Top Banner

Europe sets out standardized cyber security requirements for smart meters

The European Network for Cyber Security (ENCS) and the European Distribution System Operators’ Association (E.DSO) have released some baseline cyber security requirements for smart meters and data concentrators.

Both bodies decided to introduce these measures in an effort to build a more resilient “grid of grids” that will essentially improve the security of smart gird devices in Europe.

The requirements are meant to give European distribution network operators (DNOs) and distribution system operators (DSOs) a practical set of considerations which could be used either totally or just partially. These considerations are expected to be used when it comes to the procurement and testing of smart meters and data concentrators.

Since the ENCS was first set up in 2012, it has been actively trying to ensure greater security in relation to smart meters through analyzing vulnerabilities in the products’ protocols and finding out how effective certification procedures and approaches were. Their first set of security requirements for smart meters was launched for Oesterreichs Energy in Austria.

Anjos Nijk, MD of ENCS, said, “With harmonization of smart meter requirements we have moved away from the scattered approach that saw disparate security requirements spring up across Europe.”

He added, “As more grid operators across Europe use the same requirements set, it incentivizes manufacturers to improve security. This then helps raise security standards across the industry. We aim to replicate this approach in other areas where the industry needs to structurally increase and harmonizes security levels, such as in electric vehicle charging and distribution automation.”

Commenting on the topic, Chair of E.DSO’s Cyber Security Task Force, Nono Medeiros, said, “Utilities can use the requirements as a baseline tool for risk mitigation, supporting their risk management strategies.”

“Traditionally, grid operators have looked to manufacturers to implement security measures in components, but manufacturers have waited for the operators to tell them what they needed rather than invest in the wrong technology,” added Joachim Schneider, chairman of the technology committee of E.DSO. With these requirements, ENCS and E.DSO break the impasse, and we can all move forward as a more secure industry,” said Joachim Schneider, Chairman of the Technology Committee at E.DSO.

The new baseline requirements set out by ENCS and E.DSO build on their previous ones from the recent leadership pledge on smart grid cyber security in 2018 and on an MoU which they both signed in 2016.