MP075 Third party metering service providers

Proposer Steve Mulinganie
Lead Analyst Jordan Crase
Date raised 30/04/2019
StageWithdrawn
Implementation date Unknown
Latest update This Modification Proposal was Withdrawn on 14 August 2019. Comments from the Proposer were that the Agreed Interpretations V1.8 update sufficiently captured the intent of this Modification Proposal.

What is the issue?

At present there is no recognition within the SEC of Suppliers relationships with Meter Asset Managers (MAM) and Meter Asset Providers (MAP). In SEC Section G, under ‘Manufacturers: Duty to Notify and Be Notified’, if a User identifies a security vulnerability in a Smart Metering System that they are the Responsible Supplier for, they shall notify the manufacturer of the device, rectify or mitigate the vulnerability, and report the vulnerability and steps taken to the Security Sub-Committee (G3.17 & G3.18). Reporting of security vulnerabilities to the Security Sub-Committee is also outlined in SEC Section G3.9. The Responsible Supplier for a Smart Metering System shall also make arrangements with the Device Manufacturer to be notified of security vulnerabilities that the manufacturer identifies (G3.20).

In many cases for non-domestic suppliers, there is no formal relationship between the Supplier and the MAP, or the Supplier and the manufacturer, as is assumed in the duty to notify guidance. In such cases the Supplier may have a formal contract with a MAM, or with the end consumer who may have specified certain requirements.

The Full Draft Proposal can be found here.

Latest Progress

The Change Sub-Committee has agreed that there is scope for the issue to be resolved in the SEC and have recommended to the SEC Panel that this Proposal goes into a Refinement Process. This Draft Proposal will be presented to the SEC Panel on 14 June 2019.

Does this issue affect your company? Send us your comments to SEC.change@gemserv.com

Please see here for all comments we have had on DP0075.
Number of comments: 4
Updated: 16/05/2019

What is the solution?

The proposed solution at this stage is clarification of the duty to notify and who can preform this.

What SEC documents are affected?

SEC Section G - Security

Timeline

30 Apr 2019
Draft Proposal raised
14 Jun 2019
DP converted to MP
14 Aug 2019
Proposal withdrawn

Modification documents

MP075 Proposed legal text
02/08/2019
MP075 July Working Group summary
02/08/2019
DP075 Comments
03/05/2019
DP075 Problem Statement v1.0
30/04/2019
No files
No files
No files
No files
No files

If you believe there is a problem with this modification, please let us know HERE.