London, U.K. — (METERING.COM) — June 4, 2012 – Energy suppliers in Britain will be required to implement end-to-end security in their smart metering systems, according to a new consultation towards the country’s Smart Metering Implementation Program.
To this end the Department of Energy and Climate Change (DECC) is proposing a new licence condition to cover the period until the Data and Communications Company (DCC) starts to provide services, when different arrangements will need to be in place.
In the consultation it is proposed that the suppliers should take steps to ensure compliance with the ISO 27001:2005 – Information Technology – Security Techniques – Information Security Management Systems standard. To achieve this, the suppliers will need to conduct a risk assessment and design a solution for their end-to-end system to the desired level. Thereafter ongoing risk assessments will need to be conducted to identify new threats. To complement this, the suppliers would also be required to have an annual security risk audit conducted by suitably qualified, external specialists.
In a second new consultation the DECC focuses on the information requirements for monitoring and evaluating the program. During the Foundation Stage of the program, which runs until late 2014, monitoring and evaluation will inform assessment of suppliers’ readiness for mass rollout and help to understand the requirements for consumer engagement to deliver benefits and inform an early review. Once mass rollout is underway, monitoring will inform regular reporting of progress, costs incurred, and the delivery of benefits. Towards the end of mass rollout the program’s overall success will be evaluated, with a comprehensive post implementation review planned around 2018/19.
The two consultations are open until July 27.