SM-402-2020: Security test plan for data concentrators (draft)

Login is required to download this document
  • Version
  • Download 4
  • File Size 452.69 KB
  • File Count 1
  • Create Date December 8, 2019
  • Last Updated May 7, 2020

SM-402-2020: Security test plan for data concentrators (draft)

Plan to test a data concentrator against the ENCS security requirements.

ENCS has developed a set of security requirements for procuring smart meters and data concentrators. The requirements are based on a risk assessment and a security architecture for the whole smart metering system. The security requirements can be used directly in the procurement process.

This document provides a standardized test plan to evaluate the data concentrator against the security requirements. By standardizing the test plan, the test results can be shared between grid operators. The vendor of the data concentrator can order a security test according to the test plan. If the grid operator passes the tests, the vendor can use the test report to show compliance in all tenders that use the security requirements. This reduces the cost of testing and can give grid operators assurance in advance that there are data concentrator meeting the requirements.

The test plan consists of three phases:

  1. Functional tests and a vulnerability assessment by the vendor, usually performed during development;
  2. A review of development processes and security design and OCPP security conformance testing by an external lab;
  3. A penetration test by an external lab.

Draft version 0.3 for review.

Attached Files

File
SM-402-2020 Security test plan for data concentrators v0.3.pdf