|Date raised||30/04/2019||Modifications Path||Path 3 – Self Governance|
|Current stage||Not Applicable||Overall status||Initial Consideration|
|Proposer name||Steve Mulinganie||Proposer's organisation||Gazprom|
At present there is no recognition within the SEC of Suppliers relationships with Meter Asset Managers (MAM) and Meter Asset Providers (MAP). In SEC Section G, under ‘Manufacturers: Duty to Notify and Be Notified’, if a User identifies a security vulnerability in a Smart Metering System that they are the Responsible Supplier for, they shall notify the manufacturer of the device, rectify or mitigate the vulnerability, and report the vulnerability and steps taken to the Security Sub-Committee (G3.17 & G3.18). Reporting of security vulnerabilities to the Security Sub-Committee is also outlined in SEC Section G3.9. The Responsible Supplier for a Smart Metering System shall also make arrangements with the Device Manufacturer to be notified of security vulnerabilities that the manufacturer identifies (G3.20).
In many cases for non-domestic suppliers, there is no formal relationship between the Supplier and the MAP, or the Supplier and the manufacturer, as is assumed in the duty to notify guidance. In such cases the Supplier may have a formal contract with a MAM, or the with the end consumer who may have specified certain requirements.
The Full Draft Proposal can be found here.
Latest ProgressDoes this issue affect your company? Send us your comments to SEC.firstname.lastname@example.org
Please see here for all comments we have had on DP0075.
Number of comments: 4
Proposed implementation timetable
Draft Proposal Raised: 30 April 2019
To be considered by the Change Sub-Committee: 28 May 2019
- Modification Proposal Raised
- Initial Modification Report
- Refinement Process
- Modification Report
- Change Board Vote
- Modification Decision
If you believe there is a problem with this modification, please let us know HERE.