UK energy suppliers will be required to implement end-to-end security for their smart metering systems according to a new consultation for the Smart Metering Implementation Program.
The DECC (Department of Energy and Climate Change) is proposing a new licence condition to cover the period until the Data and Communications Company (DCC) begins providing services, where different arrangements will need to be in place.
The proposal in the consultation is that suppliers should take steps to ensure they are in compliance with ISO 27001:2005 – Information Technology – Security Techniques – Information Security Management Systems standard. The suppliers will need to conduct a risk assessment and design the end-to-end system to the required level. Ongoing risk assessments will need to be conducted to identify new threats. The suppliers will also have to have an annual security risk audit conducted by suitably qualified external specialists.
The second new consultation from DECC is focused on the information requirements for monitoring and evaluating the program. The Foundation Stage of the program that runs until 2014, monitoring and evaluation will assess the readiness for mass rollout and help to understand the requirements for consumer engagement to deliver benefits and inform an early review.
After the mass rollout is underway the monitoring will show progress, costs incurred and the delivery of benefits.
Towards the end of mass rollout the program’s overall success will be evaluated, with a comprehensive post implementation review planned around 2018/19.
The two consultations are open until July 27.