the security of the electricity network (the National Grid) that is the potential issue from a Cyber Security POV.
Anyone trying to disrupt the National Grid has no interest whatsoever in smart meter data.

To give an idea of the level of cyber threat we are talking about here:
uk-experiencing-four-nationally-significant-cyber-attacks-weekly

The smart meter data itself is not the major Cyber Security concern.

It's the potential millions of network access points if you connect any part of the system to the public internet that is the main Cyber Security concern.
(Imagine someone Hacking into the National Grid and shutting it down).

The Octopus mini appears to currently be a stand-alone system, so that’s fair enough.
However it has the potential to develop into a cyber risk.

Having potential access to the WAN on wifi / public internet / World Wide Web means additional potential access points into the the energy systems and ultimately the National Grid.

The National Grid is classed as Critical National Infrastructure.
The National Cyber Security Centre's "Critical National Infrastructure (CNI)" guidance applies.
In particular 'Principle 2: Limit the exposure of your connectivity' and 'Principle 3: Centralise and standardise network connections'
Critical National Infrastructure (CNI)

That is why DCC do not (currently) link to smart meters over the public internet, but only over a separate, dedicated, WAN.

(PS. Blastoise186 is the cyber security guru here, I’m just an interested observer of it).

​@Nukecad thanks for that. 

I can understand not connecting the smart meter directly to a router because smart meters receive and act on information from the DCC.

My understanding is that the IHD output from the smart meter is output only so even if the Pod was compromised the meter doesn't even have the capability to listen to it but I've not researched the capabilities of the meter/IHD interface. The only thing that a compromised Pod could do is send either garbage data or nothing at all. It could possibly send the data to somewhere else as another possibility. I think the only role that Kraken has is to process Pod data and feed it into the Live tab of the app. Garbage or nothing. I don't think it would act on it because that would be a security risk of some description. Of course there are always Zero Day attacks possible caused by sending malformed strings of information to trigger some kind of mayhem. But defensive programming, which is what I was involved in on one project going back 30+ years should just end up in error code generation not a compromised system. 

This is rather off-topic now but the Mini (like the Home Pro) is no different to a third party device such as the Chameleon ivie or Hildebrand Glow IHD