Member project on procuring secure equipment

ENCS has completed the member project on procuring secure equipment that started in 2019

The member project on procuring secure equipment that started in 2019 had the goal to:

  • Harmonize security requirements for procuring different types of components;
  • Formalize the requirements-based testing method that ENCS has developed.

Since its founding, ENCS has supported its members to procure secure equipment. ENCS has developed security requirements for different domains, and a requirements-based testing method. Combined, these have helped members to get more secure equipment in tenders. By setting a clear and achievable standard for manufacturers, they can help to raise the overall security level in the market.

The project covered four areas:

  • Distribution automation
  • Smart metering
  • Electric vehicle charging
  • IoT sensors for the grid

For each of these areas, the project delivered:

  • a risk assessment
  • a market survey
  • a set of procurement requirements
  • a test plan to verify the requirements

Harmonising the security requirements

In the member project, ENCS harmonised four requirements sets, developed over the previous years:

The requirements were put into the same format aligned with international standards, such as ISO / IEC 27000, IEC 62443, IEC 62351, and OCPP.

ENCS performed a risk assessment for each of the above areas. It then defined a security architecture and derived procurement requirements. The feasibility of the requirements was checked in a market survey among vendors.

With harmonized requirements used by European grid operators, vendors no longer need to implement different requirements sets. They can pre-qualify based on publication of requirements before tendering processes.

Formalising requirements-based testing

The member project on procuring secure equipment also formalized the requirements-based testing. Formalisation allows test results to be shared and enables testing for equipment vendors instead of grid operators. Until now ENCS was testing the same component for different members. It would be a big efficiency gain to test the component once and share the testing results. Not only would this lower the testing cost. It would also make better use of limited testing capabilities, and reduce the time needed for testing.

To allow the test results to be shared, standardised test plans were developed:

ENCS’s strategic goal is to perform security tests directly for equipment vendors. Then grid operators know at the start of each procurement process which devices meet the security requirements. This should make it much easier to procure secure equipment.

Subscribe to our newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.