Plan to test a data concentrator against the ENCS security requirements.
ENCS has developed a set of security requirements for procuring smart meters and data concentrators. The requirements are based on a risk assessment and a security architecture for the whole smart metering system. The security requirements can be used directly in the procurement process.
This document provides a standardized test plan to evaluate the data concentrator against the security requirements. By standardizing the test plan, the test results can be shared between grid operators. The vendor of the data concentrator can order a security test according to the test plan. If the grid operator passes the tests, the vendor can use the test report to show compliance in all tenders that use the security requirements. This reduces the cost of testing and can give grid operators assurance in advance that there are data concentrator meeting the requirements.
The test plan consists of three phases:
- Functional tests and a vulnerability assessment by the vendor, usually performed during development;
- A review of development processes and security design and OCPP security conformance testing by an external lab;
- A penetration test by an external lab.