The Hague, the Netherlands – 22 July 2019 – ENCS, the European Network for Cyber Security, and E.DSO, the European Distribution System Operators’ Association have announced the launch of cyber-security baseline requirements for smart meters (SMs) and data concentrators (DCs). As the second in a series of security guidelines for smart grid components, these mark an important stimulus in improving and harmonising the security of smart grid devices across Europe, helping to build a more resilient “grid of grids”.
The requirements provide European distribution network operators (DNOs) and distribution system operators (DSOs) with a practical set of considerations that can be used totally or partially when procuring and testing SMs and DCs.
ENCS has been active in smart meter security since it was established in 2012. Having started by analysing vulnerabilities in the smart metering protocols and effectiveness of certification approaches, ENCS publicly launched its first set of SM security requirements for Oesterreichs Energy, guiding the whole of Austria towards a secure smart meter roll-out.
Building on this approach for various countries across Europe, ENCS developed its unique requirements-based security testing method. Unlike traditional testing based on attempted tampering, the ENCS testing approach evaluates the actual security level of components against the requirements, and provides objective feedback to the manufacturers, helping them to improve the security level of the devices.
Over four years of testing and improvement, ENCS has witnessed a considerable increase of the security level of the current generation of SMs and DCs.
Nuno Medeiros, Chair of E.DSO Cyber-Security Task Force, stated: “Utilities can use the requirements as a baseline tool for risk mitigation, supporting their risk management strategies.”
Integrating the expertise of key industry stakeholders, the new guidelines are already being applied by Austrian, Bulgarian, Czech, Dutch, Estonian, Portuguese and Swedish DSOs for procurement and security testing purposes.
Anjos Nijk, Managing Director of ENCS, stated: “With harmonisation of smart meter requirements we have moved away from the scattered approach that saw disparate security requirements spring up across Europe.”
“As more grid operators across Europe use this same requirements set, it incentivises manufacturers to improve security. This then helps raise security standards across the industry. We aim to replicate this approach in other areas where the industry needs to structurally increase and harmonise security levels, such as in electric vehicle charging and distribution automation”.
Speaking on the development of security measures for smart grid devices, Joachim Schneider, Chairman of the Technology Committee of E.DSO commented: “Traditionally, grid operators have looked to manufacturers to implement security measures in components, but manufacturers have waited for the operators to tell them what they needed rather than invest in the wrong technology. With these requirements, ENCS and E.DSO break the impasse, and we can all move forward as a more secure industry.”
The new requirements build on ENCS and E.DSO’s recent leadership pledge on smart grid cyber security, and on their memorandum of understanding signed in 2016.
For more information please contact:
Esther van Velzen, Office Manager
Juan Marco, Senior Technical Advisor
European Distribution System Operators (E.DSO) is the key-interface between Europe’s DSOs and the European institutions, and promotes the development and large-scale testing of smart grid technologies in real-life situations, new market designs and regulation. E.DSO gathers 44 leading electricity distribution system operators (DSOs) in 25 countries, including 3 national associations, cooperating to ensure the reliability of Europe’s electricity supply for consumers and enabling their active participation in our energy system. How? By shaping smarter grids for your future.
For more information about E.DSO, please visit https://www.edsoforsmartgrids.eu
The European Network for Cyber Security (ENCS) is a non-profit organization that brings together critical infrastructure stakeholders and security experts to deploy secure European critical energy grids and infrastructure. Founded in 2012, ENCS has dedicated researchers and test specialists who work with members and partners on applied research, defining technical security requirements, component and end-to-end testing, as well as education & training. ENCS uses its network in academia, government and business to provide cyber security solutions and counsel dedicated to the needs of national Distribution System Operators (DSO), Transport System Operators (TSOs) and regulators.