Baseline cyber-security requirements for smart meters and data concentrators have been announced which aim to raise standards across the industry.
The European Network for Cyber Security (ENCS) and the European Distribution System Operators’ Association (E.DSO) have introduced a set of baseline cyber-security requirements for smart meters (SM) and data concentrators (DC).
The aim is to help build a more resilient “grid of grids” by improving and harmonising the security of smart grid devices across Europe.
The requirements provide European distribution network operators (DNOs) and distribution system operators (DSOs) with a practical set of considerations that can be used totally or partially when procuring and testing smart meters and data concentrators.
ENCS said it has been active in smart meter security since it was established in 2012. Having started by analysing vulnerabilities in the smart metering protocols and effectiveness of certification approaches, ENCS publicly launched its first set of SM security requirements for Oesterreichs Energy.
The intention was to guide the whole of Austria towards a secure smart meter roll-out. Over four years of testing and improvement, ENCS reports a considerable increase of the security level of the current generation of SMs and DCs.
“With harmonisation of smart meter requirements we have moved away from the scattered approach that saw disparate security requirements spring up across Europe,” said Anjos Nijk, managing director of ENCS.
“Utilities can use the requirements as a baseline tool for risk mitigation, supporting their risk management strategies”
“As more grid operators across Europe use the same requirements set, it incentivises manufacturers to improve security. This then helps raise security standards across the industry. We aim to replicate this approach in other areas where the industry needs to structurally increase and harmonise security levels, such as in electric vehicle charging and distribution automation.”
“Utilities can use the requirements as a baseline tool for risk mitigation, supporting their risk management strategies,” continued Nuno Medeiros, chair of E.DSO Cyber-Security Task Force.
Integrating the expertise of key industry stakeholders, the new guidelines are already being applied by Austrian, Bulgarian, Czech, Dutch, Estonian, Portuguese and Swedish DSOs for procurement and security testing purposes.
“Traditionally, grid operators have looked to manufacturers to implement security measures in components, but manufacturers have waited for the operators to tell them what they needed rather than invest in the wrong technology,” added Joachim Schneider, chairman of the technology committee of E.DSO.
“With these requirements, ENCS and E.DSO break the impasse, and we can all move forward as a more secure industry.”
You might also like: