Security is integral to the design of the end-to-end Smart Metering System. The energy industry, with support from the Department for Business, Energy and Industrial Strategy (BEIS) and the National Cyber Security Centre (NCSC), has designed security controls that protect the end-to-end ‘trust-based’ security architecture.
One piece of independent assurance is the compliance of smart metering equipment with a set of NCSC Commercial Product Assurance (CPA) Security Characteristics (SCs). Smart metering equipment is evaluated against these SCs by independent NCSC-accredited Test Laboratories, before being CPA certified by NCSC. Only equipment that has been CPA Certified can be included on the Central Product List (CPL), which allows DCC Users to communicate with the equipment.
Following a BEIS consultation, the SEC places the responsibility for maintaining the SCs with the Security Sub-Committee (SSC). In considering any SC Modification Requests, the SSC will follow the broad principles and processes of the SEC Modification process, and will also involve non-SEC Parties in the review and impact analysis. The full methodology of raising and implanting modifications to the Security Characteristics can be found at the bottom of this page.
Any party including a Device Manufacturer, test laboratory, Trade Body or SEC Party may propose a SC Modification Request. However, the SSC will expect the Proposer to have obtained the support of one or more SEC Parties before progressing the SC Modification Request.
The CPA SCs are not SEC documents, and the NCSC retains overall responsibility for sign-off and publication.
The current version of the Security Characteristics, can be found on the NCSC website here.
CPA Security Characteristics and Risk Review
- ESME CPA Security Characteristics V1.4
- GSME CPA Security Characteristics V1.4
- CH CPA Security Characteristics V1.4
- SAPC CPA Security Characteristics V1.3
- HCALCS CPA Security Characteristics V1.3
- Triage interface updates to GSME, ESME, & SAPC SCs and CPA Build Standard Extensions - CPA SC v2.1
- CPA SC Agreed Interpretations
- CPA Risk Review of Smart Metering Devices v1.0
SSC Guidance on Device Security Assurance and Triage
See main page here.
- SSC - SSC Guidance for Device Security Assurance and Triage - Part 1 v1.1
- SSC - SSC Guidance for Device Security Assurance and Triage - Part 2 v1.1
- SSC - SSC Guidance for Device Security Assurance and Triage - Part 3 (TSCF) - Section 1 v1.2
- SSC - SSC Guidance for Device Security Assurance and Triage - Part 3 (TSCF) - Section 2 v1.2
- SSC - SSC Guidance on applying for Approval of Trial Devices for Field Trials without CPA Certification v1.1