Spotlight on the SEC - Sheffield - 18th May 2017
SEC Panel Letter - DCC User mandates and DCC User Entry Process
Change Board vote on first DCC system impacting Modification
Spotlight on the SEC - Sheffield - 18th May 2017
Responding to feedback that it would be beneficial to have information seminars in other areas of the country, SECAS have arranged for the next Spotlight on the Smart Energy Code (SEC) Seminar to be held in Sheffield, on Thursday 18th May 2017.
We hope this will give an opportunity to those SEC Parties who have not previously been able to attend a seminar to do so. The spotlight is a quarterly seminar hosted by SECAS with a DCC representative also in attendance.
Topics will include; general updates to the code, presentations on becoming a DCC User, aswell as a focus on fulfilling the Security and Privacy requirements of the SEC. Additionally, if there are specific topics of interest to your SEC Party please inform SECAS in your RSVP and these topics will be included on the day.
For more information, follow this link to the official invite on the SEC website, or if you have any other questions please do get in touch.
The SEC Panel met on 21st April 2017 with the key topics discussed available in the Meeting Headlines here. The Final Minutes, setting out the more detailed discussion, will be made available on 5th May 2017.
During the meeting, a number of key items were discussed, including:
- The Panel received an update from the DCC on the remaining testing activities required for DCC Live Release 1.3. An outline timetable was provided to the Panel for upcoming meetings and decision-making activities. It was also noted that the TAG are continuing to review the updates from the DCC, in order to keep up to date with progress and provide the Panel with the necessary recommendations.
- The DCC presented an approach to undertaking further analysis and engaging industry on options for amendments to the Release Frequency set out within the Panel Release Management Policy (RMP). The Panel requested that the DCC provide an impact assessment against a number of release options for the next meeting, prior to the consultation with industry on any amendments required to the Panel RMP.
The next Panel meeting will be held on 12th May 2017.
The SSC continue to divide their time between two key areas of their role:
- The review of SEC Parties undertaking their Initial User Security Assessment as part of the wider User Entry Process, and providing a recommendation to the SEC Panel on the assurance status that should be set following this review; and
- The wider End-to-End Security Obligations as set out in the Code.
During April 2017, the SSC undertook another Full User Security Assessment review of a Large Supplier – with the assurance status recommendation being submitted to the SEC Panel in May 2017. In addition, the SSC reviewed a Follow-up Security Assessment of a Large Supplier, and again, a recommendation of an assurance status for this SEC Party after their Follow-up Security Assessment will be submitted to the SEC Panel.
In terms of wider work, the Sub-Committee continue to provide support and discuss a number of key areas, specifically:
- Supply Sensitive Checks, specifically around the value-based element and how these must be completed within the User System;
- The legal advice provided by the SECCo Lawyers in regards to a Change of Ownership and the considerations this may have following a User Security Assessment; and
- The ways in which the User CIO will consider reliance from previous User Security Assessments.
Further information on these discussions can be found under the SSC section of the meeting documentation, found here. The next SSC meeting is 10th May 2017.
Technical Architecture and Business Architecture Sub-Committee (TABASC)
The TABASC are continuing to focus on several key areas, including the development of the Business Architecture Document (BAD). Content of the document is being provided to the TABASC in four stages for review, and the third drop of content for the BAD is now out for review with the TABASC.
The final drop of content for the BAD will be provided in June 2017 where a final End-to-End review will be completed. If you wish to be involved in the BAD review, please contact the SECAS Helpdesk for further details.
A matrix, to be included as part of the Initial Modification Report, was developed as an outcome of the Development of User Testing Principles for Modification Proposal Workshop. The purpose of the matrix is to aid Modification Proposers and Working Groups to meet SEC Modification Process and reporting requirements. The TABASC are refining the matrix prior to SEC Panel approval in May 2017.
The TABASC held a session to develop the operational risks, relating to the End-to-End Technical and Business Architecture. This included the development of the risk's severity levels, potential mitigations and RAG (Red, Amber, Green) Status’. As part of the TABASC’s obligation of reviewing the effectiveness of the Technical and Business Architectures and the Home Area Network (HAN) Requirements, a questionnaire will be sent to all Users in September 2017 to identify areas for the risks to be developed in more detail.
The next TABASC meeting is scheduled for 18th May 2017.
SMKI Policy Management Authority (SMKI PMA) Update
A SMKI PMA meeting was held on 18th April 2017, where the following items were discussed:
- A review of the SMKI and Repository Testing (SRT) Approach Document was undertaken, following the consultation with parties. The SMKI PMA noted a number of amendments that were to be made and discussed a recommendation to be provided to the Panel on its approval;
- The DCC provided the SMKI PMA with an update on the DCCKI PMA Function activities, including providing the DCCKI Audit Report and the management response to the observations that are currently being addressed;
- The next steps resulting from the SMKI Recovery Workshop held in March 2017 were also discussed with a number of actions and items ongoing.
The next SMKI PMA meeting will be held on 16th May 2017.
SECAS continue to develop guidance material for SEC Parties, if you feel your organisation could benefit from more specific and specialised guidance, please contact SECAS Helpdesk.
SMIP Consultation on Changes to the DCC user Interface Specification (DUIS) and the Inventory, Enrolment and Withdrawal Procedures (IEWP) at Release 1.3
The DCC discovered that a DCC User may not be able to commission a Device, should the initial attempt fail to do so. This can occur if there has been a failure (after ‘whitelisting’) of the Communications Hub Function (CHF) to join with a Device over the Home Area Network.
A Device having its ID whitelisted (being in the CHF Log) does not mean it can communicate over the HAN – there are some steps after whitelisting that are needed before a Device can do so.
The proposed changes to the DUIS and IEWP are designed to ensure that, when a Device has been added to a CHF’s Device Log, the Device’s Smart Meter Inventory (SMI) status will remain at whitelisted even if the DCC does not receive the second alert.
In turn this will allow the DCC User to find out whether the Device can communicate and, if it can, continue with the Device Installation.
The following changes have been proposed to the DUIS and IEWP:
- IEWP Clause 4.4: Deletion of the requirement on DCC to set the SMI Status of a Device to ‘Pending’ where the relevant Alert is not received in time;
- DUIS Alerts N24 and N25: Changes to specify that the trigger should be the successful establishment of communications with the Device; and,
- DUIS Section 126.96.36.199: Removal of the requirement to set the SMI Status of a Device back to ‘pending’ where the relevant Alert is not received in time and, consequently, the addition of a requirement for setting the SMI Status to “Pending” where a Device with a status of ‘whitelisted’ has been successfully removed from a CHF Device Log.
BEIS are proposing to re-designate the documents as set out in Annex A and Annex B on 12th May 2017, as per the draft in Annex C (found in the letter).
Comments on these proposals, by reference to the numbering used in the DUIS and IEWP at Annex A and B, should be submitted by 17:00 on 5th May 2017 to: email@example.com
Pursuant to SEC Section M6.2, each Party is required to ensure that its Party Details remain up-to-date. This will be particularly important for when you commence the DCC User Entry process, as the DCC checks these details as part of those procedures, for example, the SMKI Registration Authority Policies and Procedures (SMKI RAPP).
If you expecting or have recently had a change in party details, please complete the ‘Change in Party Details’ form as found here and send it to the SECAS Helpdesk.
In the case of customer churn from a DCC to a Non DCC User, the supplier (DCC User) whose security credentials remain on the meter, will continue to receive critical alerts sent to that meter. A critical alert is defined as; A message generated by a device in response to a problem, or risk of a potential problem, in relation to supply being affected, financial fraud or a compromise of device security.
An interim process has been in place since October 2016 to ensure the new supplier (Non DCC User) is provided with critical alerts by the previous supplier. The DCC user must forward the details of the alert on to the new supplier via email, using the contact details available here. All suppliers are requested to provide SECAS with up to date relevant contact information to include on this centralised list and proactively inform SECAS should these details change.
If the supplier cannot reach the acquiring supplier via the contacts list, please contact the SECAS helpdesk. Suppliers that are part of used shared service suppliers will need to establish how they deliver principles captured for a supplier to supplier solution.
For more information please follow the link to the relevant page on the SEC Website, or for any other queries please contact the SECAS helpdesk.
The table below shows the current status of SEC Parties.
SEC Parties and Accessions
| || |
| Current SEC Parties|| 221|
| Accession of new Parties to the SEC since last Newsletter || 3|
| Parties withdrawing from the SEC || 1|
| Expulsion of Parties from the SEC|| 0|
| Changes to SEC Panel Member employment status || 0|
A list of SEC Parties can be accessed on the SEC Website via the link provided.
Upcoming SEC Calendar Dates
The following meetings coming up over the next month are accessible via the Meeting Calendar on the SECAS Website.
| Date (2017)||Meetings and Events|
|10th May||SSC Meeting 30|
|12th May||SEC Panel Meeting 44|
|14th May||SSC Meeting 31|
|18th May||TABASC Meeting 18|
|18th May|| Spotlight on the SEC|
|26th May||SMKI PMA Meeting 35|
|31st May ||SEC Change Board 12|
We are on Twitter and LinkedIn. SECAS are using social media to provide links and other information organisations may find useful. Follow us to stay up to date with developments with the SEC.
2017 SECCo Ltd. All Rights Reserved.