As per SEC Sections G2.11, G2.15, G2.30, G3.5 and G3.18, all Users are obligated to report incidents and vulnerabilities concerning the security of hardware, software, firmware or Devices to the Security Sub-Committee (SSC).
Furthermore, any DCC Users utilising the Smart Metering Key Infrastructure (SMKI) who experience said incidents and vulnerabilities must inform the SSC as well as the SMKI Policy Management Authority (SMKI PMA).
These must be reported as soon as possible after occurrence via the SEC website – the Secure Egress online form plus further information can be found here.