Security has been at the heart of the design of the end-to-end Smart Metering System from the start of the Smart Metering Implementation Programme (SMIP). Considerable effort has been invested by the energy industry, with support from BEIS and NCSC, in designing security controls that protect the end-to-end ‘trust-based’ security architecture.
One piece of independent assurance is the compliance of smart metering equipment with a set of NCSC Commercial Product Assurance (CPA) Security Characteristics (SCs) agreed by industry and NCSC against which smart metering equipment is evaluated by independent, NCSC accredited Test Laboratories before being CPA certified by NCSC. Only equipment that has been CPA Certified can be included on the Central Product List (CPL) which allows DCC Users to communicate with the equipment.
Following a BEIS consultation, the SEC places the responsibility for maintaining the SCs with the SSC. In considering any SC Modification Requests, the SSC will follow the broad principles and processes of the SEC Modification process but will also involve non-SEC Parties in the review and impact analysis. The full methodology of to achieving modifications to the Security Characteristics can be found at the bottom of this page.
Any party such as a Device Manufacturer, test laboratory, Trade Body or SEC Party may propose a SC Modification Request. However, the SSC will expect such a Proposer to have obtained the support of one or more SEC Parties before progressing the SC Modification Request.
The Commercial Product Assurance Security Characteristics are not SEC documents, since NCSC retain overall responsibility for sign-off and publishing the CPA Security Characteristics.
The current version of the Security Characteristics, can be found on the NCSC website here