Security Characteristics Modifications »

Security Characteristics Modifications

Security is integral to the design of the end-to-end Smart Metering System. The energy industry, with support from the Department for Business, Energy and Industrial Strategy (BEIS) and the National Cyber Security Centre (NCSC), has designed security controls that protect the end-to-end ‘trust-based’ security architecture.

One piece of independent assurance is the compliance of smart metering equipment with a set of NCSC Commercial Product Assurance (CPA) Security Characteristics (SCs). Smart metering equipment is evaluated against these SCs by independent NCSC-accredited Test Laboratories, before being CPA certified by NCSC. Only equipment that has been CPA Certified can be included on the Central Product List (CPL), which allows DCC Users to communicate with the equipment.

Following a BEIS consultation, the SEC places the responsibility for maintaining the SCs with the Security Sub-Committee (SSC). In considering any SC Modification Requests, the SSC will follow the broad principles and processes of the SEC Modification process, and will also involve non-SEC Parties in the review and impact analysis. The full methodology of raising and implanting modifications to the Security Characteristics can be found at the bottom of this page.

Any party including a Device Manufacturer, test laboratory, Trade Body or SEC Party may propose a SC Modification Request. However, the SSC will expect the Proposer to have obtained the support of one or more SEC Parties before progressing the SC Modification Request.

The CPA SCs are not SEC documents, and the NCSC retains overall responsibility for sign-off and publication.

The current version of the Security Characteristics, can be found on the NCSC website here.

CPA Security Characteristics and Risk Review

SSC Guidance on Device Security Assurance and Triage

See main page here.