SC-201-2020 Security architecture for SCADA systems

Draft security architecture for SCADA systems for review.


AR-402-2020: Security requirements for hardware security measures (draft)

This document includes a set of requirements that grid operators can use for tendering field devices.

Increasingly more vendors are including hardware security measures in smart grid field devices, such as smart meters, data concentrators, remote terminal units (RTUs) and intelligent electronic devices (IEDs). Some are encrypting the external flash modules on smart meters. Some are using hardware security modules on data concentrators to encrypt key databases. And others are implementing secure boot through specialized chips on IEDs. Implementing such measures on field devices is logical, as they are easily exposed to physical attacks.

But on closer look some of the measures seem to not mitigate the real security risks. Protecting keys stored on smart meters is not that important if unique keys are used per meter. Key databases on data concentrators can be decrypted or used if an attacker gains access to a running data concentrator. Unfortunately, it is unclear if the design and implementation of these hardware measures have been evaluated for their efficacy.

To acquire devices with effective security measures, grid operators should include more specific requirements on hardware security in their procurement documents. This document provides a catalog of security requirements from which they can choose based on a risk assessment.


SM-402-2020: Security test plan for data concentrators (draft)

Plan to test a data concentrator against the ENCS security requirements.

ENCS has developed a set of security requirements for procuring smart meters and data concentrators. The requirements are based on a risk assessment and a security architecture for the whole smart metering system. The security requirements can be used directly in the procurement process.

This document provides a standardized test plan to evaluate the data concentrator against the security requirements. By standardizing the test plan, the test results can be shared between grid operators. The vendor of the data concentrator can order a security test according to the test plan. If the grid operator passes the tests, the vendor can use the test report to show compliance in all tenders that use the security requirements. This reduces the cost of testing and can give grid operators assurance in advance that there are data concentrator meeting the requirements.

The test plan consists of three phases:

  1. Functional tests and a vulnerability assessment by the vendor, usually performed during development;
  2. A review of development processes and security design and OCPP security conformance testing by an external lab;
  3. A penetration test by an external lab.

Draft version 0.3 for review.


SM-401-2020: Security test plan for smart meters (draft)

Plan to test a smart meter against the ENCS security requirements.

ENCS has developed a set of security requirement for smart meters and data concentrators. The requirements are based on a risk assessment and a security architecture for the smart metering infrastructure. The security requirements can be used directly in the procurement process.

This document provides a standardized test plan to evaluate the smart meters against the security requirements. By standardizing the test plan, the test results can be shared between grid operators. The vendor of the smart meter can order a security test according to the test plan. If the smart meter passes the tests, the vendor can use the test report to show compliance in all tenders that use the security requirements. This reduces the cost of testing and can give grid operators assurance in advance that there are smart meters meeting the requirements.

For a smart meter that uses the DLMS communication protocol, most security measures will be implemented through this protocol. They can therefore be effectively tested by an independent test lab with the tools needed to test DLMS. The lab should perform the following five test steps:

  • A review of security of the vendor development processes;
  • A technical review of the security design and implementation;
  • Functional tests of the security requirements implemented through DLMS;
  • Robustness testing of the network stacks;
  • A test of the physical tamper detection measures.

Draft version 0.3 for review.


SM-301-2020: Security requirements for procuring smart meters (draft)

This document provides functional and quality requirements for the security of smart meters, including requirements for secure development processes at the vendor. The requirements cover secure communication between the smart meters and the data concentrators and central system. They do not cover the security of the central systems themselves.

The requirements are meant for procuring new smart meters. Data concentrators are addressed separately. The requirements are not meant for legacy systems, although a selection of them can be used to improve the latter.

This document aims to help grid operators to set procurement requirements. It includes requirements that ENCS has developed for members in Austria, Czech Republic, the Netherlands and Portugal, which have been used in different tenders. They are set up to allow independent testing, and more than 30 smart meters have already been successfully tested against them. By using these requirements in their tender process, grid operators can benefit from their already high maturity level.

The measures are aligned with ISO 27001:2013. They are designed to fit as much as possible into the processes and procedures already in place in the organizations, and to find the needed balance between the assured security level, feasibility by vendors and the operational impact.

Draft version 2.6 for review.


SM-302-2020: Security requirements for procuring data concentrators (draft)

This document provides functional and quality requirements for the security of data concentrators, including requirements for secure development processes at the vendor. The requirements cover secure communication between the smart meters and the data concentrators and central system. They do not cover the security of the central systems themselves.

The requirements are meant for procuring new data concentrators. Smart meters are addressed separately. The requirements are not meant for legacy systems, although a selection of them can be used to improve the latter.

This document aims to help grid operators to set procurement requirements. It includes requirements that ENCS has developed for members in Austria, Czech Republic, the Netherlands and Portugal, which have been used in different tenders. They are set up to allow independent testing, and more than 15 data concentrators have already been successfully tested against them. By using these requirements in their tender process, grid operators can benefit from their already high maturity level.

The measures are aligned with ISO 27001:2013. They are designed to fit as much as possible into the processes and procedures already in place in the organizations, and to find the needed balance between the assured security level, feasibility by vendors and the operational impact.

Draft version 2.6 for review.


SM-201-2020: Security architecture for smart metering (draft)

This document provides a recommended security architecture for smart metering systems. The architecture can act as a blueprint for system integrators and the departments maintaining the system. Measures are chosen for the entire system, as this is usually more effective than choosing measures per component. It can be used as a reference by operators who are seeking to implement or to improve the security of a smart metering system, and can be complemented with the smart meter and data concentrator procurement requirements. The architecture is intended to be used together with an information security management system (ISMS) based on ISO 27001:2013 or similar, with each subsection of the document providing the relevant technical security measures to each objective in the ISO 27001 Annex A.

The architecture covers the complete chain from smart meters to central systems, including data concentrators, if these are used.

Draft version 0.3 for review.