Panel determinations under the Governance Framework for Release 1.3 (R1.3)
Next Spotlight on the SEC Seminar to be held 22nd August 2017 – Book Your Place
Update on recent SEC Designations
Panel Determinations on the Governance Framework for Release 1.3 (R1.3)
On 22nd July 2017, the DCC made R1.3 functionality available in the live environment. R1.3 makes available the functionality of pre-payment commands and SMKI recovery.
In the lead up to R1.3, a governance process was undertaken to ensure the necessary assurances were in place for BEIS to approve DCC Go-Live.
In support of this, the Panel undertook a number of decisions in relation to the various testing stages, including:
- an ex-committee Panel meeting on 30th June 2017, the Panel determined that the Additional Systems Integration Testing (SIT) Exit Criteria for R1.3 had been met, taking into account the recommendation from the Testing Advisory Group (TAG);
- at the meeting, the Panel also validated the outcome of the entry gate into End-to-End Testing such that the Entry Criteria had been met on 13th June 2017; and
- on 18th July 2017, the Panel determined that the Exit Criteria for SMKI and Repository (SRT) Part 3a had been met, following recommendation from the SMKI PMA.
The Panel also approved the maintenance period required for the DCC uplift of code into the production environment.
A notice was provided to BEIS, the Authority (Ofgem) and Parties of the necessary determinations and recommendations.
Next Spotlight on the SEC Seminar to be held 22nd August 2017 - Book Your Place
On 22nd August 2017, SECAS is holding a Spotlight on the SEC seminar. Topics will include:
- an overview from Ecotricity regarding their approach to preparing for and undertaking the User Security Assessment;
- information on Meter Operators’ and Meter Asset Managers’ SEC obligations; and
- modifications and the DCC User Entry Process.
Additionally, if there are any specific topics of interest to your SEC Party, please inform SECAS in your RSVP and we will make sure these topics are included on the day.
For more information, follow this link to the official invite on the SEC website, or if you have any other questions please get in touch.
Update on Recent SEC Designations
In July 2017, two versions of the SEC were designated. Details are provided below:
SEC Version 5.8
SEC 5.8 came into effect from 12th July 2017, implementing Modification Proposal SECMP0035 ‘Updates to SEC Appendix B – Organisation ARL expiration date to be aligned to DCCKI ARL’.
This modification ensures that the Smart Metering Key Infrastructure (SMKI) Organisation Authority Revocation List (ARL) is aligned to the Data Communications Company Key Infrastructure (DCCKI) ARL; amending the expiration date of the Organisation ARL from 12 months up to 13 months. Also, amendments were made to the DCCKI Certificate Policy (CP) and the DCCKI ARL to reflect that the expiration date is up to 13 months.
The modification amended the following two SEC Appendices:
- Appendix B – Organisation Certificate Policy; and
- Appendix S - DCCKI Certificate Policy
SEC Version 5.9
SEC 5.9 came into effect on 21st July 2017, and includes the two SEC Appendices that were re-designated by the Secretary of State (SoS) as part of the R1.3 Live decisions.
The SoS direction re-designated the following SEC Appendices:
- Appendix AC – Inventory Enrolment and Withdrawal Procedures (version 1.2); and
- Appendix AD – DCC User Interface Specification (version 1.1).
Tracked change versions of Appendix AC and Appendix AD are available here.
To download the complete SEC or individual SEC Sections, Schedules or Appendices please visit the SEC and Guidance Documents page on the SEC Website.
SEC Modification Proposal Update Following July 2017 Panel Meeting
SECAS presented one Initial Modification Report (IMR) to the Panel at their July 2017 meeting:
The Panel agreed for SECMP0039 to proceed into the Refinement Process.
The Panel also reviewed one Draft Modification Report (DMR):
The Panel agreed for SECMP0006 to proceed to Modification Report Consultation, which was issued on 21st July 2017, with responses due back by 11th August 2017.
The next Modifications’ Question Hour will be held at 11am on 7th August 2017. Further information, including the relevant teleconference details, can be found here.
The SEC Panel met on 14th July 2017, with the key topics discussed available in the Meeting Headlines here. The Final Minutes, can be found here.
During the meeting, key items discussed include:
- the Panel approved the establishment of an Operations Group, as a Sub-Committee under the SEC, following a suggestion from BEIS. The purpose of the group will be to provide a forum for discussion of operational matters, with the focus of the programme turning towards operational services. Membership for the group will be sought in August - September 2017;
- the Panel agreed an approach for the management of Technical Code Specifications and resulting new versions for SEC releases in 2018 and 2019. The Panel also agreed to designate the Technical Code Specifications early in order for Parties to have a clearer understanding of the content of these specifications in advance of them being enforced. BEIS are now developing a plan for when the next versions of the relevant Technical Code Specifications will be designated; and
- Ofgem presented the Panel with an update on the responses received following the Competition and Markets Authority (CMA) Remedies Consultation held in November 2016. The presentation covered a scope of new arrangements in regards to codes and system delivery bodies, and licencing in regards to code managers and administration.
The next scheduled Panel meeting will be held on 11th August 2017.
Security Sub-Committee (SSC)
During July 2017, the SSC undertook two Full User Security Assessment reviews – with the assurance status recommendations being submitted to the SEC Panel.
In terms of wider work, the Sub-Committee continue to provide support and discuss a number of key areas, specifically:
- discussion around the security impact of a number of Modification Proposals currently going through the process;
- the SSC expectations on the Verification Security Assessment process;
- the ways in which the User Competent Independent Organisation (CIO) will consider reliance from previous User Security Assessments; and
- the end to end risk assessment of smart metering security.
Further information on these discussions can be found under the SSC section of the meeting documentation, found here. The next SSC meetings are scheduled for 9th and 30th August 2017.
Technical Architecture and Business Architecture Sub-Committee (TABASC)
The TABASC met on 20th July 2017, the main topics of discussion include the following:
- final amendments are being made to the Business Architecture Document (BAD) based on feedback received. The final document will be issued to the TABASC at the August 2017 meeting for final approval, prior to submission to the Panel;
- the TABASC are currently developing an Operational Risk Register, with scoping and mitigation identification work being undertaken in advance of a risk workshop to be held in September 2017; and
- the TABASC have undertaken an initial analysis of the potential and/or necessary updates, to inform a decision on the priority for reviewing each Design Note. The first two Design Notes will be circulated for the TABASC review in August 2017.
The next TABASC meeting is scheduled for 17th August 2017.
SMKI Policy Management Authority (SMKI PMA) Update
The SMKI PMA met on Tuesday, 18th July 2017, where the following key topics were discussed
- SMKI and Repository Testing (SRT): SRT to date has been split across various testing stages and releases to align with release content and functionality. The latest SRT part (SRT Part 3a) covered the DCC testing required in relation to SMKI Recovery in the SIT environment. The next stage (SRT Part 3b) will involve DCC testing the SMKI Recovery Environment with Parties. The DCC will invite Parties to test the functionality for SRT Part 3b in October / November 2017. In addition, the DCC confirmed that the SRT Approach Document will be updated to consider the requirements for SRT Part 4. The DCC will submit the amended document to the SMKI PMA for comment prior to seeking approval from the SEC Panel.
- Certification Practice Statement (CPS) Update: The DCC are currently amending the various Certification Practice Statements (Organisation, Device and Infrastructure Key Infrastructure) to align with the current DCC system processes. Ongoing discussions are being held between the DCC, BEIS and the National Cyber Security Council (NCSC) to inform the changes. Once complete, the amended documents will be submitted to the SMKI PMA for approval.
The next SMKI PMA meeting will be held on 15th August 2017.
SECAS continue to develop guidance material for SEC Parties. If you feel your organisation could benefit from more specific and specialised guidance, please contact the SECAS Helpdesk.
Security Controls Framework (SCF) and Agreed Interpretations (AIs) Update
The SCF is a document that is used by the User Competent Independent Organisation (User CIO) to assess SEC Parties and/or DCC Users for compliance against SEC Sections G3 – G6 during their User Security Assessment. In addition, the AIs is a document that provides clarity to SEC Parties and/or DCC Users on terms within the Code within SEC Sections G3 – G6.
Following the SSC meeting on 26th July 2017, new versions of the SCF (V1.9) and AIs (V1.4) were published.
What has changed?
The latest version of the SCF (v1.9) has been updated to reflect:
- timing of Second and Subsequent User Security Assessments;
- second User Security Assessment for Small Suppliers with a Shared Resource operating more than 250,000 Smart Metering Systems;
- how a DCC User can obtain threat assessment-related information for the purpose of their risk assessment;
- when a DCC User should report vulnerabilities to the SSC;
- a summary of the SSC’s Decision Making Process (DMP) in relation to when the SSC make an assurance status recommendation to the SEC Panel; and
- the scope of the Verification User Security Assessment.
The latest version of the AIs (V1.4) has been updated to reflect:
- compliance with standards, procedures and guidelines within the SEC.
The SCF and AIs can be found on the SEC Website here. Please note a user login is required to gain access to both documents.
Design Notes and Interim Approaches
SECAS have updated the Design Notes section on the SEC Website to include guidance information. Two new documents have been uploaded:
- Uncontrolled Gas Flow Rate - recommended settings at manufacture
These settings were discussed at the transitional Technical Specification Issue Resolution Sub-group (TSIRS)
- DCC Guidance Note Use of DCC User Interface Specification (DUIS)
The DCC has identified a series of behaviours regarding the use of the DUIS that Users should be aware of. These are explained in this guidance note to ensure that all SEC Parties and Registration Data Providers (RDPs) are aware of the issue and its implications
- The Communication Hub Re-use Design Note has been unpublished following a significant discrepancy with SEC Section F8.6. SECAS will be reviewing this Design Note as part of the TABASC review.
These documents are available on the SEC Website via the following link: Design Notes and Interim Approaches.
Understanding Licence Conditions and SEC Obligations
During the month of July 2017, the SECAS team published a guidance document, with the aim to help SEC Parties understand their Energy Licence Conditions and SEC Party Obligations. The document clarifies obligations around Affiliates, Subsidiaries and Voting Groups. The document can be found on the website here.
Consultation on the Delivery Plan for DCC Release 2.0 (R2.0)
In January 2017, the DCC received a Direction from the Secretary of State (SoS) to produce a plan for the delivery of R2.0.
The DCC Plan has been issued for consultation and sets out their draft milestones for the consideration of stakeholders, based on planning work undertaken by the DCC and its Service Providers. The DCC has proposed that it will review the milestones following the key milestone event of Solution Design complete, at the end of September 2017.
The DCC has been working alongside BEIS and the SEC Panel to explore the options for ensuring that R2.0 is successfully delivered, as well as managing the modifications as made by industry to modify the SEC.
The DCC would like to implement a holistic planning approach and the DCC states it’s proposed key milestones as:
- User Integration Testing (UIT) available for testing against changes to technical specifications for single-band Communications Hubs (SBCH) on 19th January 2018;
- Instrumented Test Communications Hubs (ITCH) for DBCH available 15th March 2018 for the start of End to End testing;
- UIT available for dual-band Communications Hubs testing on 4th May 2018;
- R2.0 released to the live environment in late July 2018;
- First, ‘volume constrained’ batch of production dual-band Communications Hubs available in late July 2018; and
- Dual-band Communications Hub available at full volume in late September 2018.
The consultation closes on the 15th August 2017 and can be read in full here.
DCC Consultation for the Testing Approach Document for Release 2.0
The SoS issued a direction in February 2017 for the DCC to produce a Testing Approach Document, to describe the testing that will be undertaken to support R2.0. The consultation aims to provide a high level overview to give relevant parties an opportunity to understand the DCC’s approach to testing for Release 2.0.
The DCC is seeking responses to nine questions set out at the end of the consultation. The closing date for responses is15th August 2017 and the consultation can be read in full here.
Ofgem - Smart Systems and Flexibility Plan
Ofgem released a call for evidence for their Smart, Flexible Energy Systems plan in November 2016 and the original consultation can be read here. Since the close of the consultation in January 2017, Ofgem have collated the responses and produced their Smart Systems and Flexibility Plan. Ofgem describes the plan as a crucial part of the Governments Industrial Strategy and a key part of Ofgem’s future-facing work to allow the energy system transition.
Ofgem plan to deliver a smart and flexible energy system by:
- removing barriers to smart technologies, including storage;
- enabling smart homes and businesses; and
- making markets work for flexibility.
Ofgem would like to reward and empower consumers by allowing them to use energy when it’s cheapest. The Smart Meter Roll-out enables smarter tariffs as well as the ability to communicate with their home appliances, to reduce their bills. They would like to open up new markets, improve coordination across the system and enable smart businesses to realise the true value of their services.
The aim is to upgrade the regulatory and market framework to open up new opportunities for consumers and market participants. As Ofgem make changes, they are aware that new issues will arise and that further action or an adapted approach may need to be implemented.
The full plan can be read here.
SEC Party Engagement Day
The annual SEC Party Engagement Day took place on 13th July 2017 and was very well attended. The day included presentations from the SEC Panel Chair, the DCC, BEIS, Ofgem, the Alt HAN Forum Chair, Smart Energy GB, Citizens Advice and SECAS.
SEC Parties had the opportunity to meet the SEC Panel and have their questions answered.
In the afternoon, a Spotlight session was run by SECAS, giving an overview of the User Entry Process, Security assessments and Modifications. The DCC also presented on the User Onboarding Process.
For a copy of the slides presented on the day please follow this link.
Pursuant to SEC Section M6.2, each Party is required to ensure that its Party Details remain up-to-date. This will be particularly important for when you commence the DCC User Entry Process, as the DCC checks these details as part of those procedures, for example, the SMKI Registration Authority Policies and Procedures (SMKI RAPP).
If you are expecting or have recently had a change in Party Details, please complete the ‘Change in Party Details’ form as found here and send it to the SECAS Helpdesk.
The table below shows the current status of SEC Parties.
SEC Parties and Accessions
| || |
| Current SEC Parties|| 264|
| Accession of new Parties to the SEC since last Newsletter || 3|
| Parties withdrawing from the SEC || 1|
| Expulsion of Parties from the SEC|| 0|
| Changes to SEC Panel Member employment status || 0|
A list of SEC Parties can be accessed on the SEC Website via the link provided.
Upcoming SEC Calendar Dates
The following meetings coming up over the next month are accessible via the Meeting Calendar on the SECAS Website.
| Date (2017)||Meetings and Events|
|7th August||Modifcations Question Hour 15|
|8th August||Modifications Working Group|
|9th August||SSC Meeting 35|
|11th August||SEC Panel Meeting 47|
|15th August||SMKI PMA Meeting 38|
|17th August||TABASC Meeting 21|
|22nd August||Spotlight on the SEC Seminar|
|23rd August||SSC Meeting 36|
|23rd August||SEC Change Board 13|
We are on Twitter and LinkedIn. SECAS are using social media to provide links and other information organisations may find useful. Follow us to stay up to date with developments with the SEC.
2017 SECCo Ltd. All Rights Reserved.