Europe: First harmonised approach for security certification of smart meters has been formally certified


The first set of harmonised requirements for security certification of smart meters in Europe, developed by the CEN/CENELEC/ETSI Coordination Group for Smart Meters with the support of the ESMIG, has now officially been certified under Common Criteria by the Dutch certification body NSCIB.

Smart meter certification performed using this protection profile by any of the certification bodies members of the SOG-IS agreement will be recognised across the 17 European countries that have signed that agreement.

Read more about smart meters here
Read more about issues impacting business and regulation

The development of smart energy grids is dramatically changing the grid and traditional energy services and markets are undergoing a significant transformation. Thanks to ICT, the grid of the future becomes smarter so as to improve the reliability, security, and efficiency of the energy systems through information exchange, distributed generation, storage sources, and the active participation of the end consumer. Internet of Things (IoT) communication networks are already in use and enable modern energy services provided by grid operators and energy service companies.

With this increasingly connected environment comes the risk of vulnerabilities, which could affect the reliability of the energy system and the trust of consumers. Therefore, securing the smart grid and the related communications systems is essential for a successful energy transition. And with the smart meter being one of the key ICT components of the smart grid, ESMIG actively contributed to the CEN-CENELEC-ETSI Coordination Group on Smart Meters to make sure we put in place a harmonised European approach for the security of these devices.

“ESMIG is proud to have contributed to the first European security certification approach for smart metering. We are committed to delivering high-quality products that are interoperable and complying to appropriate security requirements. This compliance starts – but does not end – with certification. A continuous process of monitoring vulnerabilities and adaptations is needed to keep up with the security threats. The certification of smart meters is a pre-requisite for compliance with European legislation such as the Cybersecurity Act and GDPR” says Willem Strabbing, Managing Director of ESMIG.

The work started in 2013 with the collection of security requirements from various countries and the development of a common set of requirements for smart meters on the European level. Based on this common set of requirements, and in line with the provisions of the “Cybersecurity Act” adopted by the European Union in 2019, the Coordination Group and ESMIG developed an official protection profile for smart meters.

This profile will be the basis for security certification of smart meters in Europe and enables the mutual recognition of certificates by multiple EU member states. It prevents further fragmentation of the certification approaches across Europe, reduces the cost of certification and increases the security level of smart grids.

“The developers united in ESMIG strengthen EU high security further by creating this smart meter PP. A combination of solid requirements and commitment to show the security quality of their products.“ says Brightsight CEO Dirk-Jan Out, the accredited laboratory that performed the evaluation of the protection profile.

“It is important for the energy market to understand that it is not our intention to replace already existing certification procedures. Furthermore, every country is free to choose if they want to have their meters certified. The certification approach defined by the CG-SM is voluntary, but ESMIG strongly advises to make use of it and as such realise a substantial cost decrease,” concludes Strabbing.

“The cost of certification is not more than for example the current cost based on the Commercial Product Assurance scheme in the UK, but the big win is a certificate that can be used in multiple countries”.

Strabbing adds: “We have noticed the recent publication of security recommendations by E.DSO and ENCS. Both ESMIG and E.DSO, agree to look into these recommendations in comparison with the security requirements we have defined in an earlier stage.”

ESMIG is committed to working together across the sector to develop this process and ensure the highest standard of security for smart meters.