ENCS, the European Network for Cyber Security, and E.DSO, the European Distribution System Operators’ Association have announced the launch of cybersecurity baseline requirements for smart meters (SMs) and data concentrators (DCs).
As the second in a series of security guidelines for smart grid components, these mark an important stimulus in improving and harmonising the security of smart grid devices across Europe, helping to build a more resilient ‘grid of grids’.
The requirements provide European distribution network operators (DNOs) and distribution system operators (DSOs) with a practical set of considerations that can be used totally or partially when procuring and testing SMs and DCs.
ENCS has been active in smart meter security since it was established in 2012. Having started by analysing vulnerabilities in the smart metering protocols and effectiveness of certification approaches, ENCS publicly launched its first set of SM security requirements for Oesterreichs Energy, guiding the whole of Austria towards a secure smart meter roll-out.
Building on this approach for various countries across Europe, ENCS developed its unique requirements-based security testing method. Unlike traditional testing based on attempted tampering, the ENCS testing approach evaluates the actual security level of components against the requirements, and provides objective feedback to the manufacturers, helping them to improve the security level of the devices.
Over four years of testing and improvement, ENCS has witnessed a considerable increase in the security level of the current generation of SMs and DCs.
Nuno Medeiros, Chair of E.DSO Cyber-Security Task Force, stated: “Utilities can use the requirements as a baseline tool for risk mitigation, supporting their risk management strategies.”
Integrating the expertise of key industry stakeholders, the new guidelines are already being applied by Austrian, Bulgarian, Czech, Dutch, Estonian, Portuguese and Swedish DSOs for procurement and security testing purposes.
Anjos Nijk, Managing Director of ENCS, stated: “With harmonisation of smart meter requirements we have moved away from the scattered approach that saw disparate security requirements spring up across Europe.”
“As more grid operators across Europe use this same requirement set, it incentivises manufacturers to improve security. This then helps raise security standards across the industry. We aim to replicate this approach in other areas where the industry needs to structurally increase and harmonise security levels, such as in electric vehicle charging and distribution automation”.
Speaking on the development of security measures for smart grid devices, Joachim Schneider, Chairman of the Technology Committee of E.DSO commented: “Traditionally, grid operators have looked to manufacturers to implement security measures in components, but manufacturers have waited for the operators to tell them what they needed rather than invest in the wrong technology. With these requirements, ENCS and E.DSO break the impasse, and we can all move forward as a more secure industry.”
The new requirements build on ENCS and E.DSO’s recent leadership pledge on smart grid cybersecurity, and on their memorandum of understanding signed in 2016.