The government was warned of the risks surrounding its controversial smart meter programme four years ago, according to a leaked internal report seen by The Register, but appears to have largely ignored those concerns.

A review of the programme from March 2012 highlights the vulnerability of smart meters to cyber-attacks, and flagged estimates that the scheme could leave the taxpayer out of pocket by £4.5bn rather than save consumers cash.

Some 53 million smart meters are due to be installed in residences and small businesses by the end of 2020 at an estimated cost of £11bn.

So far 3.5 million have been installed. The government has said it expects the scheme will save £17bn. However, a recent delayed report found that benefits to the consumer could be much smaller than originally thought.

The programme was overseen by the former Department for Energy and Climate Change (DECC), which has since been subsumed by the Department for Business, Energy & Industrial Strategy.

In addition, the technical delivery of the national platform behind smart meters, which is the responsibility of the Capita-run Data Communications Company (DCC), has been subject to a series of delays. That platform intended to lay the basis of the smart grid.

The report noted that the proposed technical model of smart meters "inserts a new third party between consumers and energy providers".

The programme introduces a "potentially significant, security and privacy vulnerability" which "[presents] a major vector for cyber-attacks given the vulnerability of a centralised entity managing all the switching into every homes. It also introduces a central point for surveillance and privacy compromises."

It also said that GCHQ's technical arm CESG has "voiced strong concerns about the proposed approach". Since the report, GCHQ has worked more closely with DECC "to assure the security of the UK system".

The report revealed that the cost benefits have varied widely since the scheme was first mooted from a net loss of £4.5bn to the taxpayer to current estimates of a £7bn net benefit. "Such significant disparities indicate a high uncertainty and risk associated with the underlying modelling assumptions and the programme overall," it read.

The cost of installing smart meters in Italy is £75 per meter and £127 in France, in contrast to £390 per household in the UK, it said, recommending a full review of the cost of the programme compared with other countries.

The report described the government's approach as similar to "command and control" IT programmes such as the disastrous £11bn National Programme for IT and £500m FireControl programme, and runs the risk of "replicating the problems of government ICT projects of the last 15 years".

It concluded: "[The] significant fluctuation of the net disbenefits and net benefits of impact assessments; the low optimism bias applied to still changing technology requirements; and the creation of a centralised data and communications provider all indicate a programme with the high risk characteristics of previous large-scale IT failures."

The report accused the programme of having an "inconsistent evidence base", finding there was no analysis of alternative options, and proposed a three-month reset of the programme.

Despite the scheme not materially changing since the report was published, last September the Major Projects Authority downgraded the risk of the project from amber/red to amber, suggesting that some progress has been made on the DCC scheme. ®