Embed Size (px)
Citation preview
Public and private partnership in certification
Willem Strabbing
Agenda
• The Smart Meters Coordination Group
• Smart Meter P&S requirements
• An European approach for security certification of products
1
The Smart Meters Coordination Group
SM-C
G a
cts
as a
dvis
ory
grou
p to
the
ESO
sH
elps
coo
rdin
ate
stan
dard
isat
ion
activ
ities
SMCG plenary
CEN NationalCommETSI CEER/ERGEGCENELEC EURELECTRICESMIG MARCOGAZFACOGAZ EUROGASAQUA WELMECCEN/CLC ANEC
IssuedmandateM/441towardsthe3ESO´s:
Founded:SmartMeteringCoordinationGrouptoassistthemandatedwork
SMCG Chair: Willem Strabbing
Accepted mandate and responsible for standards
Feeds back the results from its work
CEN TC294
CLC TC13
CLC TC205
ETSI M2M
SmartMeteringStandard-making
Individual members support work of the Task Forces
TF Use Cases
TF Glossary
TF P&S
Involves TC’s through 4 coordinating TC’s
2
Home Automation End Device
Metering End Device(E / G W H)MID requirements
Local Network Access Point (LNAP)
Neigbourhood Network Access Point (NNAP)
AMI Head End System
C
H1Meter communicationfunctions
DisplayMetrology
HA communication functions
Simpleexternal consumer
display
H3
Home automation functions
Additionalfunctions
M
C
G1
H2
G1
L
N
WAN NN LN
G2
C
ReferenceArchitecture
3
Deliverables of the SM-CG
Related to original task and the reference architecture• 6 main functionalities • A list if standards • A repository of Use Cases• A repository of technical requirements• A repository of Privacy and Security requirements
Latest work• Minimum security requirements• An inventory of security certification approaches
4
P&S requirements collection
• Collected security and privacy requirements 2013-2015 from several EU member states
• About 300 related to infrastructure
• About 425 related to organisation
• Large range in abstraction level
• Many similarities
5
Minimum security requirements
Objectives:• To assist member states that still have to define• To show the similarities• To have a basis for a EU certification approach
Process:• Focus on infrastructure requirements• Clustering according categories from Common
Criteria• Combine requirements that are similar and
mentioned by several MShttp://www.cencenelec.eu/standards/Sectors/SustainableEnergy/SmartMeters/Pages/default.aspx
6
Certification approaches
The SMCG Task Force evaluated those that are selected by:• UK: CPA
• France: CSPN
• Germany: CC
• USA: ISO/IEC 19790 (FIPS)
Common Criteria is mature, internationally accepted and includes a certification approach
7
One EU certification approach
• The current approaches for Smart Metering are not so very different and related to CC
• MS invent their own solution because there are only national solutions
• The price of certification ranges from 200k – 1000
• An example for other products in energy or other sectors• Similar to metrological certification based on MID• Increases trust in the product
8
Next steps
In ECSO:• WG1 – Standardisation / Certification
• WG3 – Vertical market applications
Develop a security certification approach through cPPP• Technical Community
» Multiple stakeholders related to energy market» IT security authorities» Test labs
• Basis level certification» Start with Essential Security Requirements» Similar to Metrological certification» Additional national evaluations
9
Challenges
• The EU target is 80% in 2020 - expected now is about 70%
• There will be “new generation” after 10 years - Italy andSweden are planning 2nd generation
• Countries will however develop their own certification approaches
• So we need to have a solution asap - if possible start preparations in 2017
10
ESMIG - Boulevard A. Reyers 80 - 1030 Brussels, BelgiumDDI: +32 (0)2 206 68 78 - [email protected]
www.esmig.euTwitter: ESMIG_EU
Thank you for your attention!
Willem StrabbingManaging Director, ESMIG
11
