The development of smart energy grids is dramatically changing the energy grid as we know it today, and traditional energy services and markets are undergoing a significant transformation. Thanks to ICT, the grid of the future is becoming smarter to improve the reliability, security, and efficiency of the energy systems. This is done through information exchange, distributed generation, storage, and the active participation of the end consumer. Internet of Things (IoT) communication networks are already in use and enable modern energy services provided by grid operators and energy service companies.
With this increasingly connected environment comes the risk of vulnerabilities, which could affect the reliability of the energy system, and the trust of consumers. Therefore, securing the smart grid and the related communications systems is essential for a successful energy transition.
With smart meters being one of the key ICT components of the smart grid, ESMIG has actively contributed to the CEN-CENELEC-ETSI Coordination Group on Smart Meters to establish a harmonised European approach for the security of these devices.
As a first big success, back in 2019, the first set of harmonised requirements for security certification of smart meters in Europe, was developed by the CEN-CENELEC-ETSI Coordination Group for Smart Meters, with the support of the ESMIG.
These requirements, called the ‘Protection Profile’, were officially certified under Common Criteria by the Dutch certification body NSCIB.
This means that smart meter certification that is performed based on this Protection Profile, by any of the official certification bodies, will be recognised across the 17 European countries that have signed the SOG-IS agreement.
In addition to this, the Protection Profile has also been accepted by CEN-CENELEC as an official Technical Specification.
Currently, the SOG-IS agreement is being transferred into an official European certification framework (EUCC) by ENISA as required by the Cyber Security Act (CSA) of the European Commission. Once this framework is put into force it can be used to prove compliance with not only the CSA but also the Cyber Resilience Act (CRA) that is currently being developed.
Bringing a multitude of benefits, the recognition of the Protection Profile as an official framework will provide not only the basis of security certification for smart meters in Europe but allow Member States and regulators to hold smart meter vendors to a common set of requirements based on an industry standard. This will allow increased cross-border grid security, reduce the cost of certification, and accelerate digitalisation.
Ultimately, a European approach to certification avoids further fragmentation in the European market, decreases costs for end-users and supports the integration of smart meters into the smart grid. All crucial elements for a green and digital energy transition that brings tangible benefits for consumers.
Find a copy of the Protection Profile here.