Proving the Business Case for the Internet of Things

Europe harmonises smart meter security standards

Steve Rogerson
July 25, 2019

ENCS, the European Network for Cyber Security, and EDSO, the European Distribution System Operators’ association, have launched cyber-security baseline requirements for smart meters and data concentrators (DCs).
As the second in a series of security guidelines for smart grid components, these should help improve and harmonise the security of smart grid devices across Europe, helping to build a more resilient grid of grids.
The requirements provide European distribution network operators (DNOs) and distribution system operators (DSOs) with a practical set of considerations that can be used totally or partially when procuring and testing smart meters and DCs.
ENCS has been active in smart meter security since it was established in 2012. Having started by analysing vulnerabilities in the smart metering protocols and effectiveness of certification approaches, ENCS publicly launched its first set of smart meter security requirements for Oesterreichs Energy, guiding the whole of Austria towards a secure smart meter rollout.
Building on this approach for various countries across Europe, ENCS developed its requirements-based security testing method. Unlike traditional testing based on attempted tampering, the ENCS testing approach evaluates the actual security level of components against the requirements, and provides objective feedback to the manufacturers, helping them improve the security level of the devices.
Over four years of testing and improvement, ENCS has witnessed a considerable increase of the security level of the current generation of smart meters and DCs.
“Utilities can use the requirements as a baseline tool for risk mitigation, supporting their risk management strategies,” said Nuno Medeiros, chair of EDSO’s cyber-security task force.
Integrating the expertise of key industry stakeholders, the guidelines are already being applied by Austrian, Bulgarian, Czech, Dutch, Estonian, Portuguese and Swedish DSOs for procurement and security testing purposes.
“With harmonisation of smart meter requirements, we have moved away from the scattered approach that saw disparate security requirements spring up across Europe,” said Anjos Nijk, managing director of ENCS. “As more grid operators across Europe use this same requirements set, it incentivises manufacturers to improve security. This then helps raise security standards across the industry. We aim to replicate this approach in other areas where the industry needs to structurally increase and harmonise security levels, such as in electric vehicle charging and distribution automation.”
The requirements build on ENCS and EDSO’s recent leadership pledge on smart grid cyber security, and on their memorandum of understanding signed in 2016.
“Traditionally, grid operators have looked to manufacturers to implement security measures in components, but manufacturers have waited for the operators to tell them what they needed rather than invest in the wrong technology,” said Joachim Schneider, chairman of EDSO’s technology committee. “With these requirements, ENCS and EDSO break the impasse, and we can all move forward as a more secure industry.”