BEST AVAILABLE TECHNIQUES REFERENCE … · Cyber-Security .....133 ... Firewall ... Data are...
Transcript of BEST AVAILABLE TECHNIQUES REFERENCE … · Cyber-Security .....133 ... Firewall ... Data are...
EUROPEAN COMMISSION
BEST AVAILABLE TECHNIQUES REFERENCE
DOCUMENT
for the cyber-security and privacy of the 10 minimum functional
requirements of the Smart Metering Systems
Date: 07/11/2016
Version: 5.0
Status: Final
Authors:
Smart-Grid Task Force Stakeholder
Forum
Edited by: P. Berends, M. John, N. Medeiros, S.
Petitcolas, W. Ton, W. Strabbing, D.
Johnson, F. Ennesser, A. M. Praden, H. J.
Jørgensen, I. Vakalis, I. Nai Fovino
Revised by: I. Nai Fovino (DG-JRC)
EU Classification UNCLASSIFIED
Page 2 of 211
Table of Contents
1. Executive Summary ................................................................................................... 9
2. Description of the Context ....................................................................................... 10
2.1. BAT definition and process ....................................................................................... 10
2.2. The Approach ............................................................................................................. 11
2.3. Overall structure ........................................................................................................ 12
2.4. Duration ...................................................................................................................... 12
3. Reference Model ...................................................................................................... 14
4. Minimum Functional Requirements ...................................................................... 17
4.1. Complementing Scenarios ......................................................................................... 20
5. Technical Evaluation Metrics for the selection of Best Available Techniques .... 24
5.1. Evaluation Framework .............................................................................................. 24
5.2. Dimensions to be evaluated ....................................................................................... 26
5.3. Criteria for dimension evaluation ............................................................................ 26 5.3.1. Cyber-Security Dimension.................................................................................................... 26 5.3.2. Privacy and Data protection Dimension ............................................................................... 31 5.3.3. Maturity and Upgradeability of Technique ........................................................................... 34 5.3.4. Impact of Technique towards Architecture ........................................................................... 35
5.4. Economic Estimation ................................................................................................. 36
6. Information Gathering and Clustering Process description ................................. 37
7. Techniques Clustering ............................................................................................. 40
8. Techniques in the context of the 10 Common Minimum functional requirements
52
9. Analysis of the techniques gathered for COMPONENT O* ................................. 54
9.1. Access Control ............................................................................................................ 54 9.1.1. Username/password or PIN .................................................................................................. 54
Evaluation of Use case 1, Consumer access ................................................................ 54 Cyber-Security ............................................................................................................ 54 Privacy and Data Protection ........................................................................................ 55 Maturity and Upgradeability of Technique ................................................................. 55 Impact of Technique towards Architecture ................................................................. 56 Ranking Summary ....................................................................................................... 57
(a) Password sent on the interface and verified on server side .............................................. 57 (b) Password stored and verified locally in tamper resistant module .................................... 58
Evaluation of Use cases 2 and 3 - User is not in control of data collected ................. 58 Cyber-Security ............................................................................................................ 58 Privacy and Data Protection ........................................................................................ 59
Maturity and Upgradeability of Technique ................................................................. 59 Impact of Technique towards Architecture ................................................................. 59 Ranking Summary ....................................................................................................... 60 Evaluation of Use cases 2 and 3 – User is in control of data collected ....................... 60 Cyber-Security ............................................................................................................ 60 Privacy and Data Protection ........................................................................................ 61 Maturity and Upgradeability of Technique ................................................................. 61 Impact of Technique towards Architecture ................................................................. 61 Ranking Summary ....................................................................................................... 62
Page 3 of 211
9.1.2. One-time password ............................................................................................................... 62 Evaluation of Use case 1 ............................................................................................. 63 Cyber-Security ............................................................................................................ 63 Privacy and Data Protection ........................................................................................ 63 Maturity and Upgradeability of Technique ................................................................. 64 Impact of Technique towards Architecture ................................................................. 64 Ranking Summary ....................................................................................................... 65 Evaluation of Use case 2, 3 ......................................................................................... 65
9.1.3. 2 factor authentication .......................................................................................................... 65 Evaluation of Use case 1 ............................................................................................. 66 Cyber-Security ............................................................................................................ 66 Privacy and Data Protection ........................................................................................ 66 Maturity and Upgradeability of Technique ................................................................. 67 Impact of Technique towards Architecture ................................................................. 67 Ranking Summary ....................................................................................................... 68
If authentication is performed locally without communication required:....................................... 68 Evaluation of Use case 2, 3 ......................................................................................... 69
9.1.4. Pre-shared secrets and TLS with client certificates .............................................................. 69 Evaluation of Use case 1 ............................................................................................. 69 Cyber-Security ............................................................................................................ 69 Privacy and Data Protection ........................................................................................ 70 Maturity and Upgradeability of Technique ................................................................. 70 Impact of Technique towards Architecture ................................................................. 71 Ranking Summary ....................................................................................................... 71 Evaluation of Use cases 2-3 ........................................................................................ 72 Ranking Summary ....................................................................................................... 73
Best case (high bandwidth network): ............................................................................................. 73
9.2. Cryptographic algorithms and modes ..................................................................... 74 Privacy and Data Protection ........................................................................................ 76 Maturity and Upgradeability of Technique ................................................................. 76
9.2.2. AES-GCM ............................................................................................................................ 77 Cyber-Security ............................................................................................................ 77 Impact of Technique towards Architecture ................................................................. 77 Ranking Summary ....................................................................................................... 78
9.2.1. AES-CBC ............................................................................................................................. 78 Cyber-Security ............................................................................................................ 78 Impact of Technique towards Architecture ................................................................. 79 Ranking Summary ....................................................................................................... 80
9.2.2. AES-CCM ............................................................................................................................. 80 Cyber-Security ............................................................................................................ 80 Impact of Technique towards Architecture ................................................................. 81 Ranking Summary ....................................................................................................... 82
9.2.3. AES-CMAC .......................................................................................................................... 82 Cyber-Security ............................................................................................................ 82 Impact of Technique towards Architecture ................................................................. 83 Ranking Summary ....................................................................................................... 83
9.2.4. AES-CTR .............................................................................................................................. 84 Cyber-Security ............................................................................................................ 84 Impact of Technique towards Architecture ................................................................. 84 Ranking Summary ....................................................................................................... 85
9.2.5. AES-ECB .............................................................................................................................. 85 Cyber-Security ............................................................................................................ 85 Impact of Technique towards Architecture ................................................................. 86 Ranking Summary ....................................................................................................... 87
9.2.6. SHA1 .................................................................................................................................... 87 Cyber-Security ............................................................................................................ 87 Maturity and Upgradeability of Technique ................................................................. 88 Impact of Technique towards Architecture ................................................................. 88 Ranking Summary ....................................................................................................... 89
Page 4 of 211
9.2.7. SHA2 .................................................................................................................................... 89 Cyber-Security ............................................................................................................ 89 Maturity and Upgradeability of Technique ................................................................. 90 Impact of Technique towards Architecture ................................................................. 90 Ranking Summary ....................................................................................................... 91
9.2.8. ECDH ................................................................................................................................... 91 Cyber-Security ............................................................................................................ 91 Maturity and Upgradeability of Technique ................................................................. 92 Impact of Technique towards Architecture ................................................................. 92 Ranking Summary ....................................................................................................... 93
9.2.9. ECDSA ................................................................................................................................. 93 Cyber-Security ............................................................................................................ 93 Maturity and Upgradeability of Technique ................................................................. 94 Impact of Technique towards Architecture ................................................................. 94 Ranking Summary ....................................................................................................... 95
9.3. Monitoring and alarming .......................................................................................... 95 9.3.1. Privacy and Data Protection .................................................................................................. 95 9.3.2. Switches ................................................................................................................................ 96
Evaluation ................................................................................................................... 96 Cyber-Security ............................................................................................................ 96 Maturity and Upgradeability of Technique ................................................................. 97 Impact of Technique towards Architecture ................................................................. 97 Ranking Summary ....................................................................................................... 97
9.3.3. Seals and other tamper evident techniques ........................................................................... 99 Cyber-Security ............................................................................................................ 99 Maturity and Upgradeability of Technique ............................................................... 100 Impact of Technique towards Architecture ............................................................... 100 Ranking Summary ..................................................................................................... 100
9.3.4. Magnetic field sensors ........................................................................................................ 102 Evaluation ................................................................................................................. 102
9.3.5. Power quality sensors ......................................................................................................... 102 Evaluation ................................................................................................................. 103
9.4. Time Synchronisation .............................................................................................. 103 9.4.1. Application specific protocols ............................................................................................ 103
Evaluation ................................................................................................................. 103
9.5. Security architecture ............................................................................................... 103 9.5.1. Unique keys ........................................................................................................................ 103
Cyber-Security .......................................................................................................... 103 Privacy and Data Protection ...................................................................................... 104 Maturity and Upgradeability of Technique ............................................................... 104 Impact of Technique towards Architecture ............................................................... 104 Ranking Summary ..................................................................................................... 105
9.5.2. Private location ................................................................................................................... 105 Evaluation ................................................................................................................. 106 Cyber-Security .......................................................................................................... 106 Privacy and Data Protection ...................................................................................... 106 Maturity and Upgradeability of Technique ............................................................... 107 Impact of Technique towards Architecture ............................................................... 107 Ranking Summary ..................................................................................................... 107
9.5.3. DLMS secure transport ....................................................................................................... 108 Evaluation: ................................................................................................................ 108 Cyber-Security .......................................................................................................... 108 Privacy and Data Protection ...................................................................................... 108 Maturity and Upgradeability of Technique ............................................................... 109 Impact of Technique towards Architecture ............................................................... 109 Ranking Summary ..................................................................................................... 110
9.5.4. Independent monitoring ...................................................................................................... 110 Cyber-Security .......................................................................................................... 110
Page 5 of 211
Privacy and Data Protection ...................................................................................... 111 Maturity and Upgradeability of Technique ............................................................... 111 Impact of Technique towards Architecture ............................................................... 111 Ranking Summary ..................................................................................................... 112
9.5.5. TLS secure transport ........................................................................................................... 113 Evaluation: ................................................................................................................ 113 Cyber-Security .......................................................................................................... 113 Privacy and Data Protection ...................................................................................... 113 Maturity and Upgradeability of Technique ............................................................... 114 Impact of Technique towards Architecture ............................................................... 114 Ranking Summary ..................................................................................................... 115
9.5.6. End-to-End Signing ............................................................................................................ 115 Cyber-Security .......................................................................................................... 116 Privacy and Data Protection ...................................................................................... 116 Maturity and Upgradeability of Technique ............................................................... 116 Impact of Technique towards Architecture ............................................................... 117 Ranking Summary ..................................................................................................... 117
9.5.7. Switching commands validated against the grid code (Grid Sensitive Operation) ............. 118 Cyber-Security .......................................................................................................... 119 Privacy and Data Protection ...................................................................................... 119 Maturity and Upgradeability of Technique ............................................................... 120 Impact of Technique towards Architecture ............................................................... 120 Ranking Summary ..................................................................................................... 121
9.6. Hardware Security ................................................................................................... 121 9.6.1. (Processor) hardening ......................................................................................................... 121
Evaluation ................................................................................................................. 122 Cyber-Security .......................................................................................................... 122 Maturity and Upgradeability of Technique ............................................................... 123 Ranking Summary ..................................................................................................... 124
4. Adjunction of programmable tamper resistant processor (e.g. SE: Secure Element) ..... 126 9.6.2. Physics security................................................................................................................... 126
10. Analysis of the techniques gathered for COMPONENT C* ........................... 127 10.1.1. ZigBee Smart Energy Profile ......................................................................................... 127
Cyber-Security .......................................................................................................... 127 Maturity and Upgradeability of Technique ............................................................... 127 Impact of Technique towards Architecture ............................................................... 128 Ranking Summary ..................................................................................................... 129
10.1.2. CMS ............................................................................................................................... 129 Cyber-Security .......................................................................................................... 130 Privacy and Data Protection ...................................................................................... 130 Maturity and Upgradeability of Technique ............................................................... 130 Impact of Technique towards Architecture ............................................................... 131 Ranking Summary ..................................................................................................... 132
10.1.3. M-Bus ............................................................................................................................ 133 Cyber-Security .......................................................................................................... 133 Maturity and Upgradeability of Technique ............................................................... 134 Impact of Technique towards Architecture ............................................................... 134 Ranking Summary ..................................................................................................... 135
10.1.4. DLMS ............................................................................................................................ 136 Cyber-Security .......................................................................................................... 136 Maturity and Upgradeability of Technique ............................................................... 136 Impact of Technique towards Architecture ............................................................... 137 Ranking Summary ..................................................................................................... 138
10.1.5. Dial in Whitelisting ........................................................................................................ 138 Cyber-Security .......................................................................................................... 138 Privacy and Data Protection ...................................................................................... 139 Maturity and Upgradeability of Technique ............................................................... 139 Ranking Summary ..................................................................................................... 140
10.1.6. LDAP ............................................................................................................................. 140
Page 6 of 211
Cyber-Security .......................................................................................................... 141 Privacy and Data Protection ...................................................................................... 141 Maturity and Upgradeability of Technique ............................................................... 141 Impact of Technique towards Architecture ............................................................... 142 Ranking Summary ..................................................................................................... 142
10.1.7. TACACS+...................................................................................................................... 143 Cyber-Security .......................................................................................................... 143 Privacy and Data Protection ...................................................................................... 143 Maturity and Upgradeability of Technique ............................................................... 143 Impact of Technique towards Architecture ............................................................... 144 Ranking Summary ..................................................................................................... 144
10.1.8. Firewall .......................................................................................................................... 145 Cyber-Security .......................................................................................................... 145 Privacy and Data Protection ...................................................................................... 145 Maturity and Upgradeability of Technique ............................................................... 146 Impact of Technique towards Architecture ............................................................... 146 Ranking Summary ..................................................................................................... 147
10.1.9. IDS/IPS .......................................................................................................................... 147 Cyber-Security .......................................................................................................... 147 Privacy and Data Protection ...................................................................................... 148 Maturity and Upgradeability of Technique ............................................................... 148 Impact of Technique towards Architecture ............................................................... 148 Ranking Summary ..................................................................................................... 149
10.1.10. Retention ........................................................................................................................ 149 Retention for data after the contract has ended ..................................................... 150
(a) Cyber-Security .................................................................................................................... 150 (b) Privacy and Data Protection ................................................................................................ 150 (c) Maturity and Upgradeability of Technique ......................................................................... 150 (d) Impact of Technique towards Architecture ......................................................................... 151 (e) Ranking Summary .............................................................................................................. 151
Retention for data stored locally in the meter ....................................................... 152 Meter readings and interval data are stored for the minimum and maximum lengths of time
required by the local legislation. Log data are also stored for the minimum and maximum times
defined by the local law. ............................................................................................................... 152 (a) Cyber-Security .................................................................................................................... 152 (b) Privacy and Data Protection ................................................................................................ 152 (c) Maturity and Upgradeability of Technique ......................................................................... 152 (d) Impact of Technique towards Architecture ......................................................................... 153 (e) Ranking Summary .............................................................................................................. 153
Reading and transmission frequency .................................................................... 154 Intervals and daily transmission to provide advance tariff. .......................................................... 154 (a) Cyber-Security .................................................................................................................... 154 (b) Privacy and Data Protection ................................................................................................ 154 (c) Maturity and Upgradeability of Technique ......................................................................... 155 (d) Impact of Technique towards the Architecture ................................................................... 155 (e) Ranking Summary .............................................................................................................. 155
Six bi-monthly values and 1 second for local interface ........................................ 155 (a) Cyber-Security .................................................................................................................... 155 (b) Privacy and Data Protection ................................................................................................ 156 (c) Maturity and Upgradeability of Technique ......................................................................... 156 (d) Impact of Technique towards Architecture ......................................................................... 156 (e) Ranking Summary .............................................................................................................. 156
10.1.11. Aggregation .................................................................................................................... 156 Data are aggregated for network planning purposes ............................................. 157
(a) Cyber-Security .................................................................................................................... 157 (b) Privacy and Data Protection ................................................................................................ 157 (c) Maturity and Upgradeability of Technique ......................................................................... 157 (d) Impact of Technique towards Architecture ......................................................................... 157 (e) Ranking Summary .............................................................................................................. 158
Data are aggregated and anonymized for statistic and scientific issues ................ 159
Page 7 of 211
(a) Cyber-Security .................................................................................................................... 159 (b) Privacy and Data Protection ................................................................................................ 159 (c) Maturity and Upgradeability of Technique ......................................................................... 159 (d) Impact of Technique towards Architecture ......................................................................... 159 (e) Ranking Summary .............................................................................................................. 159
10.1.12. Read Only Interface ....................................................................................................... 160 Meter is only accessible for read because of physical protection ......................... 160
(a) Cyber-Security .................................................................................................................... 160 (b) Privacy and Data Protection ................................................................................................ 160 (c) Maturity and Upgradeability of Technique ......................................................................... 161 (d) Impact of Technique towards Architecture ......................................................................... 161 (e) Ranking Summary .............................................................................................................. 161
Meter is only accessible for read because of logical protection (Operating System)
162 (a) Cyber-Security .................................................................................................................... 162 (b) Privacy and Data Protection ................................................................................................ 162 (c) Maturity and Upgradeability of Technique ......................................................................... 162 (d) Impact of Technique towards Architecture ......................................................................... 163 (e) Ranking Summary .............................................................................................................. 163
11. Analysis of the techniques gathered for COMPONENT P* ............................ 164 11.1.1. Network segregation ...................................................................................................... 164
Cyber-Security .......................................................................................................... 164 Privacy and Data Protection ...................................................................................... 165 Maturity and Upgradeability of Technique ............................................................... 165 Impact of Technique towards Architecture ............................................................... 165 Ranking Summary ..................................................................................................... 166
11.1.2. Firmware update ............................................................................................................ 166 Cyber-Security .......................................................................................................... 167 Privacy and Data Protection ...................................................................................... 168 Maturity and Upgradeability of Technique ............................................................... 168 Impact of Technique towards Architecture ............................................................... 168 Ranking Summary ..................................................................................................... 169
11.1.3. Aggregation .................................................................................................................... 169 Cyber-Security .......................................................................................................... 170 Privacy and Data Protection ...................................................................................... 170 Maturity and Upgradeability of Technique ............................................................... 171 Impact of Technique towards Architecture ............................................................... 171 Ranking Summary ..................................................................................................... 171
11.1.4. SIEM .............................................................................................................................. 173 Cyber-Security .......................................................................................................... 173 Privacy and Data Protection ...................................................................................... 174 Maturity and Upgradeability of Technique ............................................................... 174 Impact of Technique towards Architecture ............................................................... 174 Ranking Summary ..................................................................................................... 175
11.1.5. Multi-factor authentication ............................................................................................. 176 Cyber-Security .......................................................................................................... 176 Privacy and Data Protection ...................................................................................... 176 Maturity and Upgradeability of Technique ............................................................... 177 Impact of Technique towards Architecture ............................................................... 177 Ranking Summary ..................................................................................................... 178
11.1.6. One-time password (OTP) ............................................................................................. 178 Cyber-Security .......................................................................................................... 179 Privacy and Data Protection ...................................................................................... 179 Maturity and Upgradeability of Technique ............................................................... 180 Impact of Technique towards Architecture ............................................................... 180 Ranking Summary ..................................................................................................... 181
11.1.7. Whitelisting .................................................................................................................... 181 Cyber-Security .......................................................................................................... 181 Privacy and Data Protection ...................................................................................... 182
Page 8 of 211
Maturity and Upgradeability of Technique ............................................................... 182 Impact of Technique towards Architecture ............................................................... 182 Ranking Summary ..................................................................................................... 183
11.1.8. VPN ............................................................................................................................... 184 Cyber-Security .......................................................................................................... 184 Privacy and Data Protection ...................................................................................... 184 Maturity and Upgradeability of Technique ............................................................... 185 Impact of Technique towards Architecture ............................................................... 185 Ranking Summary ..................................................................................................... 186
11.1.9. Manufacturer – customer key exchange ......................................................................... 186 Cyber-Security .......................................................................................................... 187 Privacy and Data Protection ...................................................................................... 187 Maturity and Upgradeability of Technique ............................................................... 188 Impact of Technique towards Architecture ............................................................... 188 Ranking Summary ..................................................................................................... 189
11.1.10. PKI ................................................................................................................................. 189 Cyber-Security ...................................................................................................... 189 Privacy and Data Protection ................................................................................. 190 Maturity and Upgradeability of Technique .......................................................... 190 Impact of Technique towards Architecture .......................................................... 190 Ranking Summary ................................................................................................ 191
12. BAT Ranking Summary .................................................................................... 192
12.1. Validity of techniques for Cyber Security ............................................................. 192
12.2. Validity of techniques for Privacy & Data Protection .......................................... 195
12.3. Evaluation of techniques for Maturity, Upgradability and Architectural impact
196
12.4. Summary of evaluation ratings of applicable and selected techniques per
component or Use Case ........................................................................................................ 199
12.5. Applicable techniques per component ................................................................... 202
13. Analysis of the Switch On/Switch Off functional requirement cyber-security 204
14. Conclusions and Recommendations ................................................................. 206
14.1. Structure ................................................................................................................... 206
14.2. Common minimum functionalities ......................................................................... 206
14.3. Approach .................................................................................................................. 206
14.4. Findings & conclusions ............................................................................................ 207
14.5. Quantum computing threats and recommendations ............................................ 208
14.6. Recommendations .................................................................................................... 209
14.7. Future work .............................................................................................................. 210
Page 9 of 211
1. EXECUTIVE SUMMARY
The Commission Recommendation 2012/148/EU on preparations for the roll-out of smart
metering systems states that, “in order to mitigate the risks on personal data and security,
Member States, in collaboration with industry, the Commission and other stakeholders,
should support the determination of best available techniques for each common minimum
functional requirement listed in point 42 of the Recommendation”.
To answer to this need, the Smart-Grid Task Force launched in October 2014 an initiative
aiming at conducting a first Best Available Technique assessment process relying on the
contributions of an ad-hoc created Stakeholder Forum (SF).
Security and privacy are end-to-end characteristics covering systems, processes and
people. This document, through the application of the evaluation framework adopted by
the stakeholder forum in 2015, focuses specifically on the evaluation of the techniques,
gathered during the BAT data collection phase ended in spring 2016, used today to ensure
privacy and cyber-security in smart-metering systems with respect to the 10 minimum
functional requirements described in the Recommendation 2012/148/EU1 and in alignment
with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
The document is the result of the collegial work of the SF Technical Editorial Group, and
must be intended as an instrument to facilitate the SF final evaluation of the techniques.
1 Commission Recommendation of 9 March 2012 on preparations for the roll-out of smart metering
systems (2012/148/EU)
http://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32012H0148&from=EN
Page 10 of 211
2. DESCRIPTION OF THE CONTEXT
The Commission Recommendation of 9th March 2012 on preparations for the roll-out of
smart metering systems (number 2012/148/EU), defines a set of minimum functional
requirements that every smart metering system should fulfil, taking into consideration in
particular aspects regarding:
The customer
The metering operator
The commercial aspects of the energy supply
Security and data protection
Distributed generation
The Recommendation states that, “in order to mitigate the risks on personal data and
security, Member States, in collaboration with industry, the Commission and other
stakeholders, should support the determination of best available techniques for each
common minimum functional requirement listed in point 42 of the Recommendation”.
2.1. BAT definition and process
In analogy to what is prescribed in Directive 2010/75/EU, an exchange of information
between the Commission and the Member States, the industries concerned, and non-
governmental organisations promoting the roll-out of smart metering systems is organized
through a BAT reference document (hereafter "BREF") and the process leading to its
preparation.
The exchange of information shall, in particular, address the following:
(a) The reference conditions and impact on consumption, reading, control,
involvement of third parties in relation to privacy and cybersecurity
issues;
(b) The techniques used, associated monitoring of effectiveness, economic
and technical viability and developments therein;
(c) The best available techniques and emerging techniques identified after
considering the aspects mentioned in points (a) and (b).
As defined in Recommendation 2012/148/EU, ‘best available techniques’ refer to the most
effective and advanced stage in the development of activities and their methods of
operation, which indicates the practical suitability of particular techniques for providing
the basis for complying with the EU data protection framework. They are designed to
prevent or mitigate risks to privacy, personal data and security.
The aim of a BREF is to determine BATs and to limit imbalances in the European Union
(EU) regarding the roll-out of smart metering systems. BREFs should provide information
to the competent authorities of Member States, industrial operators, the Commission and
Page 11 of 211
the public at large. The process of determining BATs and emerging techniques should be
transparent and objective based on sound technical and economic information.
To serve its main aim, the content of the BREF should be limited to the relevant
information. A BREF is not meant to be a textbook on techniques to organize smart
metering. It is essential that the BREF provides information on the main techniques that
were considered by the technical editorial group (TEG) and on the grounds for the BAT
conclusions reached by the TWG.
2.2. The Approach
A successful BAT process strongly relies on reaching a wide consensus among the
stakeholders involved in the process.
To reach such an objective this project will leverage on the already existing Smart-Grid
Task Force and in particular on one of its Expert Groups (EG), the EG2 Working Group.
More in details:
The Stakeholder Forum (SF) foreseen by the BAT process is composed of
the current EG2 WG. The SF is in charge of the validation and approval of the
selected techniques and will act as a facilitator in the activities related to the
collection of the needed technical information.
The Technical Editorial Group (TEG) is composed of 5 experts. These
experts will be in charge of elaborating the documents that will be used to
support the BAT process. The TEG experts are chosen by DG-ENER and DG-
JRC from a list of candidates proposed by the SF on the basis of the needs of
each work-package of the BAT process.
The DG-JRC Smart-meter team (JRC-SMT) will be in charge of
supervising the project and providing support to the TEG.
DG-ENER will co-chair the supervision of the project together with DG-JRC
and will act as facilitator during the creation of the Stakeholder Forum.
Figure 1 provides a high-level description of the process which will be adopted to select
the best available techniques.
Page 12 of 211
Setup of the Stackeholder
Forum
First SF meeting: Terms of
reference definition
TEG creation
Selection process definition
Periodic (monthly)
Online TEG meetings
Physical TEG meetings (every two months)
Off-line Analysis
and Selection activities
SF Meeting every 4 months to endors the TEG activity
Final BAT draft
SF final endorsment
Best Available Techniques
Intermediate analysis and validation steps
Figure 1: BAT selection process
2.3. Overall structure
The overall BAT process is broken down into the following specific work packages:
WP1 – Metrics and Selection Criteria
WP2 – Techniques’ Inventory and Mapping
WP3 – Analysis of the techniques
WP4 – Selection and Validation
WP5 – Coordination
WP1 and WP2 have been already executed while WP3 is presented in this document
2.4. Duration
Figure 3 provides an overview of the project’s evolution with respect to the work-packages
presented in Section 3.
The total duration of the project will be 24 months, starting from the first Stakeholder
Forum meeting. The setup of the forum, which should be performed under the
responsibility of DG-ENER prior of the project’ kick-off, is not accounted into the
computation of the project duration.
Figure 3 provides an overview of the timeframe of the BAT process.
Page 14 of 211
3. REFERENCE MODEL
As stated in the previous section, the BAT process aims at identifying the most
suitable techniques to increase the level of cyber-security and privacy of smart-
metering systems with respect to the 10 minimum functional requirements of COM
2012/148/EU.
In this context, it is important to define exactly the boundaries within a technique
should be considered for evaluation or not. The first step is obviously that of
identifying what should be considered as part of the smart-metering system and what
will be instead considered as outside the scope of the BAT process.
To answer this first question, in this section, a general introduction to the smart
metering architecture, focussing on the consumer side of the system, is provided.
Metrology DisplayAdditional functions
MID requirements
Meter Communication Functions
Simple external
consumer display
H1
Local Network Access Point (LNAP)
Neighbourhood Network Access Point (NNAP)
AMI Head End System
HA Communication Functions
Home Automation Functions
WAN NN LN
G1 C M
C C
G2
H2 H3L
N
G1
I
Figure 4: M/441 Reference Architecture
This introduction is intended as explanatory material to provide to all the readers (included
non-technical readers) a common background and jargon. As agreed during the second
Stakeholder Forum meeting, the M/441 smart-metering system reference architecture has
been adopted as the basis for the reference model which will be adopted for the BAT
process (see Fig. 4). It will be used to evaluate if a given technique should be assessed as
part of the smart-metering system or if it should be ignored in this report on the grounds
that it is used for another part of the more general smart-grid eco-system and is thus out of
scope.
Page 15 of 211
From a cyber-security perspective, it is important to understand the meaning of the
different interfaces presented in Figure 4. Below a brief overview is provided:
- G: The G interface can be defined with several profiles (e.g. G1 and G2), depending
on the physical network architecture being used. The G1 / G2 interfaces are used
to connect the meters LNAPs and NNAPs directly with an AMI HES.
- C: it is used to connect LNAPs and / or metering end devices to an NNAP
- M: this interface can be found between the communications function of the meter
and the LNAP or between metering end devices;
- H: the H interfaces are known also as “display and home automation end device
interfaces”. The H1 interface connects a metering end device to an external
consumer display. H2 connects an LNAP while H3 interface connects an NNAP
with external devices (e.g. advanced display functionality).
- L: it is an interface allowing to connect an LNAP to peer LNAPs.
- N: it allows to connect an NNAP to others NNAPs.
Some of the 10 minimum functionalities can have realisations that go beyond the
M/441 reference architecture, for example, an online platform provided by a 3rd party
or a supplier that provides meter readings to the consumer. For that reason, the model
is partly extended and partly simplified (as in this early stage, the details of all the
intermediate networks are less relevant).
Again, it is important to understand that it will be used as a discerning factor to
discriminate between what is in scope (i.e. what will be analysed) and what is out of
scope (i.e. techniques which should be analysed somewhere else).
The technical details about the reference model are not relevant at this stage, as they
will be elaborated later during the WP2 (information gathering) and WP3 (analysis)
phases.
Page 16 of 211
Figure 5: Schematic smart metering architecture.
The diagram in Figure 5 provides an overview of the relevant elements which will be
included in the reference architecture. It includes the elements from the M/441 plus
additional elements showing the entities involved in providing the ten minimum functional
requirements.
Page 17 of 211
4. MINIMUM FUNCTIONAL REQUIREMENTS
In this section, a map between the minimum functional requirements in the EU
Recommendation 2012/148/EU2 and the reference architecture presented in the previous
section is provided, elaborating on the impact surface of each requirement on the reference
architecture and on the existing dependencies among the requirements.
The list of Minimum Functional Requirements:
In the table above the term “readings” is defined as in the European Commission
Recommendation 2012/148/EU.
In the following, each of the requirements in the Commission’s overview of common
minimum functionalities is briefly described. However, specific use cases such as those
produced by SM-CG provide a more detailed and complete analysis of requirements,
which in turn affects the architecture adopted in individual deployments.
2EUROPEAN COMMISSION RECOMMENDATION of 9 March 2012 on preparations for the roll-out of smart metering systems (2012/148/EU) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2012:073:0009:0022:EN:PDF
1. Provide readings directly to the consumer and any third party
designated by the consumer
2. Update the readings referred to in point 1 frequently enough to allow
the information to be used to achieve energy savings
3. Allow remote reading of meters by the operator.
4. Provide two-way communication between the smart metering system
and external networks for maintenance and control of the metering
system
5. Allow readings to be taken frequently enough for the information to be
used for network planning
6. Support advanced tariff systems.
7. Allow remote on/off control of the supply and/or flow or power
limitation
8. Provide secure data communications
9. Fraud prevention and detection
10. Provide import/export and reactive metering
Page 18 of 211
- Functional Requirement 1 – Provide readings directly to the consumer and
any third party designated by the consumer: Readings to the consumer can be
provided within his own premises via the smart meter display, via an HAN interface
with or without a Visual Display Unit, or remotely through different channels (web
portal, mobile applications, paper communications, file downloads or sending).
Beyond the proportionate contractual obligations for billing and network
management, mechanisms should also allow consumers to grant access to third
parties to their data through the entitled data management entity (Meter Operator
or another party), for example for consumption analysis and comparison of
suppliers.
- Functional Requirement 2 – Update the readings referred to in point 1
frequently enough to allow the information to be used to achieve energy
savings: Rapid and detailed feedback can help the consumer to save energy by
showing the impact of his behaviour on energy consumption and on derived values
like money and CO2 emission.
- Functional Requirement 3- Allow remote reading of the meters by the
operator: the meter operator ought to be able to remotely read the meters,
including measurements, events, and calculated values; privacy consideration may
apply restricting collection of specific data sets, or restraining the granularity of
certain data sets.
Remote reading might fall into 3 categories:
o The scheduled readings which are sent periodically to the meter operator
o ‘Ad hoc’ or on-demand readings. The latter are needed when a consumer
moves out or when he changes supplier. The readings at that moment must
be captured to generate an accurate final bill.
o Alarms, which are sent unscheduled when a preconfigured event such as a
power fail or a fraud attempt occurs.
- Functional Requirement 4 - Provide two-way communication between the
smart metering system and external networks for maintenance and control of
the metering system: The main flow of information is one-way, from consumer
to supplier. For special cases a flow in the other direction is required, for example:
o To synchronize the meter’s internal clock
o To update to the tariff tables, the switching tables and the calendar
o To update the meter’s firmware
o To support configuration changes like adding and removing
communication links to other meters
o Credit top-up for pre-payment meters
o Ad-hoc control operations and readings
Page 19 of 211
o Emergency or DSR signals sent by TSO, DSO or 3rd parties
These operations can be unicast or broadcast.
It is worth noting that these operations require a high level of privacy and security
protection, preventing intrusion, hacking, or data theft.
- Functional Requirement 5 - Allow readings to be taken frequently enough for
the information to be used for network planning: Detailed meter readings
obtained from a subset of consumers based upon prior consent can be used to
generate load profiles. Load profiles are models of actual power consumption
patterns and are commonly used for tariff design and system operation planning.
- Functional Requirement 6 - Support advanced tariff systems: In addition to the
single or dual tariffs of mechanical meters, smart meters can also offer more
advanced tariff models, for example, more groups, peak and/or threshold tariffs
and pre-payment with remote top-up.
- Functional Requirement 7 - Allow remote on/off control of the supply and/or
flow or power limitation: To avoid losses for the supplier and the DSO, the supply
of energy can be limited or completely cut off if the consumer does not pay the bill.
Not all meters have this capability, as it makes the device more expensive and it
might be able to be misused e.g. to trigger widespread switch-off.
- Functional Requirement 8 - Provide secure data communications:
Consumption data is considered ‘personal information’ when this data is related to
an identified or identifiable natural person and must be protected for privacy
reasons. The integrity of the data must be protected to prevent fraud and misuse
(see the previous and the next paragraph)
- Functional Requirement 9 - Fraud prevention and detection: As energy costs
money, there is an economic motivation to attempt to defraud the supplier. The
basic protection relies on physical measures like tamper evident seals and
plausibility checks in the MDMS. In addition, smart meters can provide a real-time
alarm, for example, if the meter case is opened or if unusual operating conditions
like a very strong magnetic field are detected.
- Functional Requirement 10 - Provide import/export and reactive metering: The sensors in a smart meter allow measuring and tariffing of energy in all 4
quadrants. In some member states meters are often equipped with a subset of
quadrants according to the type of consumer:
- A+ for typical household consumers only consuming electricity
- A+/A- for household prosumers
- A- for feed-in of electricity (in some member states the RES-support
scheme requires a separate meter for feed in)
Page 20 of 211
- All 4 quadrants including R+/R- for industrial consumers or for sensors
used by the DSO for monitoring the state of the network for operational
purposes
o Explanation: A+ is the common term for active energy consumed
o A- is active energy delivered to the network
o R+ and R- is the reactive energy, where + and – distinguish between a phase
shift of + or – 90 degrees.
The main use case for a consumer is a rapid and detailed feedback on his energy
consumption. For a network operator, the main use case is measurements that support
network planning. The use cases for an energy supplier are mostly related to tariffing and
billing.
It is important to underline that the functional requirements are not totally independent;
For example, several requirements rely on secure communication, as communication is
the core of the smart grid; remote control relies on the presence of 2-way
communication. Readings for the consumer may not require secure communication
when data is available locally on the consumer premises. On the other hand, remote
readings always require secure communication.
Going on with this reasoning, frequent readings may be of interest for network planning
or for consumer energy reduction. It overlaps with readings for the consumer
(requirement 2) and secure communication (requirement 5).
Advanced tariffs could require frequent reading, remote control for ‘local load
shedding’ and 2-way communication for dynamic tariffs.
An extension of the advanced tariffs is the separate billing of import, export and
reactive energy.
4.1. Complementing Scenarios
Following the European Commission Standardisation Mandate M/441 standardisation
mandate to CEN, CENELEC and ETSI in the field of measuring instruments for the
development of an open architecture for utility meters involving communication protocols
enabling interoperability, the ETSI TR 102 691 technical report presents a set of 6 main
functionalities (or use cases), which can be considered complementary to the 10 minimum
functionalities mentioned in the EU Recommendation 2012/148/EU [3]. For sake of
completeness they are reported in the following.
The M/441 functionalities regarding the smart-metering system are the following:
- Remote reading of metrological register(s) and provision to designated market
organisation(s)
- Two-way communication between the metering system and designated market
organisation(s)
Page 21 of 211
- Meter supporting advanced tariffing and payment systems
- Meter allowing remote disablement and enablement of supply
- Communicating with (and where appropriate directly controlling) individual
devices within the home/building
- Meter providing information via a portal/gateway to an in-home/building display
or auxiliary equipment
In Table 1 we present a mapping between the “Commission’s 10 common minimum
functional requirements” and the “primary” use cases from the “Smart Meters Co-
ordination Group – 2 Smart Metering Use Cases”, deriving from the six additional
functionalities identified by the SMCG. This broadens the scope of the analysis and takes
advantage of the work done by each organization.
In the “Requirement” column, only the ‘primary’ requirements are shown, while
supporting techniques like for example ‘secure communication’ are omitted for clarity.
The clusters ‘Billing’ and ‘Consumer Information’ map the most closely to the 10
requirements.
Page 22 of 211
Table 1 Mapping of the SMCG use cases (ANNEX III 8) to the 10 minimum functional requirements.
Cluster Primary Use Case Minimum Functional
Requirement
Billing BI.01. Allow remote reading of
meters on demand
Allow remote reading of meters
by the operator
BI.02. Allow scheduled meter
reading of meters
BI.03. Set billing parameters
Billing parameters include:
- Payment mode
- Tariff scheme
- Prices
- Thresholds and response
actions
- Data sets
Support advanced tariff systems.
Provide import/export and
reactive metering
Provide two-way communication
BI.04. Add credit3 Not covered
BI.05. Execute supply control Allow remote on/off control of
the supply and/or flow or power
limitation
Customer information
provision
CI.01. Provide information to
consumer
Update the readings frequently
enough to allow the information
to be used to achieve energy
savings
Provide readings directly to the
customer
Configure events, statuses and
actions
ESA.01. Configure meter events
and actions
Provide two-way communication
ESA.02. Manage events
ESA.03. Retrieve AMI
component information
Allow remote reading of meters
by the operator
ESA.04. Check device
availability
Installation & configuration INCO.01. AMI component
discovery & communication
setup
Provide two-way communication
Page 23 of 211
INCO.02. Clock synchronization
INCO.03.Configure AMI device
This includes:
- Configuring, parameterizing,
adjusting the Smart
Meter/LNAP/NNAP
- Setting operating mode for
disconnect switch / valve
- Enabling / disabling
disconnection
- Loading new software /
firmware
- - Reloading or activation of
previous software / firmware
INCO.04. Manage security
material
Energy market events ME.01. Manage consumer
(customer?)↓ moving in
Allow remote readings of meters
on demand
Allow readings to be taken
frequently enough for the
information to be used for
network planning
ME.02. Manage customer
moving out
ME.03. Manage customer gained
ME.04. Manage customer lost
Collect AMI events and status
information
MSQ.01. Manage supply quality Allow remote reading of meters
by the operator. (these are the
spontaneously sent ‘alarms’)
Secondary Use case SU1. Write information Provide two-way communication
SU2: Invoke an action
SU3. Read meter Allow remote reading of meters
by the operator
SU4. Report event
3 Not covered by the 10 minimal functionalities
Page 24 of 211
5. TECHNICAL EVALUATION METRICS FOR THE SELECTION OF BEST AVAILABLE
TECHNIQUES
The main objective of WP1 is to define a coherent and reliable evaluation methodology to
be used in WP3 to identify the Best Available Techniques related to the 10 minimum
functional requirements. For an objective comparison of each suggested technique, three
elements need to be defined:
1. The dimensions to be evaluated
2. The criteria to be taken into consideration for each dimension
3. A framework allowing to derive an evaluation among the techniques combining
the specific evaluation of each of the identified dimensions and criteria
The reason is that the BAT process foresees taking into consideration “available
techniques”, i.e. techniques that are already implemented in the field or ready for the
market. These techniques must be by definition compliant with data protection regulations.
5.1. Evaluation Framework
The objective of the evaluation framework is to enable the comparison of specific
techniques. To support the comparison, a metric scheme is defined to score a particular
technique. For this, the metric is categorized by different dimensions as per chapter 5.2.
Furthermore, each dimension is consists of specific criteria. The structure of the metric is
outlined in the following scheme:
Figure 6: Structure of the metric for assessing techniques
Metric
o Dimension 1
Criterion 1.1
Criterion 1.2
…
Criterion 1.n
o Dimension 2
Criterion 2.1
Criterion 2.2
…
Criterion 2.m
o Dimension …
Page 25 of 211
For each criterion, the individual technique is assigned points from 0 – 2. Those points
shall be awarded to rank the efficiency or effectiveness of the technique in for this specific
criterion. Assigning “0” points shall represent the lowest score (not effective), “2” shall be
the highest score (very effective), “1” represents a moderate effectiveness (applicable, but
with drawbacks). In some cases, the metrics will only be scored “0” or “2”, since the
judgement of a criteria might be only binary.
Furthermore, it is deemed necessary to introduce a disqualification score of a criterion
(e.g., techniques that violate privacy or security principles) and therefore should not been
considered as a candidate for a BAT. In this case there should be a reasoned and well-
argued justification, given that it leads to the exclusion of techniques that have been
suggested by the Stakeholder Forum. There also should be an agreement among those
applying the framework about the disqualification of any specific technique.
Hereinafter there is a description of the mathematical composition of the metric scoring
mechanism.
The set of criteria in a dimension Di shall be noted as Ci. The cardinality of the set Ci is
noted as |Ci|. Scores given for a particular criterion j of the dimension Di shall be noted as
cij.
The sum of all criteria scores of a dimension Di shall be noted as di:
𝑑𝑖 = ∑ 𝑐𝑖𝑗
𝑗
; 𝑐𝑖𝑗 ∈ {0,1,2}
There may be cases where the evaluation of a given criterion is not appropriate for a
technique. If so considered, the decision should be clearly justified. In this case the set Ci
will not take into consideration this particular criterion.
It has been agreed upon that all dimensions are equally relevant and thus are weighted
equally. As it will be described later, different dimensions might be evaluated through a
different number of criteria. There is then a need for a normalisation process. To ensure
this, a weight for every dimension is introduced.
The weight for a dimension Di shall be noted as wi.
For each dimension Di with the criteria set Ci assigned, the weight wi of this dimension is
defined as the reciprocal of the cardinality of the criteria set.
𝑤𝑖 =1
|𝐶𝑖|
After the ranking process, the sum of all awarded points per dimension, with the exception
of the Financial Impact, represents the overall metric m1.
The metric m1 to score a technique is defined as:
Page 26 of 211
𝑚1 = ∑(𝑤𝑖 ∗ 𝑑𝑖)𝑖
The m1 ranking of a technique will allow a decision that a technique provides an efficient
solution in a given dimension, but has shortcomings in other dimensions. The metric m1
is indeed a metric ranking the ability of a technique to mitigate the risk on personal data
and security.
In the following section, the dimensions and criteria to rank under a technical perspective
are presented.
It is recognised however that information on the cost/economic impact of a given technique
would be valuable to complete the picture. Section 6 provides details on this subject.
5.2. Dimensions to be evaluated
The metrics to evaluate the techniques are aggregated into the following dimensions:
- Cyber-security: This dimension ranks the level of security the technique would add.
In other words, it will be used to evaluate if the technique is considered state-of-
the art in the security domain or would have with shortcomings.
- Privacy and Data Protection: This dimension ranks the level of privacy the
technique would add. This is judging if the technique is considered state-of-the art
in the privacy domain or would have with shortcomings.
- Maturity and Upgradeability of Technique: This dimension ranks the technique in
respect of its maturity and its ability to be upgraded easily. It judge if this is a novel
technique or is it already implemented in standards and proven to work in larger
deployments.
- Impact of Technique towards Architecture: This dimension ranks the technique
towards the impact of a given architectural design and considered services. This
shall judge if the technique can be implemented in current Smart Meter
architectures or if amendments would be required. Furthermore, aspects related to
system performance and manageability shall be considered under this dimension.
5.3. Criteria for dimension evaluation
This section provides, for each of the dimensions presented in section 5.2, the criteria that
should be taken into account to assess how good a technique is with respect to a given
dimension. It provides guidance for the ranking process, where, for each dimension, a table
is presented detailing what should be taken into consideration for the evaluation (column
“measurements”) and what rank should be given accordingly (column “ranking points”).
5.3.1. Cyber-Security Dimension
For the evaluation and comparison of a number of different technologies, it is important to
ensure that the approach addresses cyber-security aspects.
Page 27 of 211
The Cyber-security dimension can be analysed by taking into consideration the following
8 criteria: confidentiality, availability, integrity, access to key material, integrity of key
material, authentication, auditing/logging, non-repudiation.
This analysis needs to be conducted on a per-architecture basis. For this, different Smart
Meter architectures need to be clustered first. The evaluation for a particular metric will be
performed per architecture cluster. Next follows a description for each of the identified
cyber-security criteria:
- Confidentiality
Confidentiality is the extent in which a particular resource or item is available
exclusively to authorized and legitimate users. This criterion measures how much
the techniques will guarantee the confidentiality of data. Different mechanisms can
address this goal depending on how the data will be transported and where those
data will be stored. For example, techniques based on central processing and
storage have to implement encryption mechanisms for data transport but also for
data storage.
- Access to Key Material
This criterion measures how much the techniques will guarantee confidentiality of
key-material that is locally stored in the Smart-meter (if the assessed technique
requires the use of key-material).
Different mechanisms can address this goal depending on how the data will be
transported and where those data will be stored. If the key materials are not
correctly protected, whatever the cryptographic algorithm used, the confidentiality
will not be ensured. For this reason it is important to take care and evaluate this
aspect, which, if neglected, might impact the overall security chain.
- Availability
Availability is the extent to which a resource or application is accessible and
operable whenever a user or machine intends to access it. This criterion measures
how much the techniques under analysis will guarantee availability of the smart
metering system. This criterion will be evaluated by analysing how the techniques
implement protections against cyber-attacks (for example denial of service) aiming
at impacting on the availability of the service.
- Integrity
Integrity is the extent to which a particular resource or application maintains its
intended functions through time, free from unauthorized manipulation, intentional
or accidental. It also involves maintaining the consistency, accuracy, and
trustworthiness of data over its life cycle.
This criterion will be used to evaluate if a given technique implements some
integrity control on data collected and sent by the smart metering system and on
the smart metering system itself. The ranking points will be evaluated by analysing
data integrity control mechanism and its compliance to the state of the art.
Page 28 of 211
- Integrity of Key Material
This criterion measures how much the techniques will guarantee the integrity of
key-material locally stored in the smart-meter (if the assessed technique implies the
use of key-material).
If the key materials are not protected against integrity attacks, they might be
substituted or modified and whatever the cryptographic algorithm used, the system
security will be heavily impacted
- Authentication
It is the extent in which a particular resource or application can only be accesses
and operated by an authorized legitimate user. It also consists of keeping the origin
of data accountable over its life cycle.
This criterion will be used to evaluate if the technique implements entity
authentication mechanisms between the smart meter and the smart metering
system. Authentication will evaluated regarding authentication mechanism
specification. Techniques that implement a challenge-response mutual
authentication will better rank than techniques that just implement authentication
(one way authentication).
- Auditing/logging
It is the extent in which a particular resource or application have the required
mechanisms to support audits and forensics.
This criterion will be used to evaluate if a technique implements auditing and
logging ofunauthorised access, denial of service and more generally, cyber-attacks.
The auditing and logging capability can be used, in given scenarios, as a fraud
detection capability that could have an impact on the time of intervention and then
recovery after a fraud/attack. Evaluation of this criterion must also address auditing
and logging solutions for data storage and communications.
- Non-Repudiation
It is the extent in which a user cannot deny or renounce the access and operation
of a resource or application. This criterion will be used to evaluate if a technique
implements non-repudiation mechanisms.
In the following table, for each criteria is made explicit the way in which the evaluation
is done.
Criteria Measurement Ranking Points
Confidentiality
State-of-the-art mechanisms used. Details on the state of the art in cryptography can be found in ENISA's
2
Page 29 of 211
Algorithms, Key Sizes and Parameters Report4.
Legacy mechanisms used. Details on what can be considered applicable as legacy in cryptography can be found in ENISA's Algorithms, Key Sizes and Parameters Report.
1
No confidentiality provided 0
Access to Key Material
It is not possible to retrieve the key
materials even with a physical access to
the meter (Resistance e.g. DPA attacks
proven by certification labs)
2
It is not possible to retrieve the key
material remotely but it might be
possible to retrieve the key materials
with a physical access to the Smart-
Meter
1
It is possible to retrieve the key
materials remotely even without a
physical access to the device
0
Availability The technique provides measures for detection and prevention of Denial of Service attacks.
2
Not applicable The normalization will be adapted accordingly (see Sec. 5.2)
Technique does not provide any measures to ensure the availability of a system from a cyber-security perspective
0
Integrity State-of-the-art mechanisms used. Details on the state of the art in cryptography can be found in ENISA's Algorithms, Key Sizes and Parameters Report.
2
Legacy mechanisms used. Details on what can be considered
applicable as legacy in cryptography can be found in ENISA's Algorithms, Key Sizes and
Parameters Report5.
1
4 ENISA. Algorithms, Key Sizes and Parameters Report, 2013 recommendations, version 1.0, October 2013.
https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-
parameters-report (last accessed on 8 January 2015)
5 ENISA. Algorithms, Key Sizes and Parameters Report, 2013 recommendations, version 1.0, October 2013.
https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-
parameters-report (last accessed on 8 January 2015)
Page 30 of 211
No integrity ensured 0
Integrity of Key Material
It is not possible to modify without
authorisation the key materials even
with a physical access to the meter
2
It is not possible to modify remotely,
without authorisation, the key materials
but it might be possible with a physical
access to the Smart-Meter
1
It is possible to modify without
authorisation the key materials remotely
even without a physical access to the
device
0
Authentication Technique provides challenge-response mutual authentication
2
Technique provides authentication 1
No authentication ensured 0
Auditing/logging
Technique provides auditing and logging mechanism that can be used for automated fraud/cyber attack detection.
2
Technique provides auditing and logging mechanism that can be used for fraud/cyber attack detection while requiring human intervention or observation
1
No auditing/logging nor fraud detection mechanism provided
0
Non-Repudiation Technique provides for non-reputation 2
Non-repudiation mechanism are not available
0
Page 31 of 211
5.3.2. Privacy and Data protection Dimension
Within the European personal data protection framework, the following principles have
been considered:
- Principle of lawful and fair data collection and processing
- Principle of accuracy
- Principle of purpose specification and limitation
- Principle of proportionality
- Principle of transparency
- Principle of individual participation and in particular the guarantee of the right
of access of the person concerned
- Principle of non-discrimination
- Principle of data security
- Principle of responsibility
- Principle of independent supervision and legal sanction
- Principle of adequate level of protection in case of trans-border flows of
personal data
According to those principles , it is important to ensure that the approach addresses both
privacy and data protection aspects for the evaluation and comparison of different
technologies.
The data controller will of course have to respect the rights of data subjects and more
especially:
- Informing consumers of data being collected for regulatory purposes.
- Helping consumers to make informed decisions about the data shared or traded
with third parties.
- Including requirements for transparency of consumer data that has been shared.
The following criteria are determined to be effective in evaluating the technique with
regards to privacy and data protection and in particular to identify which technique will
allow better compliance with European privacy framework in a "privacy by design"
approach.
- Data Retention
This criterion measures whether the data collected by the technique is stored and
retained no longer than what is strictly needed to make services available according
to what is lawfully established (e.g. by a national or EU law or proportionate
contractual obligations related to the service required) and it is effectively deleted
when necessary.
Page 32 of 211
- Data minimization
This criterion measures if the set of data is the minimal set of data needed
(strictly necessary) to achieve the ten minimum functionalities for smart metering
systems.
- Data Control
This criterion will be used to evaluate if the technique allows per default some
control to the data owner on data collected by smart metering system. This criterion
will be evaluated by analysing which control on data collected will be implemented
by the techniques. Having control on data collected beyond legal or proportionate
contractual obligation is not needed to have 2 points. The control could be on the
collection for some very detailed data but could also be a control on the
transmission of this data. The data control criterion will also cover the deletion and
the correction of data. Failures to provide data control could have legal
consequences for the data controller.
- Data Access
This criterion will be used to evaluate if the technique allows per default some
access to the personal data collected by smart metering system.
- Anonymity
This criterion will be used when there is no need to keep personal data for the
functional requirement, which only requires aggregated statistics/data sets. It will
measure the ability of the technique to produce effective anonymisation. Failure on
anonymity is if someone is able to identify data subject from an anonymized data
set. Analysis of this criterion will be done based on the WP29 opinion on
anonymisation6.
Criteria Measurement Ranking Points
Data Retention Data retention is considered in a privacy by design and by default approach. No data is retained longer than what is strictly needed to make services available according to what is lawfully established (e.g. by a national or EU law or proportionate contractual obligations related to the service required) and it is effectively deleted when necessary. Data is only stored locally.
2
6 http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-
recommendation/files/2014/wp216_en.pdf
Page 33 of 211
Data is retained longer than what strictly needed to make services available according to what is lawfully established, or not effectively deleted when necessary
0
Data minimization Data minimization is considered in a privacy by design approach. Minimal set of personal data is used to implement the technique. No other technique can realize the same minimum functionality with a lesser amount of personal data.
2
Not applicable The normalization will be adapted accordingly (see Sec. 5.2)
No data minimization ensured by the technique
0
Data Control The technique allows data owners to
have a total control over the data
collected that is not strictly necessary to
provide the services
2
The technique allows data owners to
have a partial control over data collected
that is not strictly necessary to provide
the services
1
Technique does not provide any control
to owners over data
0
Data Access Technique used allows data subject to
have total access over personal data
collected
2
Technique used allows data subject to
have access to a part of personal data
collected
1
Technique used does not allow data
subject to have access to personal data
collected
0
Anonymity Technique used allows production of
anonymized data
2
Not applicable
The normalization will be adapted accordingly (see Sec. 5.2)
Data produced by the technique cannot be anonymized
0
Page 34 of 211
5.3.3. Maturity and Upgradeability of Technique
The maturity of a technique should be measured in order to determine whether (parts of) a
technique has been in use long enough that most of its faults and inherent problems have
been removed or reduced by further development. This dimension should also measure the
capability of the technique at being upgraded to counter emerging threats against privacy
and cyber-security and to patch new vulnerabilities.
Interpretation: Maturity is measured by assessing to what extent the technique is standardised and largely
deployed. This is key to maintain open architectures, technologies and systems abd
facilitating their interaction with other technologies and systems. Additionally also the
implementation scale of the technique will be taken into consideration to evaluate its
maturity.
The upgradeability criteria evaluates if a remote and secure upgradability capability exists
for the technique. This criterion is particularly important for privacy such as anonymization
techniques in case of a breach and discovery of re-identification mean to enhance the
technique.
This criterion is also relevant for security techniques in case of recovery after hacking or
just for enhancement. This criteria will be taken in consideration when applicable (and the
related weights arranged as showed in Section 5.1), as in some contexts upgradeability will
be more an implementation aspect of the technique rather than a feature of the technique
per se (e.g. an encryption technique is by definition upgradeable, while its implementation
might or might not allow an upgrade).
Criteria Measurement Ranking Points
Implementation Scale Full scale smart-metering systems implementing the technique are available
2
Small scale smart-metering systems implementations of the technique is available
1
The technique is not yet implemented in smart-metering systems
0
Standardisation The technique is fully standardized 2
Standardization is in progress but not completed yet.
1
The technique implements novel functionality not yet standardized.
0
Upgradability The technique can be upgraded remotely 2
The technique can be upgraded but with physical intervention on the device
1
To upgrade the technique the replacement of the device is needed.
0
Page 35 of 211
5.3.4. Impact of Technique towards Architecture
To measure the impact of a technique upon an existing architecture it is important to know
how the implementation of the technique will affect the existing infrastructure,
communication channels and processes. A technique should be able to offer the
functionality required as effectively as possible in order to reduce the need for additional
resources in terms of assets, bandwidth and personnel.
The following criteria are determined to be effective in evaluating the technique with
regards to impact on architecture:
- Communication overhead generated
Where information is transported between components, additional information
added to messages or packets should be minimized in order to reduce delays, reduce
the impact on the performance, unintended information disclosure and impact on
resources.
On the network communication level, sending a payload of data requires more than
just sending the data itself. The extra data (control and signalling data) is considered
overhead and differs per communication protocol. Baseline for measuring should
be the absolute minimum required to establish reliable communication.
Encryption also may introduce additional overhead. Outside of the handshake,
packets should not get any larger due to an added encryption layer.
Data which is processed within embedded systems should be limited to the bare
minimum necessary for the required action to make effective use of the available
resources.
- Bandwidth required
In order to reduce latency and to make sure that operations succeed within an
acceptable timeframe and are cost-effective, it is important that a technique does
not introduce additional bandwidth requirements. This can be achieved by limiting
the communication overhead, but also by using compression or by using more
effective communication protocols.
Information retrieved from sources should be requested only once per specific
purpose.
- Latency tolerance / ‘Always-on communication required?’
When communication channels get more congested or operate over multiple paths
it is important to have a mechanism implemented to reduce the retransmission of
packets. This will reduce network bandwidth and latency, and improves network
reliability. Loss of information should be reduced when communication is not
possible for a certain amount of time.
- Impact on processes
Page 36 of 211
The impact of the integration of a technique should be kept as low as possible in
order to prevent additional costs and complexity of the smart metering chain.
Metric Measurement Ranking Points
Communication overhead generated
The techniques doesn’t introduce a significant amount of overhead
2
Communication overhead introduced by the technique estimated lower than 10% of the transferred data
1
Communication overhead introduced by the technique is estimated as 10% and above of the transferred data
0
Bandwidth required
The proposed technique operates with no significant impact on bandwidth
2
The proposed technique operates with low-bandwidth or narrowband Smart Meter communications with moderate impact
1
Technique requires connection with higher bandwidth to operate
0
Latency tolerance / “Always-on communication required?”
A technique can work with messages delivered out of order and can deal with messages being sent with high latency (e.g. being buffered by intermediate nodes).
2
Not applicable The normalization will be adapted accordingly (see Sec. 5.2)
A pseudo real-time connection is required between communication partners to implement the technique
0
Impact to processes The technique operates with no significant impact on processes
2
The technique would impose moderate changes to current operating processes required for the Smart Meter architecture
1
Significant changes to current Smart Meter operating processes are required to implement the given technique
0
5.4. Economic Estimation
The evaluation framework defined by the Stakeholders Forum foresaw the possibility to
include also economic information in the picture.
However, during the development of the work-package 2 (definition of the questionnaire
used for gathering techniques’ information), the SF realised that economic information on
Page 37 of 211
the techniques might be considered sensitive and decided to put all the related questions in
the optional section of the questionnaire, to leave to their associated members free choice
to provide or not such information.
The analysis of the questionnaires gathered confirmed the fact that economic data is
perceived by the stakeholders as sensitive: very few disclosed information on this matter.
The lack of economic information provided by the stakeholders results in the impossibility
to consider this aspect during the BAT process.
Since this report therefore only deals with the technical aspects of the techniques analysed,
readers are advised in addition to assess the financial implications of using particular
technique(s) and balancing them against their technical attributes before selecting those for
implementation.
6. INFORMATION GATHERING AND CLUSTERING PROCESS DESCRIPTION
Information gathering is essential to identify the techniques which should be considered
the best in order to enhance the level of cyber-security and privacy of the smart-metering
systems.
In September 2015 the Stakeholders Forum defined and endorsed a questionnaire,
composed by 185 questions targeting the members of the different stakeholders’
associations, in order to facilitate the techniques information collection. (See the WP 2
deliverable).
Page 38 of 211
To enhance the usability of the questionnaire the European Commission developed an ad-
hoc portal for each of the association’s members of the stakeholder forum putting the
questionnaire online at the end of October 2015.
The information gathering was opened in November 2015 and lasted until the end of
February 2016. Figure 6 provides a high level overview of the geographical coverage of
the received questionnaires.
Figure 7: geographical coverage of the questionnaires received
As it is possible to see, the survey covered homogenously all of west and north Europe,
while less participation was registered in some area of east Europe. Nevertheless,
considering that the participation to the questionnaire was on voluntary basis, the result
obtained can be considered in any case positive.
Figure 8 provides the picture of the percentage of questionnaires received per category of
stakeholder. The three biggest contributors are, as expected, distribution operators,
metering system operators and suppliers, but questionnaires were received also by
consumer associations, ICT companies etc. (all summarised under the “Others” category)
Page 39 of 211
Figure 8: Percentage of questionnaires per stakeholder category
Figure 9 shows the percentage of questionnaires covering a certain type of meters. The
survey was dominated by stakeholders with electricity meters installed/produced, but
some questionnaire addressed also gas, water and heat meters
Figure 9: Percentage of questionnaires per type of meter
Among the stakeholders answering to the questionnaires a good share has an installed a
base of meters. Figure 10 shows the percentage of these contributors number of meters
installed.
37.0
21.7
32.6
8.7
Percentage of questionnaires per stakeholder category
Distribution Network Operators Metering system operators Suppliers Others
Percentage of questionnaires per meter type
Electricity Gas Water, Heater
Page 40 of 211
Figure 10: percentage of contributions per number of meters installed
7. TECHNIQUES CLUSTERING
The gathered questionnaires, after being anonymised by the Commission, have been
analysed by the SF Technical Editorial Group, in order to identify the techniques to be
evaluated.
Percentage of questionnaires received per installed meters
0-5000 100000-50000 50000-100000 100000-500000
500000-1000000 1000000-2000000 2000000-5000000 >5000000
Page 41 of 211
A draft of list of techniques was presented to the stakeholder forum in March 2016. The
list was then integrated with additional contributions from the stakeholders and hence
validated by the SF.
Since a technique could be used in different components, to ensure to be able to evaluate
all the possible field of application/use cases, the list has been clustered firstly per
component. Figure 11 provides a quick reminder for the reference architecture, while the
following table clarify the meaning of the different acronyms used.
Figure 11: high level reference architecture
Acronyms
PA – Supplier
PB - 3rd party
PC - Distribution Network Operator
PD - Metering system operator
PE – Consumer
OA – Meters
OB-Smart meter gateway (outside the
meter)
Page 42 of 211
OC - Home Automation devices
OD - WAN communication
HAN communication
LAN communication
Moreover, to facilitate the stakeholders in comparing the different techniques, they have
also been clustered per type/domain of application. The following table presents these
clustering domains together with a short definition.
Technique - Type/Domain Definition
Access Control Techniques to ensure that access to assets
is authorized and restricted based on
business and security requirements
*asset is defined as “anything that has
value to the organization” (ISO27000)
Communication/Transport Techniques to ensure information
security while it is exchanged within or
outside organizations (ISO27000)
Reading/Tariffing Techniques used in utility meters for
collecting the data that's needed for
billing purposes or advanced Smart Grid
functionalities
Techniques that facilitate advance tariff
structures, time-of-use registers and
remote tariff control.
Cryptography Techniques and cryptographic
mechanisms in order to protect the
confidentiality, integrity, and authenticity
of the information (ISO27000)
Monitoring Techniques to ensure the detection and
collection of evidence regarding
information security risks (ISO27000)
Security Architecture Techniques related to structural security
elements that allow a scalable and secure
infrastructure.
Page 43 of 211
Time Synchronization Techniques to ensure that all devices and
applications are synchronized to a
reliable and accurate time source
(ISO27000)
Privacy Techniques to ensure the protection of
natural persons with regard to the
processing of personal data and on the
free
movement of such data (EU 2016/679)
Hardware Security Techniques to ensure hardened and
tamper-resistant environment for securing
cryptographic material and confidential
data (firmware, collected data, registry,
etc.).
The following table presents all the collected techniques, endorsed and validated by the
stakeholder forum, clustered, as just described, per type/domain of application and per
component7.
7 In the following table, many techniques occur in more than one application, as a standard
often encompasses several layers. Other techniques are typical building blocks (such as
algorithms) or generic services (such as PKI).
Page 44 of 211
Domain Application Mechanism Used in Components Remarks
Cryptography Symmetric
Ciphers
AES All All
DES Legacy OA
Asymmetric
Ciphers
ECC-Brainpool
or NIST curves
OB, OD The use of asymmetric
mechanisms often
requires a PKI
RSA Legacy
TLS
P*
Symmetric
Cipher Modes
and MACs
CTR DLMS,
ZigBee,
TLS
OA Part of GCM, and
CCM
CBC M-bus,
TLS
C*
ECB M&M OA
GCM DLMS,
CMS,TLS
OA, OB, OD
CMAC CMS,TLS,
3G
OA, OB
CCM ZigBee OA, OB
HMAC Legacy
firmware,
legacy
GSM
OA, OD
Key
Management
Algorithms or
Protocols
ECDH CMS,DLM
S, TLS
OB, OD, PD Key agreement /
Elliptic Curve Diffie-
Hellman
PSK DLMS,M-
bus, 3G-
PLC,
GSM,3G
O* Pre-Shared Keys
IKE IPSEC P*?
MQV ZigBee OA, OB Key agreement
RFC3904 DLMS OA, OB Key transport / AES
Key-Wrap
Digital
Signature
Algorithms
ECDSA CMS,DLM
S,TLS
Firmware
signing
O*
Page 45 of 211
Domain Application Mechanism Used in Components Remarks
Cryptographic
Hashes
SHA-1 DLMS
auth.
Legacy
O* Legacy
SHA-2 DLMS
auth.
Signature,
key
derivation
All
Security
architecture
Software
maintenance
Firmware
update
OA, OB OC Global Platform
Key
Management
Mechanisms
PKI P*, O* Only the part related to
the management of the
key between devices
CMP PKI OB, D
Remote key
renewal
OA, OB, OC Global Platform
PSK O*
Key
Provisioning
Mechanisms
Initial Key
loading
O* Manufacturing
/personalisation
Manufacturer /
customer key
exchange
O*,P*
Random
Number
Generator
Random
Number
Generator
HSM or
approved
RNG
P*
Misc. Storage LDAP P*
Private cloud PC, PD Using a well-selected
private cloud
environment may allow
an improved level of
replication and
availability of the
systems leveraging
embedded, state-of-the-
art HA capabilities
Defence in
Depth
Plausibility
check on critical
commands
PA,PD
Switching
commands are
validated
against the grid
code
OA
Page 46 of 211
Domain Application Mechanism Used in Components Remarks
Network
segregation
Firewall
Data-diode
P*, CD, CF,
CG, CH
Switching
commands are
validated
against the grid
code
OA,PD
Local
processing
OA,OB,OD
Network
architecture
Application
gateway
Germany,
Data
Concentrat
or
OB,OD A.k.a. hop by hop.
Router UK,
Austria
OB,OD A.k.a. end to end
Firewall/IPS CA, CB, CC,
CD, CF, CG,
CI
Hardware
security
Secure storage HSM OA, OB, OC,
PA, PB, PC,
PD
HSM as a generic term:
from 3€ chip to 20k€
server.
Encrypted
storage
OA, OB, OC,
PA, PB, PC,
PD
µP Hardening OA, OB
Tamper detect Magnetic field
sensor
OA To prevent meter fraud
Tamper Switch OA,OB,OD
Geometric Low-
Relieves
OA,OD The external surface of
the device has to be
marked with a
continuous texture that
will be damaged in
case of physical
tampering, revealing
tampering attempts at
visual inspection.
Hot Blade
welding. A.k.a.
“sealed for life”
OA,OD Base and cover of the
device are fixed
together without
screws so that opening
of the device requires
partial destruction of
Page 47 of 211
Domain Application Mechanism Used in Components Remarks
the case that is easily
revealed at visual
Embedded
RFID tag
OA,OD A passive hidden read-
only RFID tag carrying
basic device
identification info
should be embedded in
the device to enhance
traceability.
Seal OA,OB,OD
Secure
Operation
Detection of
abnormal chip
operating
conditions (e.g. out
of Temperature or
voltage range,
unexpected
radiations e.g. light,
etc.)
Used to detect
tampering attempts and
prevent chip operation:
Efficient against side
channel attacks for
chips securing sensitive
information
SPA/DPA protected
executable
Combination of CPU
operations to prevent
leakage of information
on processed data (as
chip behaviour changes
whether “0” or “1” are
processed
Access control Physical
Protection
Radio ZigBee,
M-Bus,
Broadcast(
LW and
RC)
CH,OA,OB,O
C,PB
Local interface OA, OB,
OC,OD
Read Only
Interface
OA, OB,
OC,PE
Local storage OA, OB,
OC,OD
Local display OA, OC
Network
defence in depth
VPN OD, P*, OC
Firewall/IPS CA, CB, CC,
CD, CF, CG,
CI
Malware
Protection
Application
whitelisting
OD, P*, OC
Page 48 of 211
Domain Application Mechanism Used in Components Remarks
Authentication
Mechanisms
PKI All Related to the
management of the key
between devices
Client
Certificate
OB
One Time
Password
P*
Multi factor P* e.g. Smartphone
Profile Based OA, OD, PC,
PD
Role Based Access
Shared secrets
(TACACS+,
Kerberos,
LDAP,
password, PIN,
OpenId)
All
Monitoring Device
Tampering
Tamper Detect
Sensor
OA To prevent meter fraud
Tamper Switch OA, OB, OC
Event log OA, OB, OC
Net frequency OA, OC
Head End
System
Audit Trail PD, OA, OD,
PC
All successful and
attempted user
logins/logouts
performed either on
systems or on devices
are traced in a
dedicated access log,
with username, role,
timestamp.
Analysis and
Detection
SIEM P*
Alarm P*
Lock-out All Prevent brute force
attacks
Transport Transport
Format
XML CH
CMS CH
M-Bus CH TLV format
Page 49 of 211
Domain Application Mechanism Used in Components Remarks
IEC-13737
DLMS CD, CF, CD
SEP ZigBee CH Smart Energy Protocol
FTP CI, CC? PA
EDIFACT CI, CC?
SMS CG, CF Wake-up, last gasp
Secure transport ZigBee CH
DLMS CD, CF, CH
CMS CD, CF
TLS All except CK
IPSEC CC, CD, CI?
OA, OB
SFTP CC, CD, CI?
PB
Broadcast CK, OC LW and ripple
Transport
medium
Ethernet CI? LAN
M-Bus OA, CH, CB Wired & UHF radio
OMS4 OA, CH, CB Aka M-Bus
Radio Mesh CF ,CG
LTE Generic
Wireless
WAN
CD
GSM Generic
Wireless
WAN
Generic
Wireless
AN
CD
CH
GPRS
CDMA
ZigBee Subset of radio mesh
PLC CF Narrow band
Time
Synchronizati
on
Time
Synchronization
Assurance
Synchronization
period
CD, CF, OB,
OD
Subject to local
regulations
Network time
resilience
PD
Page 50 of 211
Domain Application Mechanism Used in Components Remarks
Privacy Frequency Transmission
CD, CF, OB,
OD
OA
Transmission Interval
Reading CD, CF, OB,
OD
OA
Measurement interval
Privacy
Preservation
Transparency:
Local
processing
OB
Aggregation O*, P* Generic terms
Privacy by
design
All Generic terms
Privacy
Enhanced
Techniques
OB
Pseudonimizatio
n
OA, OB, OC,
PA,PB,PC,PD
Purpose
Limitation
Level of detail
OA,OB, OC,
PE
Transmission
Frequency
CD, CF, OB,
OD
OA
Reading
Frequency
CD, CF, OB,
OD
OA
Compliance to
requirements
Retention PA, PB, PC,
PD
Subject to local
regulations
Legitimacy of
processing
personal data
Consumer
choice: Opt-in
/Opt-out
PA, PB, PC,
PD
Page 51 of 211
Abbreviation Explanation
B2B Business to Business
CMP Certificate Management Protocol
CMS Cryptographic Message Syntax (a.k.a. PKCS7)
FW Firewall
HSM Hardware Security Module (includes 20k€ data centre devices and 3€
chips)
IDS Intrusion Detection System
M&M Meters and More (Meter manufacturer)
PLC Power Line Communications
PSK Pre Shared Key
QoS Quality of Service
ToU Time of Use (Tariff)
Page 52 of 211
8. TECHNIQUES IN THE CONTEXT OF THE 10 COMMON MINIMUM FUNCTIONAL
REQUIREMENTS
When considering the 10 minimum functional requirements as described in Section 4 with
respect to cyber security and privacy, the interrelation between the different functional
requirements need to be taken into account.
Requirement 8 is asking for secure data communication, which would be the main
requirement to take into account when analysing the security of the communication
interfaces. This requirement is necessary to ensure the security of communications of the
other minimum functional requirements:
Requirement 3: Allow remote readings of meters by the operator. If security for all
interfaces is given, also the security of the remote readings by the operator is
assured. It shall be noted that the secure data communication shall include
confidentiality, integrity but also authentication of the meter to be sure that the
remote readings corresponds to the suitable meter. Additionally, the security of
remote readings shall include also a secure storage of the data in the meter
Requirement 4: Providing a two-way communication link between the Smart Meter
components at the consumer premises to external networks for maintenance and
control. If security of all interfaces is given, also the security for the communication
link for maintenance and control is assured.
Furthermore, several requirements ask for a technical functionality to be implemented in
the metering system, or the meter itself. The secure control of this functionality requires a
secure communication link as provided by requirement 4:
Requirement 2, readings to be frequent enough so they can be used to achieve
energy savings. The frequent readings are communicated to the operator using the
two-way communication of requirement 4, as well as the any required update of
the reading frequency. The possibility to update reading frequency is achieved
using the two-way communication of requirement 4. It shall be noted that security
of the control requires also a tamper resistance in the meter to ensure that this
control is not forged in the meter.
Requirement 5, readings to be frequent enough so they can be used for network
planning. The frequent readings are communicated to the operator using the two-
way communication of requirement 4
Requirement 6, the support of advanced tariffs. The readings of those tariffs are
communicated to the operator using two-way communication of requirement 4.
Requirement 10, provide import/export and reactive metering. The readings of
import/export and reactive power are communicated to the operator using two-way
communication of requirement 4.
Requirement 1, to provide readings directly to the customer and any third party designated
by the consumer is realized in two different manners based on the questionnaire answers.
Page 53 of 211
a) Using a local interfaces / display to provide the readings to the consumer and also
provide the consumer the possibility to provide the data to a 3rd party. The data is
securely transferred from the meter or in-home gateway to the consumer. However,
how the data from any of the consumer owned devices is transported to a 3rd party
is not considered in scope for this assignment.
b) Using a web service, that provides the readings only to the consumer after the
readings have been gathered by the network operator using the communication link
as mandated in requirement 3.
The readings provided to the consumer can furthermore include information about
advanced tariffs and import/export and reactive metering data.
Ensuring the security of Requirement 7 can in parts also be addressed when establishing a
secure communication link. However, due to the critical impact an abuse of this
requirement could result in, additional mitigation options need to be considered. Based on
the questionnaire results, this can be by several means to ensure additional security for this
requirement.
Requirement 9 is concerned with detecting and preventing fraud. To communicate the
events about possible frauds that are detected by sensors of the devices, also the secure
infrastructure provided by requirement 4 is used. It shall be noted that securing the
communication link is necessary to ensure security of this functionality but not sufficient
and the mean to detect fraud shall be secure in the smart meter as well and requires tamper
resistance.
But all of those requirements must be achieved by ensuring a good level of privacy. If
those functionalities must be provided by a smart metering system in EU, it must be
provided in compliance with the data protection framework. Some requirements are
directly related to privacy issues and techniques used to realize functionality must address
those issues.
Requirement 6 indicates that smart metering system must support advanced tariffs.
Requirement 1 indicates that the meter must provide readings directly to the consumer
s. This requirement could be achieved with different techniques. The technical choice
to provide those readings could have a lot of impact on the privacy for example
comparing a local display and a remote reading.
Page 54 of 211
9. ANALYSIS OF THE TECHNIQUES GATHERED FOR COMPONENT O*
The distribution of the techniques depends on the architecture, with as extremes: OA is a
dumb sensor and all processing and communication is done by OB (DE) or: OA does the
measuring and processing and OB only performs communication (GB). OA and OB can
also be integrated in one device (saves costs, space and power) as in FR and in some NL
meters.
Logging is only evaluated if it is mandated by the technique. Otherwise it is
implementation dependent.
9.1. Access Control
3 Use cases are considered here:
Consumer access
Operator access
3rd Party access
9.1.1. Username/password or PIN
This is the classical technique. The Username is often linked to the role of the party seeking
access. PINs are used on devices with a limited user interface, such as a numerical only
keypad.
The criteria that are not provided by this technique are omitted from the ranking tables.
Evaluation of Use case 1, Consumer access
The assumptions are:
- That all access is local. (Non-local access uses the PE
component)
- that the credentials are unique
- that the credentials are revoked when necessary
Cyber-Security
Criterion Rank Comment
Confidentiality NA Not applicable to this technique.
Availability NA Not applicable to this technique.
Integrity NA Not applicable to this technique.
Authentication 1 No mutual authentication. A leak of the used credentials
can allow attackers to connect to impersonate the user.
Page 55 of 211
Access to key material 0-2
The ranking depends on implementation.
0: if the password is sent in clear on the interface
2: if the password is stored in a tamper resistant module and
verified in this module
Integrity of key material 0-2 The ranking depends on implementation.
0: if the password is sent in clear on the interface
2: if the password is stored in a tamper resistant module and
verified in this module
Auditing/logging NA Not a functionality of this technique
Non-repudiation NA Not applicable to this technique.
Privacy and Data Protection
Criterion Rank Comment
Data Control NA The authentication mechanism does not influence which
data is collected.
Data minimisation NA The authentication mechanism does not influence which
data is collected.
Data Access NA The authentication mechanism does not influence the
access rights.
Anonymity NA Not applicable to this technique.
Data Retention 0 - 2 Depends on the implementation
2 : if the password is stored locally
0: if the password is sent for remote verification on server
side.
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Use of PIN or username/password is very widespread
Page 56 of 211
Standardisation 0 No standardisation of the given mechanisms.
Upgradability 1 The upgradability of PIN based mechanisms is dependent
on the hardware functionality. For that reason, it can be not
upgradable (rank 0) or fully upgradable (rank 2). For the
purpose of this evaluation, the value proposed in the rank
resume is the average between these two extremes (1).
However the reader should take this into consideration
when evaluating his specific PIN based mechanism
Impact of Technique towards Architecture
Everything that is done locally does not have to be communicated.
Criterion Rank Comment
Communication
overhead generated
2 Even if sent on the communication link and not locally
stored and verified, passwords are commonly less than 16
bytes
bandwidth required 2 Even if sent on the communication link and not locally
stored and verified, passwords are commonly less than 16
bytes
Latency tolerance /
"Always on
communication
required"
2 or 0 0 if credentials are not verified locally.
Impact to processes 1 Processes to assign and reset credentials are required,
including processes to authenticate the recipients of the
changed credentials
Page 57 of 211
Ranking Summary
(a) Password sent on the interface and verified on server side
Domain Rank
Cyber-security 0.3
Privacy and Data Protection 0
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 1.25
00.20.40.60.8
11.21.4
Cyber-security
Privacy and Data
Protection
Maturity and
Upgradeability of
Impact of
Technique towardsArchitecture
Rank
Page 58 of 211
(b) Password stored and verified locally in tamper resistant module
Domain Rank
Cyber-security 1.7
Privacy and Data Protection 2
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 1.75
0
0.5
1
1.5
2Cyber-security
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Passwords are an easy and well-established primitive authentication method. The used
protocol does not provide mutual authentication however, allowing the users to validate
the other party.
Evaluation of Use cases 2 and 3 - User is not in control of data collected
Operator and 3rd party access is most likely over a network connection. If these use cases
use local access, the ranking from use case 1 applies.
Cyber-Security
Criterion Rank Comment
Confidentiality NA Not applicable to this technique.
Availability NA Not applicable to this technique.
Integrity NA Not applicable to this technique.
Page 59 of 211
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Auditing/logging NA Not a functionality of this technique
Authentication 1 No mutual authentication. A loss or leak of the used
credentials can allow attackers to connect to impersonate
the user.
Non-repudiation NA Not applicable to this technique.
Privacy and Data Protection
Criterion Rank Comment
Data Control 0 This process is not under control of the consumer.
Data minimisation NA The authentication mechanism does not influence which
data is collected.
Data Access NA The authentication mechanism does not influence the access
rights.
Anonymity NA The authentication mechanism does not influence the
linking of data to individuals
Data Retention NA The authentication mechanism does not influence data
retention
Maturity and Upgradeability of Technique
As in use case 1.
Impact of Technique towards Architecture
As in use case 1 (a)
Page 60 of 211
Ranking Summary
Domain Rank
Cyber-security 1
Privacy and Data Protection 0
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 1.25
00.20.40.60.8
11.21.4
Cyber-security
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Username and password is an easy and well-established authentication method. The
mechanism does not provide a mutual authentication however as it does not allow the user
to validate the other party.
Evaluation of Use cases 2 and 3 – User is in control of data collected
Operator and 3rd party access is most likely over a network connection. If these use cases
use local access, the ranking from use case 1 applies.
Cyber-Security
Criterion Rank Comment
Confidentiality NA Not applicable to this technique.
Availability NA Not applicable to this technique.
Integrity NA Not applicable to this technique.
Page 61 of 211
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Auditing/logging NA Not a functionality of this technique
Authentication 1 No mutual authentication. A loss or leak of the used
credentials can allow attackers to connect to impersonate
the user.
Non-repudiation NA Not applicable to this technique.
Privacy and Data Protection
Criterion Rank Comment
Data Control 2 This process is under control of the consumer.
Data minimisation NA The authentication mechanism does not influence which
data is collected.
Data Access NA The authentication mechanism does not influence the access
rights.
Anonymity NA The authentication mechanism does not influence the
linking of data to individuals
Data Retention NA The authentication mechanism does not influence data
retention
Maturity and Upgradeability of Technique
As in use case 1.
Impact of Technique towards Architecture
As in use case 1.
Page 62 of 211
Ranking Summary
Domain Rank
Cyber-security 1
Privacy and Data Protection 2
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 1.75
0
0.5
1
1.5
2Cyber-security
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Username and password is an easy and well-established authentication method. The
mechanism does not provide a mutual authentication however as it does not allow both
parties (e.g., customer, operator, third party) to be validated.
9.1.2. One-time password
The user gets a password that is unique and valid for short time. This technique prevents
an attacker from intercepting the password or retrieve/reconstruct the password from the
verifying system. The one-time password can be generated locally, based on the time or
on a challenge, or it can be sent on request by the verifying system.
Local generation can be implemented as “2 factor”, if the generation or verification takes
place on a separate device.
Page 63 of 211
Evaluation of Use case 1
Cyber-Security
Criterion Rank Comment
Confidentiality NA The use of password is generally accepted as a means to
ensure a certain level of confidentiality.
Availability NA This is not a functionality of this technique.
Integrity NA This is not a functionality of this technique.
Authentication 2 Strong protection mechanism. .The token is generated by a
specific device or transmitted using a separate
communication mean.
Non-repudiation NA This is not a functionality of this technique.
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Privacy and Data Protection
Criterion Rank Comment
Data Minimisation NA The authentication mechanism does not influence which
data is collected
Data Control NA The authentication mechanism does not provide control
on which data is collected
Data Access NA The authentication mechanism does not influence the
access rights.
Anonymity NA The authentication mechanism does not influence the
linking of data to individuals
Data retention 2 Per default, data retention for one-time password is very
short. Password is retained no longer than what is strictly
needed to make services available and proportionate to
the purposes of authentication
Page 64 of 211
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Use of PIN or username/password is very widespread
Standardisation 2 Standards exist for OTP: e.g. Oauth, OpenID connect.
Upgradability 2 The upgradability of this technique depends on the way the
technique is implemented. The token used for OTP are
generated token using a specific software.
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
2 When credentials are processes locally there is no
communication required for this technique, when the
authentication is performed against a remote system the
communication overhead is negligible.
Bandwidth required 2 When credentials are processes locally there is no
communication required for this technique, when the
authentication is performed against a remote system the
bandwidth required is negligible.
Latency tolerance /
"Always on
communication
required"
2 or 1 When authentication is performed local on the system there
is no communication involved (2), and when performed
remotely the authentication needs to be performed in a
reasonable timeframe, taking latencies of the underlying
network protocol into account (usually IP).
Impact to processes 1 Moderate impact to processes is expected due to the
management of credentials and tokens. While the
management of credentials can be regarded as usual IT
practice, the management of tokens usually requires more
effort.
Page 65 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Privacy and Data Protection 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.75
1.61.65
1.71.75
1.81.85
1.91.95
2Cyber-security
Privacy and DataProtection
Maturity andUpgradeability of
Impact ofTechnique towards
Architecture
Rank
“Two factor authentication” greatly improves security. In case of a physical factor, a loss
can be detected. In case of a second communication channel increases the effort for an
attacker.
Evaluation of Use case 2, 3
See 9.1.1.2
9.1.3. 2 factor authentication
The user is authenticated after successfully presenting several separate pieces of evidence
to an authentication mechanism - typically at least two of the following categories:
knowledge (something they know); possession (something they have), and inherence
(something they are).
Page 66 of 211
Evaluation of Use case 1
Cyber-Security
Criterion Rank Comment
Confidentiality NA The use of password is generally accepted as a means to
ensure a certain level of confidentiality.
Availability NA This is not a functionality of this technique.
Integrity NA This is not a functionality of this technique.
Authentication 2 Strong protection mechanism. Two pieces of information are
used to verify the user. The use of two factor authentication
mechanisms is usually implemented within protocols
providing mutual authentication.
Non-repudiation NA This is not a functionality of this technique.
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Privacy and Data Protection
Criterion Rank Comment
Data Minimisation NA The authentication mechanism does not influence which
data is collected
Data Control NA The authentication mechanism does not provide control
on which data is collected
Data Access NA The authentication mechanism does not influence the
access rights.
Anonymity NA The authentication mechanism does not influence the
linking of data to individuals
Data retention 2 Because the user information are checked and stored
locally
Page 67 of 211
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Use of PIN or username/password is very widespread
Standardisation 2 Standards exist for 2 factor authentication: e.g. FIDO.
Upgradability 2
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
2 When credentials are processes locally there is no
communication required for this technique, when the
authentication is performed against a remote system the
communication overhead is negligible.
Bandwidth required 2 When credentials are processes locally there is no
communication required for this technique, when the
authentication is performed against a remote system the
bandwidth required is negligible.
Latency tolerance /
"Always on
communication
required"
2 or 1 When authentication is performed local on the system there
is no communication involved (2), and when performed
remotely the authentication needs to be performed in a
reasonable timeframe, taking latencies of the underlying
network protocol into account (usually IP).
Impact to processes 1 Moderate impact to processes is expected due to the
management of credentials and tokens. While the
management of credentials can be regarded as usual IT
practice, the management of tokens usually requires more
effort.
Page 68 of 211
Ranking Summary
If authentication is performed locally without communication required:
Domain Rank
Cyber-security 2
Privacy and Data Protection 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.75
1.61.65
1.71.75
1.81.85
1.91.95
2Cyber-security
Privacy and DataProtection
Maturity andUpgradeability of
Impact ofTechnique towards
Architecture
Rank
If authentication is performed remotely (i.e the authentication needs to be performed in a
reasonable timeframe, taking latencies of the underlying network protocol into account
(usually IP):
Page 69 of 211
Domain Rank
Cyber-security 2
Privacy and Data Protection 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.5
0
0.5
1
1.5
2Cyber-security
Privacy and DataProtection
Maturity andUpgradeability of
Impact ofTechnique towards
Architecture
Rank
“Two factor authentication” greatly improves security. In case of a physical factor, a loss
can be detected. In case of a second communication channel increases the effort for an
attacker.
Evaluation of Use case 2, 3
See 9.1.1.2
9.1.4. Pre-shared secrets and TLS with client certificates
Both parties share the same symmetric key or in the case of TLS, each party presents a
certificate that is trusted by the other party.
Evaluation of Use case 1
Cyber-Security
Criterion Rank Comment
Confidentiality 2 The TLS protocol can use strong cryptographic algorithms
for ensuring data confidentiality.
Availability NA This is not a functionality of this technique.
Page 70 of 211
Integrity 2 The TLS protocol can use strong cryptographic algorithms
for ensuring data integrity.
Authentication 2 The TLS protocol can use strong cryptographic algorithms
that are providing a mutual authentication of both
communication parties.
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-Repudiation NA Not a functionality of this technique
Privacy and Data Protection
Criterion Rank Comment
Data Retention NA The authentication mechanism does not influence which data
is collected
Data Minimisation NA The authentication mechanism does not influence which data
is collected
Data Control NA The authentication mechanism does not provide control on
which data is collected
Data Access NA The authentication mechanism does not influence which data
are accessible
Anonymity NA The authentication mechanism does not influence the linking
of data to individuals
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 0 There is very limited use of this technique in the Smart
Metering domain, no larger scale roll-outs have been
completed using TLS yet.
Standardisation 2 RFC5246 and RFC5487
Upgradability 2 Technique can be updated in firmware/software.
Page 71 of 211
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
1-2 In normal network environments the overhead generated by
this technique is negligible (2), but in low bandwidth, high
latency connections the additional round-trips (TLS) might
have impact (1)
Bandwidth required 1-2 The bandwidth required for the exchange of keys does not
require a lot of bandwidth (2), but there might be circumstances
where bandwidth is very limited (1).
Latency tolerance /
"Always on
communication
required"
1-2 In normal network environments the latency tolerance required
is negligible (2), but in low bandwidth, high latency
connections the additional round-trips (TLS) might have
impact (1)
Impact to processes 1 Processes to assign and reset credentials required
Ranking Summary
Best case (high bandwidth network):
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.33
Impact of Technique towards Architecture 1.875
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact of Techniquetowards
Architecture
Rank
Page 72 of 211
Worst case (low bandwidth network):
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.33
Impact of Technique towards Architecture 1
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact of Techniquetowards
Architecture
Rank
Client certificates allow establishing a mutual trust between client and server.
Evaluation of Use cases 2-3
Same as 9.1.4.1
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Widespread use
Standardisation 2 Several well established standards (TLS, DLMS)
Upgradability 2 Technique can be updated in firmware/software.
Page 73 of 211
Ranking Summary
Best case (high bandwidth network):
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.875
1.8
1.85
1.9
1.95
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 74 of 211
Worst case (low bandwidth network):
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Client certificates with TLS allow to establish a mutual trust between client and server.
9.2. Cryptographic algorithms and modes
It is important to recognize that the evaluated algorithms are not used directly in techniques
to ensure security for a smart metering system. In almost all cases, techniques use those
cryptographic algorithms as building blocks for ensuring respective security functionality.
The evaluation of the below algorithms and modes was performed to provide a general
view on the effectiveness and capabilities. They should however only be used as part of a
more complex protocol, such as TLS, DLMS or M-Bus.
First the symmetric and then the asymmetric, each sorted in descending use. All algorithms
and modes are standardized and mature (albeit not all in smart metering).
The algorithms, modes and key lengths are the ones returned from the survey.
See the advices of ENISA, NIST and NSA for detailed guidance, also in view of the
expected developments in quantum cryptanalysis.
The suggestion is to use the longer key-lengths of the current algorithms; 256 bit AES and
384 (or more) bits ECC.
Page 75 of 211
Several common algorithms not in the BAT, notably single DES, RC4, MD4 and MD5 are
insecure.
The ratings only apply when the following conditions are met:
Keys are generated securely.
Symmetric and private keys are kept secret throughout their lifecycle (generation,
provisioning, storage and usage)
IVs are never reused for the same key
The environment does not provide oracles, for example by reporting which part of
a decrypted message is incorrect.
The key for CMAC is different from the key used for the confidentiality mode
When numbers are used in the rating, these are based on 1288 bit symmetric
and 256 bit asymmetric keys in case of elliptic curves, and 1024 in case of
RSA..
Cryptographic algorithms do not offer “availability”. “Access to key material”
and “integrity of key material” is depending on the implementation and not a
property of the algorithm.
All symmetric algorithms offer some “Authentication”, as a valid decrypted
message implies that the writer possessed the same key as the reader.
“Authentication” is not a property of hash algorithms.
Note that the above assumes availability of reliable Random Number Generation
capabilities.
The recommendation for cryptographic algorithms for a better protection against quantum
computing vulnerability are the following as described in NIST report9 and ETSI white-
paper10
to increase the key lengths of symmetric key algorithms
to maintain crypto agility to be prepared to transition away from vulnerable
algorithms (asymmetric key algorithms) to quantum-safe ones when available and
their security assessed.
8 For new systems, 256 bits is preferred to withstand quantum cryptanalysis.
9 NIST: NISTIR 8105 DRAFT (February 2016) : Report on Post-Quantum Cryptography.
http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
10 : ETSI: ETSI White Paper No. 8: Quantum Safe Cryptography and Security: An introduction, benefits,
enablers and challenges; June 2015
http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf
Page 76 of 211
Privacy and Data Protection
The dimension “Privacy and Data Protection” is under the header, as this will be the same
for all techniques.
Criterion Rank Comment
Data Retention NA Privacy is considered “Not Applicable”, as cryptography is a
method to protect all data. Which data it is, whether it is
personal or not is out of scope.
Data Minimisation NA Privacy is considered “Not Applicable”, as cryptography is a
method to protect all data. Which data it is, whether it is
personal or not is out of scope.
Data Control NA Privacy is considered “Not Applicable”, as cryptography is a
method to protect all data. Which data it is, whether it is
personal or not is out of scope.
Data Access NA Privacy is considered “Not Applicable”, as cryptography is a
method to protect all data. Which data it is, whether it is
personal or not is out of scope.
Anonymity NA Privacy is considered “Not Applicable”, as cryptography is a
method to protect all data. Which data it is, whether it is
personal or not is out of scope.
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Widespread use
Standardisation 2 Fully standardized
Upgradability 2 Cryptographic protocols can usually be updated in software.
All cryptography impacts processes as keys must be managed (generation, loading,
replacement and revocation). Just as important as the algorithm chosen is the management
of key material.
Page 77 of 211
9.2.2. AES-GCM
GCM, Galois Counter Mode, is a mode for authenticated encryption. It provides
confidentiality for the data using the CTR mode of AES and detection of unauthorized
changes to the data and to the “additional authenticated data” by adding an authentication
tag using a GMAC algorithm. GCM is used in DLMS and as a recommended TLS
algorithm in DE.
Cyber-Security
Criterion Rank Comment
Confidentiality 2 AES-GCM is recommended by ENISA, ensuring data
confidentiality.
Integrity 2 AES-GCM provides a MAC ensuring data integrity.
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Impact of Technique towards Architecture
The IV is less than the block size, as a part of the existing header is used for the IV.
Authentication tags can be truncated (not recommended)
Criterion Rank Comment
bandwidth required 2 Little data transported
Latency tolerance /
"Always on
communication
required"
NA Not applicable to this technique.
Communication
overhead generated
1 IV and tag, 16-32 byte per message
Impact to processes 1 Key management required
Page 78 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.33
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
AES-GCM requires a single key and a single pass through the AES algorithm for
confidentiality and authenticity. As GCM is a stream mode, it does not require padding.
9.2.1. AES-CBC
CBC, Cypher Block Chaining, is a mode for encryption. As the blocks are linked, a change
in one block will affect the decryption of all subsequent blocks. It also hides which blocks
contain the same plaintext. AES-CBC is used in M-Bus and as a recommended TLS
algorithm in Germany.
Cyber-Security
Criterion Rank Comment
Confidentiality 2 AES-CBC is recommended by ENISA, providing data
confidentiality.
Integrity 1 The algorithm does not provide good data integrity. Whole
blocks can be manipulated without affection the remainder of
the message.
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
Page 79 of 211
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Impact of Technique towards Architecture
Criterion Rank Comment
Bandwidth required 2 Little data transported
Latency tolerance /
"Always on
communication
required"
NA Not applicable to this technique
Impact to processes 1 Key management required
Communication
overhead generated
1 IV and padding, 16-32 byte per message
Page 80 of 211
Ranking Summary
Domain Rank
Cyber-security 1.5
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.33
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
CBC provides good confidentiality when implemented correctly (random IVs and no
padding oracle). Not resistant against chosen ciphertext attacks11.
9.2.2. AES-CCM
AES-CCM, CMAC Counter Mode, is a mode for authenticated encryption. It provides
confidentiality for the data using the CTR mode of AES and detection of unauthorized
changes to data Evaluation using a CMAC. CCM is used in ZigBee
Cyber-Security
Criterion Rank Comment
Confidentiality 2 AES-CCM is recommended by ENISA, providing data
confidentiality.
Integrity 2 AES-CCM provides a MAC, providing data integrity.
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
11 See „Evaluation of Some Blockcipher Modes of Operation“, Phillip Rogaway, 2011
Page 81 of 211
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Impact of Technique towards Architecture
Criterion Rank Comment
bandwidth required 2 Little data transported
Latency tolerance /
"Always on
communication
required"
NA Not applicable to this technique.
Impact to processes 1 Key management required
Communication
overhead generated
1 IV and tag, 32 bytes per message
Page 82 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.33
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
CCM provides good security when implemented correctly (random IVs and different keys
for confidentiality and authenticity).
9.2.3. AES-CMAC
CMAC, Cryptographic Message Authentication Code, is a mode for authentication. It uses
the CBC mode, of which the last block is used as an authentication tag.
Cyber-Security
Criterion Rank Comment
Confidentiality NA Not a property of AES-CMAC, this functionality cannot
ensure data confidentiality.
Integrity 2 AES-CMAC provides a MAC, providing data integrity.
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Page 83 of 211
Non-repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique. See also introduction.
Impact of Technique towards Architecture
Criterion Rank Comment
bandwidth required 2 Little data transported
Latency tolerance /
"Always on
communication
required"
NA Not applicable to this technique.
Impact to processes 1 Key management required
Communication
overhead generated
1 IV and tag, 32 byte per message
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1,33
0
0,5
1
1,5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact of Techniquetowards
Architecture
Rank
Page 84 of 211
9.2.4. AES-CTR
CTR, Counter Mode, is a mode for encryption. Each block is byte wise XORed with an
encrypted counter. CTR does not increase the message size as no padding is required. CTR
is used as a building block for GCM and CCM.
Cyber-Security
An attacker can change each bit in the message at will.
Criterion Rank Comment
Confidentiality 2 The technique can provide good data confidentiality.
Integrity 0 Any change in the message does not affect the rest of the
message, no data integrity can be provided with this
technique.
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Impact of Technique towards Architecture
Criterion Rank Comment
bandwidth required 2 Little data transported
Latency tolerance /
"Always on
communication
required"
NA Not applicable to this technique.
Impact to processes 1 Key management required
Communication
overhead generated
1 IV, 4-16-byte per message
Page 85 of 211
Ranking Summary
Domain Rank
Cyber-security 1
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.33
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
9.2.5. AES-ECB
ECB, Electronic Code Book, is a mode for encryption. Each block is individually
encrypted.
Cyber-Security
Attacker can see which blocks contain the same plaintext. An attacker can freely swap
blocks around.
Criterion Rank Comment
Confidentiality 0 The technique cannot provide data confidentiality and
should only be used as a building block for other AES
Modes. The encrypted data can still reveal patterns in the
plain text.
Integrity 0 The technique cannot provide data integrity and should only
be used as a building block for other AES Modes. Blocks
can easily be moved and copied.
Page 86 of 211
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Impact of Technique towards Architecture
Criterion Rank Comment
bandwidth required 2 Little data transported
Latency tolerance /
"Always on
communication
required"
NA Not applicable to this technique.
Impact to processes 1 Key management required
Communication
overhead generated
1 1-16-byte padding per message
Page 87 of 211
Ranking Summary
Domain Rank
Cyber-security 0
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.33
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
ECB has weak security properties and is mainly of value as a building block for other
modes.
9.2.6. SHA1
The Secure Hash Algorithm 1 calculates a 20 bytes’ message digest or “hash” from an
input message of any length.
Cyber-Security
The collision resistance (the effort needed to create 2 inputs with the same hash) is less
than expected. SHA1 is not recommended for new designs.
The pre-image resistance (the effort to create an input with a given hash) is said to be still
good.
Criterion Rank Comment
Confidentiality NA Confidentiality does not apply to hash algorithms
Integrity 1 The algorithm has only a reduced collision resistance
Page 88 of 211
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Authentication does not apply to hash algorithms
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Widespread use
Standardisation 2 Fully standardized in FIPS 186
Upgradability 2 Algorithm can usually be updated in software
Impact of Technique towards Architecture
Impact on architecture in considered “Non Applicable”, as the hash algorithms are only an
indispensable part of other techniques. The impact is evaluated in the technique using the
algorithm, for example electronic signatures.
Page 89 of 211
Ranking Summary
Domain Rank
Cyber-security 1
Maturity and Upgradeability of Technique 2
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Rank
The collision resistance of SHA1 is less than expected. It is not recommended for new
designs. No reduction of the pre-image resistance discovered yet.
9.2.7. SHA2
The “Secure Hash Algorithm 2” calculates a 32 – 64 bytes’ message digest from an input
message of any length. The versions are commonly named after the output length:
SHA256, SHA384 and SHA512. SHA2 is a building block for other algorithms such as
ECDSA and ECDH.
Cyber-Security
SHA2 is recommended for new designs.
Criterion Rank Comment
Confidentiality NA Confidentiality does not apply to hash algorithms
Integrity 2 The algorithm provides strong data integrity capabilities.
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
Page 90 of 211
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Authentication does not apply to hash algorithms
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Widely adapted
Standardisation 2 Fully standardized in FIPS 186
Upgradability 2 Algorithm can usually be updated in software
Impact of Technique towards Architecture
Impact on architecture in considered “Non Applicable”, as the hash algorithms are only an
indispensable part of other techniques. The impact is evaluated in the technique using the
algorithm, for example electronic signatures.
Page 91 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Rank
SHA2 is currently the recommended algorithm for hashing.
9.2.8. ECDH
Elliptic Curve Diffie Hellman calculates a shared secret from an own private key and the
public key from the partner. The shared secret is used to derive a key for the symmetric
algorithm (using the SHA2 algorithm) that secures the subsequent communication.
Cyber-Security
A modulus length of 256 bit or more is recommended for new designs. The security is
strongly dependent on the secure transport, for example as a certificate, of the public keys
to avoid a “man in the middle” attack. This algorithm is used for key exchange and is used
in general with other algorithms to provide authentication and avoid man-in-the-middle
attacks.
Criterion Rank Comment
Confidentiality 0 Diffie-Hellman is subject to man-in-the-middle attacks
Availability NA Not a functionality of this technique
Integrity NA Integrity is not of function of key agreement
Page 92 of 211
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 1 Limited use, mainly GB and DE
Standardisation 2 Fully standardized
Upgradability 2 Algorithm can usually be updated in software
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
2 This type of encryption is used for key-exchange, after
which symmetric encryption is used for the rest of the
communication. Diffie-Helman only exchange some
random numbers.
bandwidth required 2 This is depending on the type of network, on low latency –
small bandwidth networks the key exchange technique can
have impact (1) due to the extra communication involved.
On high bandwidth networks the impact is negligible (2).
Latency tolerance /
"Always on
communication
required"
2 Depending on the protocol; communication is not
required for the static-static variant, but a prerequisite for
the ephemeral variants.
Impact to processes 1 . The ECDH is the process to assign symmetric credentials
to reduce the overhead compared to asymmetric
encryption. PKI may be used to protect DH from Man-in-
the-middle attacks but is an independent technique from
ECDH.
Page 93 of 211
Ranking Summary
Domain Rank
Cyber-security 0
Maturity and Upgradeability of Technique 1.66
Impact of Technique towards Architecture 1.75
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
ECDH is the recommended mechanism for key establishment using asymmetric
cryptography. The modulus size must be 256 bits or more.
9.2.9. ECDSA
The Elliptic Curve Digital Signature Algorithm calculates a signature using an own private
key and verifies the signature using the public key of the receiver. ECDSA uses the SHA2
algorithm to prepare the input.
The “unique value” used in generating the signature MUST NOT repeat. Failing to do so
reveals the private key to an attacker.
Cyber-Security
A modulus length of 256 bit or more is recommended for new designs.
Criterion Rank Comment
Confidentiality NA Confidentiality is not of function of digital signatures
Integrity 2 A signed message cannot be changed undetected, this
providing string data integrity.
Availability NA Not a functionality of this technique
Page 94 of 211
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Non-repudiation 2 The technique can be used to provide non-repudiation of
exchanged information.
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 1 Limited use, mainly UK and DE
Standardisation 2 Fully standardized, FIPS PUB 186-4, ANSI X9.62-2005
Upgradability 2 Algorithm can usually be updated in software
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
1 Data for asymmetric crypto is often bigger. A MAC is 16
bytes while an ECDSA signature is at least 64 bytes.
bandwidth required 2 or 1 This is depending on the type of network, on low latency –
small bandwidth networks the key exchange technique can
have impact (1) due to the extra communication involved. On
high bandwidth networks the impact is negligible (2).
Latency tolerance /
"Always on
communication
required"
2 or 1 This is depending on the type of network, on low latency –
small bandwidth networks the key exchange technique can
have impact (1) due to the extra communication involved. On
high bandwidth networks the impact is negligible (2).
Impact to processes 1 Processes to create and assign credentials required, for
example a PKI. More processing power needed compared to
symmetric algorithms.
Page 95 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.66
Impact of Technique towards Architecture 1.5
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
ECDSA is the recommended mechanism digital signatures on embedded systems. The
modulus size must be 256 bits or more.
9.3. Monitoring and alarming
Many events are logged, but only the security relevant events are covered here. It is
possible to configure an immediate alarm message when certain events occur.
Use case 1: Events are sent to the operator without any visibility or control by the
consumer.
Use case 2: The consumer has visibility over the events that are sent.
9.3.1. Privacy and Data Protection
This is common to all events, therefore placed in an overarching chapter.
Criterion Rank Comment
Page 96 of 211
Data Control 0 No consumer control on alarming and monitoring
Data minimisation NA Alarming and monitoring mechanism does not influence
which data is collected by the meter.
Data Access 0 or 2 2 in architectures where the consumer can see everything
that is sent. 0 elsewhere.
Anonymity NA Not applicable to this technique.
Data Retention NA Alarming and monitoring mechanism does not influence
how long data are stored
9.3.2. Switches
A switch is used as a mechanism to detect physical access to a device. When a protected
area is accessed (for example when a cover is removed), a switch is operated and the event
is written to a log.
Devices can have several layers of protection; an outer level, for example covering the
connections and an inner level covering the calibrated components.
Evaluation
The assumptions are:
- That the action is logged.
- that the log is read
- that actions are taken when necessary
Cyber-Security
This technique only concerns the integrity.
Criterion Rank Comment
Confidentiality NA Not a functionality of the technique.
Availability NA Not a functionality of the technique.
Integrity 1 Switches can be bypassed by a serious attacker
Authentication NA Not a functionality of the technique.
Access to key material 1 A switch can detect the first step to attempt to access the
key material physically.
Page 97 of 211
Integrity of key material 1 A switch can detect the first step to attempt to access the
key material physically.
Non-repudiation NA Not a functionality of this technique
Logging 2 See assumptions
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Widespread use
Standardisation NA Not a functionality of the technique.
Upgradability 0 None, as it uses mechanical components
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
2 A tamper alert that is sent over the network is normally only
a fraction of the other traffic.
bandwidth required 2 A tamper alert that is sent over the network is normally only
a fraction of the other traffic.
Latency tolerance /
"Always on
communication
required"
2 Although it is advisable to have tamper alerts sent to the
monitoring system as soon as possible, latency can be
tolerated.
Impact to processes 1 Although processes are required to process the alarms and
act upon them, the benefits of being able to detect such
events far outweigh the risks involved when such events
are not noticed.
Ranking Summary
Switches are a common requirement from meter users and provide a simple remote tamper
detection.
Page 98 of 211
Use case 1:
Domain Rank
Cyber-security 1.25
Privacy and Data Protection 0
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 1.75
0
0.5
1
1.5
2Cyber-security
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 99 of 211
Use case 2:
Domain Rank
Cyber-security 1.25
Privacy and Data Protection 1
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 1.75
0
0.5
1
1.5
2Cyber-security
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Note: for what concerns privacy, the summary presents the worst case, i.e. when Data
Access is ranked 0. When the architecture or reference provides means for the consumer
to be aware of the data exchanged, privacy should be ranked 2.
9.3.3. Seals and other tamper evident techniques
Seals are a legal requirement from the various calibration regulations. Similar functionality
can also be provided by welding the case closed. Additional measures such as micro reliefs
and RFID could add an extra hurdle to introduce forged devices.
Cyber-Security
This technique mainly concerns the integrity.
Criterion Rank Comment
Integrity NA Not a functionality of this technique
Availability NA Not a functionality of this technique
Page 100 of 211
Access to key material 1 The technique can provide an indication if the device has
been tampered with, therefore also an indication if key
material could have been obtained by an attacker.
Integrity of key material 1 The technique can provide an indication if the device has
been tampered with, therefore also an indication if key
material could have been obtained by an attacker.
Logging NA Not a functionality of this technique
Confidentiality NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Widespread use
Standardisation NA not applicable
Upgradability 0 Requires a manual process and visiting every consumer
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
NA This technique does not use communication
Bandwidth required NA This technique does not use communication
Latency tolerance /
‘Always-on
communication
required?
NA This technique does not use communication
Impact to processes 1 Process to handle broken seals and re-sealing needed
Ranking Summary
Seals on the metrological parts are a legal requirement.
Page 101 of 211
Other seals are a common requirement from device owners and a cheap way to detect
simple tampering.
Use case 1: the seal doesn’t have privacy protection uses
Domain Rank
Cyber-security 1
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 1
0
0.2
0.4
0.6
0.8
1Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 102 of 211
Use case 2: the seal is used also to provide a limited privacy protection
Domain Rank
Cyber-security 1
Privacy 1
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 1
0
0.2
0.4
0.6
0.8
1Cyber-security
Privacy
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
9.3.4. Magnetic field sensors
Use case 1: protecting the measuring system when this is using magnetic field sensors
Use case 2: protecting the power supply against maliciously saturating the transformer
core.
NOTE: due to the fact that these techniques cannot be considered “cyber-security
techniques”, the information gathered wasn’t sufficiently detailed, however, a high level
evaluation is proposed as follows
Evaluation
See 9.3.2, except 2 for integrity (difficult to defeat)
9.3.5. Power quality sensors
Use case 1: one or more phases missing
Use case 2: power fail. A.k.a. “last gasp alarm”
Page 103 of 211
Use case 3: general measurements such as voltage, frequency and harmonics
Evaluation
See 9.3.2, except 2 for integrity (difficult to defeat)
9.4. Time Synchronisation
An accurate time is required when a time based tariff is used, to assign the correct time to
events in the logs and possibly to assess the validity of certificates. The maximum
deviation from the legal time and the frequency of synchronisation are determined by the
local regulations.
9.4.1. Application specific protocols
Use case 1: DLMS broadcast
Use case 2: DLMS unicast
Use case 3: NTP
Use case 4: IEC (locally)
Use case 5: Vendor specific
Evaluation
The only aspect to be considered is integrity of the data for fraud prevention, which
depends on security of the underlying communication protocol and plausibility checks
which are often subject to local regulations. For that reason, the list just provided (which
comes from the information gathering phase of the BAT process) will not be ranked or
evaluated as these protocols, per se don’t provide additional cyber-security/privacy
features.
9.5. Security architecture
Miscellaneous aspects of security that cannot directly be mapped to a functionality.
9.5.1. Unique keys
Smart metering devices do not have reactive tamper measures, except for generating
alarms, and are possibly under complete control of an attacker.
Cyber-Security
Criterion Rank Comment
Confidentiality NA Not a functionality of the technique.
Page 104 of 211
Availability NA Not a functionality of the technique.
Access to key material 2 Compromising a single key does not affect other devices
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non-repudiation NA Not a functionality of this technique
Integrity NA Not a functionality of this technique
Authentication 2 Unique keys enable the receiver to verify the sender.
Privacy and Data Protection
Criterion Rank Comment
Data Retention NA The authentication mechanism does not influence which data
is collected
Data Minimisation NA The authentication mechanism does not influence which data
is collected
Data Control NA The authentication mechanism does not provide control on
which data is collected
Data Access NA The authentication mechanism does not influence which data
are accessible
Anonymity NA The authentication mechanism does not influence the linking
of data to individuals
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Widespread use in modern deployments
Standardisation NA Process and configuration dependent
Upgradability NA Not a functionality of the technique.
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
NA The technique as such does not require communication
Page 105 of 211
Bandwidth required NA The technique as such does not require communication
Latency tolerance /
‘Always-on
communication
required?
NA The technique as such does not require communication
Impact to processes 0 Complex key management.
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 0
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Unique keys per meter help to ensure that one successful attack on a meter does not
necessarily lead to a compromise of all meters, and revocation per meter based on the
communication keys becomes possible.
9.5.2. Private location
Smart metering devices are mounted on the private property of the consumer and are not
(legally) physically accessible by others.
While this practice (or technique) deals with the physical security, it should be recognised
that it contributes to make some cyber-attacks threats harder by limiting the possibilities
to interact with the device. For that reason, it is considered here and an evaluation is
provided.
Page 106 of 211
Evaluation
The fact that a consumer might be a potential attacker of the system has been left out of
this evaluation since such attacks might also occur in situations where meters are installed
in publicly accessible places (e.g. the basement of an apartment). Therefore the physical
location has not much impact on those scenarios.
This technique is mainly beneficial in protecting the consumers privacy by not disclosing
personal information to unauthorised individuals, and in situations where the meter might
be attacked for other reasons.
Cyber-Security
Criterion Rank Comment
Confidentiality NA Not a functionality of this technique
Availability NA Not a functionality of this technique
Integrity NA Not a functionality of this technique
Access to key material 1 Physical barrier before even accessing the device
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Non Repudiation NA Not a functionality of this technique
Authentication NA Not a functionality of this technique
Privacy and Data Protection
Criterion Rank Comment
Data Retention NA Private location does not influence which data is collected
Data Minimisation NA Private location does not influence which data is collected
Data Control NA Private location does not provide control on which data is
collected
Data Access 1 Private location limits access to personal data due to private
location.
Anonymity NA Private location does not influence the linking of data to
individuals
Page 107 of 211
Maturity and Upgradeability of Technique
Criterion Rank Comment
Standardisation NA Determined by local regulations
Upgradability NA Not a functionality of the technique.
Implementation scale 2 Widespread use
Impact of Technique towards Architecture
Impact of this technique towards architecture has not been rated since this technique does
not require any changes to the architecture. Only the location is of relevance.
Ranking Summary
Domain Rank
Cyber-security 1
Privacy 1
Maturity and Upgradeability of Technique 2
0
0.5
1
1.5
2Cyber-security
PrivacyMaturity and
Upgradeability ofTechnique
Rank
The physical location provides a first line of defence. The implementation depends on local
regulations.
Page 108 of 211
9.5.3. DLMS secure transport
DLMS is one of the most commonly used Smart Metering protocols. It provides a large
range of security functions that are specified in the protocol. The payload of the DLMS
APDUs can be encrypted and authenticated using AES-GCM. Additionally, selected data
can also be signed and/or encrypted end to end.
Evaluation:
See also the caveats in 9.2.
Privacy is not evaluated here as it is a generic technique, see also 9.2.1.1
Cyber-Security
Criterion Rank Comment
Confidentiality 2 DLMS is using an up to date cryptographic algorithm to
ensure confidentiality
Availability NA Not a functionality of the technique.
Integrity 2 Exchanged data can be secured by applying a
cryptographic MAC or a digital signature.
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique, this is described and
ranked in the rating of the DLMS protocol itself.
Non Repudiation NA Not a functionality of this technique this is described and
ranked in the rating of the DLMS protocol itself.
Authentication 2 DLMS can perform mutual authentication based on pre-
shared keys or in the latest revision of the standard with
the use of certificates.
Privacy and Data Protection
Criterion Rank Comment
Data Retention NA The authentication mechanism does not influence which data
is collected
Data Minimisation NA The authentication mechanism does not influence which data
is collected
Data Control NA The authentication mechanism does not provide control on
which data is collected
Page 109 of 211
Data Access NA The authentication mechanism does not influence which data
are accessible
Anonymity NA The authentication mechanism does not influence the linking
of data to individuals
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Highly used protocol in Smart Metering domain.
Standardisation 2 Fully standardised: IEC62056, commonly known as the
“Blue Book” and the “Green Book”
Upgradability 1 Within a specific DLMS version security can be upgraded by
choosing a different security mode. However, when going
from one version of DLMS to another it will have significant
impact on processes and infrastructure. Also since DLMS is
an international standard version upgrades are not very
frequent. Therefore a rating of '1' is applicable here
Impact of Technique towards Architecture
Criterion Rank Comment
Impact to processes 1 DLMS will require a key management system to be deployed
to manage the Smart Meters, this has an impact to the
processes.
Bandwidth required NA Depends on the use case
Latency tolerance /
‘Always-on
communication
required?
2 DLMS is able to use high latency and unreliable networks
such as PLC
Communication
overhead generated
2 The ASN.1 coding ensures a minimal overhead
Page 110 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.66
Impact of Technique towards Architecture 1.66
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
DLMS security is a wide spread technique to protect information on a variety of network
types.
9.5.4. Independent monitoring
This is mostly applicable to “critical commands”, which are commands that can affect the
power supply to a consumer. The risk model considers that a supplier is attacked and then
starts sending properly signed disconnect commands. The (independent) communication
provider only transfers these commands if they look reasonable. Currently only used in
GB.
Cyber-Security
Criterion Rank Comment
Confidentiality NA Not a functionality of the technique.
Availability NA Not a functionality of the technique.
Integrity 2 The described monitoring technique can ensure integrity
during the all data process, this is assuming that an
additional cryptographic integrity checksum is applied to
the data to be send.
Page 111 of 211
Access to key material NA Not a functionality of the technique.
Integrity of key material NA Not a functionality of the technique.
Logging 2 The technique allows to audit and log the exchanged data
to a great extent.
Non Repudiation NA Not a functionality of the technique.
Authentication 2 The described monitoring technique can ensure
authentication of the data when checked, this is assuming
that an additional cryptographic integrity checksum is
applied to the data to be send.
Privacy and Data Protection
Criterion Rank Comment
Data Retention NA The authentication mechanism does not influence which data
is collected
Data Minimisation NA The authentication mechanism does not influence which data
is collected
Data Control NA The authentication mechanism does not provide control on
which data is collected
Data Access NA The authentication mechanism does not influence which data
are accessible
Anonymity NA The authentication mechanism does not influence the linking
of data to individuals
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 0 This is a new technique to smart metering.
Standardisation 2 Standardised: IEC62056 detailed in the “Great Britain
Companion Specification” GBCS
Upgradability 2 The technique can easily be adjusted or extended.
Impact of Technique towards Architecture
Criterion Rank Comment
Page 112 of 211
Communication
overhead generated
NA The technique as such does not require communication
Bandwidth required NA The technique as such does not require communication
Latency tolerance /
‘Always-on
communication
required?
NA The technique as such does not require communication
Impact to processes 2 Arrangements between supplier and communication
provider required and kept up to date, and processes need
to be implemented in order to be able to verify the
commands.
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.33
Impact of Technique towards Architecture 2
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Independent monitoring adds a second line of defence against unauthorized
disconnections.
Page 113 of 211
9.5.5. TLS secure transport
TLS (Transport Layer Security) is a protocol running on top of a reliable connection
protocol (usually TCP/IP). A TLS session starts with a “Handshake” phase where client
and server agree on common security mechanisms and key material.
All payload can be encrypted and authenticated using mechanisms agreed during
connection establishment.
Evaluation:
Caveats in 11.1.10
Cyber-Security
Criterion Rank Comment
Confidentiality 2 TLS can provide a very good level of confidentiality
Availability NA Availability is not a function of TLS
Integrity 2 TLS can ensure integrity of data exchanged by applying
message authentication codes to the messages.
Authentication 2 Based on a certificate or pre-shared keys, TLS provide
functionalities to ensure authentication
Access to key material 2 When the option “Ephemeral DH” is chosen for key
agreement, the key material cannot be used to decrypt
previous session.
Integrity of key material 2 Public keys are sent as certificates
Non-repudiation NA Not a function of TLS. This would need to be provided by
the application layer protocol.
Logging NA Not a function of TLS. This would need to be provided by
the application layer protocol.
Privacy and Data Protection
Criterion Rank Comment
Data Retention NA TLS mechanism does not influence which data is collected
Data Minimisation NA TLS mechanism does not influence which data is collected
Data Control NA TLS mechanism does not provide control on which data is
collected
Data Access NA TLS mechanism does not influence which data are accessible
Page 114 of 211
Anonymity NA TLS mechanism does not influence the linking of data to
individuals
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 On OA and OB only in DE, elsewhere widespread use
Standardisation 2 Fully standardised (RFC 5246, 5289 , 6066, 7251 etc.), many
options to choose from
Upgradability 2 Common practice
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
2 Minimum 100 bytes for the handshake and 25 bytes per
packet of maximum 214 bytes
Bandwidth required 2 or 1 This is depending on the type of network, on low latency –
small bandwidth networks the key exchange technique can
have impact (1) due to the extra communication involved. On
high bandwidth networks the impact is negligible (2).
Latency tolerance /
‘Always-on
communication
required?
2 or 1 This is depending on the type of network, on low latency –
small bandwidth networks the key exchange technique can
have impact (1) due to the extra communication involved. On
high bandwidth networks the impact is negligible (2).
Impact to processes 1 Key management required
Page 115 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.75
1.61.65
1.71.75
1.81.85
1.91.95
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
TLS is a widespread technique for transport security. It can be configured to provide a high
level of confidentiality and integrity.
9.5.6. End-to-End Signing
End 2 end signing ensures the authenticity of selected data between the sender and the final
recipient. Intermediate parties, such as communication providers, cannot (and must not)
change the signed data.
It is used in the UK for billing data sent from the meter and for commands that can affect
the supply of power, the so called “Critical commands”.
CMS signing, as used in DE, is also an implementation of this technique.
Page 116 of 211
Cyber-Security
Criterion Rank Comment
Confidentiality NA Confidentiality is not of function of digital signatures
Integrity 2 A signed message cannot be changed undetected.
Availability NA Not a functionality of this technique
Access to key material NA Not a functionality of this technique
Integrity of key material NA Not a functionality of this technique
Logging NA Not a functionality of this technique
Authentication 2 The receiver can verify that the data was sent by the party
that possesses the private key matching the verification
key.
Non-repudiation 2 Non repudiation of origin when using an on-board
generated private key. A HSM can provide additional
assurance here.
Privacy and Data Protection
Criterion Rank Comment
Data Retention NA End to end signing mechanism does not influence which data
is collected
Data Minimisation NA End to end signing mechanism does not influence which data
is collected
Data Control NA End to end signing mechanism does not provide control on
which data is collected
Data Access NA End to end signing mechanism does not influence which data
are accessible
Anonymity NA End to end signing mechanism does not influence the linking
of data to individuals
Maturity and Upgradeability of Technique
Criterion Rank Comment
Page 117 of 211
Implementation scale 1 Limited use, mainly UK and DE
Standardisation 2 Fully standardized, GBCS and the RFCs governing CMS
Upgradability 2 Technique can be updated in software
Impact of Technique towards Architecture
Criterion Rank Comment
Communication
overhead generated
2 An ECDSA signature is 64 bytes.
bandwidth required NA Depending on the use case, cannot be ranked.
Latency tolerance /
"Always on
communication
required"
2 Signing is an asynchronous process and does not depend on
communication.
Impact to processes 1 Processes to create and assign credentials are required, for
example a PKI
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.66
Impact of Technique towards Architecture 1.66
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 118 of 211
The advantage of this technique is that the intermediate components do not have to be
secure.
9.5.7. Switching commands validated against the grid code (Grid Sensitive Operation)
Grid operators have traditionally used the power grids inherent properties (voltage and
frequency) for coordinating the operation of power generators. Today those rules are
known as ‘grid codes’ and, in most cases, grid codes are standardised at the national, or
European level (ENTSO-E).
Grid code sensitive operation (GSO) is already required for almost all generators. In
addition, for certain types of large loads GSO is also defined and used, while smart power
relays exist that follow GSO rules (over voltage, under frequency, etc.).
At present, smart meters are not required to implement GSO, even when they are equipped
with load switching relays. However, with the addition of a power relay a meter technically
becomes either a generator or a load, depending on the flow of current at a given time.
From the perspective of the security of supply, ‘load switching’ is the most critical
command and misuse must be prevented under all circumstances.
No actor (TSO, DSO, market participant, customer, etc.) would wilfully perform a
switching command that would push a power grid into a critical state; only malicious actors
would make this attempt.
Grid codes typically define the operational limits of a power grid at between 49,8 and 50,2
Hz and the voltage at a consumer’s grid connection point within 10% of the nominal value
(typically 230 V).
Moreover, anything above 52 Hz or below 47 Hz is undefined and well beyond the safe
operational limits of the grid.
The following is an example for GSO-aware switching behaviour:
- A smart meter receives a ‘switch off' command
- The smart meter measures locally that it is currently exporting power to the grid
- The meter measures locally that the grids frequency is below 49 Hz, in an
emergency grid state, as there is not sufficient generation supply, with minor
blackouts already happening in parts of the grid
- Because a ‘switch off’ command would remove supply when power is needed,
the command shall be ignored at this point in time as it most likely did not originate
from a regular actor.
The duration of periods where the grid is not in a healthy (“green”) state is at most just a
few minutes per year, typically due to unplanned major accidents or disasters. This is one
of the reasons why regular business processes in metering (e.g. pre-paid meters, demand
side management contracts, etc.) will not the affected by a GSO meter behaviour.
Page 119 of 211
GSO can only be used as a tool for ‘end-to-end’ validation of load switching commands,
because only in those cases the validity of the command against the state of the grid can
provide a meaningful validation result.
In a sense, GSO can be seen as an inherent capability of the meter’s safety logic, or
considered as a second factor in authorisation process.
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA Not Applicable
Availability 2 The measurement of the power grid’s frequency and voltage
is the core functionality of a smart meter. The required data
is already always available
Integrity NA The technique does not provide integrity protection of
switching commands.
Access to key material NA No cryptography used
Integrity of key material NA No cryptography used
Authentication NA Not a functionality of the technique
Auditing/logging NA The technique allows auditing and logging of the commands
that violated GSO rules, if log entries are generated.
Non-repudiation NA Not Applicable. GSO is a local second factor in the
authorisation process to ensure end-to-end integrity of load
switching commands.
Privacy and Data Protection
Criterion Rank Comment
Data Retention NA Load Control Switch mechanism does not influence which
data is collected
Data Minimisation NA Load Control Switch mechanism does not influence which
data is collected
Data Control NA Load Control Switch mechanism does not provide control on
which data is collected
Page 120 of 211
Data Access NA Load Control Switch mechanism does not influence which
data are accessible
Anonymity NA Load Control Switch mechanism does not influence the
linking of data to individuals
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation Scale 1 The technique of grid codes has been used an implemented
at a full scale in generators and smart power relays.
However, in smart metering only one company is known
which is currently working on such a product.
Standardisation 1 Grids codes regarding the grids frequency are well
established for decades and no research is needed. However,
today TSO/DSOs do not have defined precisely which of
those rules must be applied to smart meters.
Upgradability NA Not applicable. The laws of physics do not change and as a
consequence grid codes do not change under normal
circumstances.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication overhead
generated
2 No external communication is needed. All data is local to the
meter.
Bandwidth required 2 No external communication is needed. All data is local to the
meter.
Latency tolerance /
“Always-on
communication required?”
2 No external communication is needed. All data is local to the
meter.
Impact to processes 2 No impact on existing processes. GSO is primarily a disaster
prevention technique, which is only triggered in extreme
situations. Typically, there are only a few minutes each year
where the conditions for a GSO based ‘switching command
prevention’ would be initiated.
Page 121 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.00
Impact of Technique towards Architecture 2.00
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Grid code Sensitive Operation (GSO) is a mature technique when it comes to operating the
power grid, but in the context of smart metering it is currently not used and not required.
The implementation can depend on local variations in the grid code.
As it is possible to see from the rankings, the use of GSO to validate switching commands
has a limited impact on the existing architecture and, as long as the implementation is
explicitly outside the scope of the upgradeable part of the firmware, this technique is
resilient to cyber-attacks”.
9.6. Hardware Security
Miscellaneous aspects of security that cannot directly be mapped to a functionality.
9.6.1. (Processor) hardening
Processor hardening is a generic term for measures to protect the assets in the component.
Implementation is vendor specific and the survey did not provide much detail.
Encryption of the content of the memory chips.
Using the processor specific measures to deny access to internal data.
Absent or disabled debug interfaces.
PCB layout or coating to prevent access to sensitive data.
Page 122 of 211
Using dedicated security hardware such as a HSM.
Hardware access control: for example, the NL P1 interface is read-only by
construction as the write hardware is absent.
Firmware hardening (extra checks on inputs). These are not properly speaking
hardware security as these checks are made by the firmware.
Tamper-resistance measure ensured by hardware design (checking voltage range,
temperature range or radiation,..)
The security of this hardening methods depends on how the credentials used for this
protection are securely stored and used. For that reason a separate evaluation of techniques
relying on dedicated crypto processor is presented:
1. Hardening the device’s main processor (e.g. TEE: Trusted Executable
Environment)
2. Adjunction of secure storage module relying on processing in the main processor
(e.g. TPM: Trusted Platform Module), ensuring the trustability of the processor
boot (Hardware Root of Trust).
3. Adjunction of dedicated crypto processor and credential storage (e.g. HSM:
Hardware Security Module)
4. Adjunction of programmable tamper resistant processor (e.g. SE: Secure Element)
Evaluation
.
Cyber-Security
Criterion Rank Comment
Confidentiality 2-0 Hardware security may provide good confidentiality of data
if an access control with protection of security policies is
used and if secure authentication is done. When data
encryption is made it shall be made using dedicated crypto
processor with tamper resistance ranked 2.
Availability 2 – 1-
0
Use of appropriate secure processing to detect Denial-of-
service (DOS) attacks may be implemented using for
example programmable tamper resistant processor (e.g.
Secure Element) (ranked 2) If a TEE is used then ranked 1.
If hardware root of trust is added to the TEE, the integrity of
the DOS attacks detection software may be verified (Ranked
2). HSM doesn’t provide capability of appropriate secure
processing (ranked 0)
Page 123 of 211
Integrity 2 - 0 Hardware security may provide good integrity protection of
data if data are stored in a dedicated hardware element with
tamper resistance (e.g.HSM, SE) (ranked 2).. If use of
secure storage module relying on processing in the main
processor (e.g. TPM: Trusted Platform Module), ensuring
the trustability of the processor boot, then integrity of the
applications (workload) may be verified (ranked 2).
Otherwise ranked 0.
Access to key material 1-2 Hardware security provides good guarantee about integrity
because of physical protection, if a dedicated hardware
element is used 2 points are awarded (HSM or SE),
otherwise 1.
Integrity of key material 1-2 Hardware security provides good guarantee about integrity
because of physical protection, if a dedicated hardware
element is used 2 points are awarded (HSM or SE),
otherwise 1.
Authentication 2-0 Hardware security may provide authentication with a high
level of trust using a secure element or HSM to store the
certificates and for crypto processing. If a dedicated
hardware element is used 2 points are awarded (HSM or
SE).
Auditing/logging 2-0 If a dedicated hardware element is used 2 points are awarded
that can log tampering events.
Non-repudiation 2-0 Hardware security may provide non repudiation with a high
level of trust using a secure element or HSM to store the
certificates and for crypto processing. If a dedicated
hardware element is used 2 points are awarded (HSM or
SE).
Maturity and Upgradeability of Technique
Criterion Rank Comment
Implementation scale 2 Common practice for deployed Smart Meters
Standardisation 1 Several standards exist, but there is no common level
established for smart metering applications.
Upgradability 2-1 Secure Element and HSM are upgradeable. The Secure
Element may be managed remotely. The HSM usually needs
physical intervention on the device. TPM is not remotely
upgradeable ranked 1
Page 124 of 211
Ranking Summary
1. Hardening the device’s main processor (e.g. TEE: Trusted Executable
Environment)
Domain Rank
Cyber-security 0.4
Maturity and Upgradeability of Technique 1.3
0
0.2
0.4
0.6
0.8
1
1.2
1.4Cyber-security
Maturity andUpgradeability of
Technique
Rank
2. Adjunction of secure storage module relying on processing in the main processor
(e.g. TPM: Trusted Platform Module), ensuring the trustability of the processor
boot.
Page 125 of 211
Domain Rank
Cyber-security 0.75
Maturity and Upgradeability of Technique 1.3
0
0.2
0.4
0.6
0.8
1
1.2
1.4Cyber-security
Maturity andUpgradeability of
Technique
Rank
3. Adjunction of dedicated crypto processor and credential storage (e.g. HSM:
Hardware Security Module)
Domain Rank
Cyber-security 1.75
Maturity and Upgradeability of Technique 1.3
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Rank
Page 126 of 211
4. Adjunction of programmable tamper resistant processor (e.g. SE: Secure Element)
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.6
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Rank
Hardware security can enhance the cyber security of the other mechanisms. It can also be
required by local regulations.
9.6.2. Physics security
The properties of radio waves provide a certain level of security; the reach of ZigBee and
wireless M-Bus is limited to 50 meters at best. LF Radio and ripple control require such a
high transmitting power that a practical attack only affects a limited number of devices.
This technique does not provide cyber security measure but is used by some member of
the stakeholder forum to reduce the risk surface.
Page 127 of 211
10. ANALYSIS OF THE TECHNIQUES GATHERED FOR COMPONENT C*
10.1.1. ZigBee Smart Energy Profile
ZigBee Smart Energy Profile is a communication protocol that defines network and
application layer formats for communicating between end-devices in the AMI network.
The protocol standard is maintained by the ZigBee Alliance. The protocol can also be used
to communicate between end-devices and the central system tunneled through other
communication channels. Zigbee is not considered as an authentication technique, but can
be complemented by other techniques to take care of that specific property.
Applicable components: CF, CK
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 2 Based on the data obtained from the survey, ZigBee SEP is defined
to use AES-CCM* for authenticated encryption of the exchanged
data. Furthermore, MQV algorithm is used for key agreement.
Availability NA Not applicable as this is a technique concerned with the
communication security.
Integrity 2 Based on the data obtained from the survey, ZigBee SEP is defined
to use AES-CCM* for authenticated encryption of the exchanged
data. Furthermore, MQV algorithm is used for key agreement.
Access to key
material
2 ZigBee offers capabilities to securely update key material.
Integrity of key
material
2 Integrity of key updates is ensured and validated.
Authentication 2 Based on the data obtained from the survey, it is defined that ZigBee
SEP is using certificates for role based access controls.
Auditing/logging 2 Based on the data obtained from the survey, it is defined that ZigBee
SEP is providing logging capabilities for fraud related events.
Non-repudiation 0 ZigBee does not provide a Non-Repudiation mechanism.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
1
Page 128 of 211
Within the EU this technique is widely in use in one country,
worldwide its mainly in use in a number of US states and in some
parts of Australia.
Standardisation 2 Although being a standard designed by the ZigBee Alliance
extensions to the standard are still under development.
Upgradability 2 The technique offers full remote upgradeability of device firmware.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 The protocol only generates the necessary overhead required to
provide synchronisation, routing, error checking
Bandwidth
required
2 ZigBee has been developed to accommodate with low bandwidth
requirements.
Latency tolerance
/ “Always-on
communication
required?”
2 The proposed technique does not require any “always-on”
communication capabilities.
Impact to
processes
1 Moderate impact to processes is caused by managing the white lists
for joining the network.
Page 129 of 211
Ranking Summary
Domain Rank
Cyber-security 1.7
Maturity and Upgradeability of Technique 1.66
Impact of Technique towards Architecture 1.75
1.61.621.641.661.68
1.71.721.741.76Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Like for other communication protocol, confidentiality is assessed in the part related to the
cyber security. For that reason, the usage of ZigBee does not have any impact on privacy
and data protection.
ZigBee provides good guarantee in terms of cyber security, is easy to maintain and has not
a lot of impact towards architecture.
10.1.2. CMS
Cryptographic Message Syntax (CMS) is a standard for cryptographically protected
messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital
data. It is used in Germany to protect data on the CF and CI interface.
Applicable components: CF, CI
Page 130 of 211
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 2 Based on the survey responses, it is defined that CMS is used
with ECC together with a AES CBC or GCM encryption
Availability NA Not applicable as this is a technique concerned with the
communication security.
Integrity 2 CMS offers the possibility to add a MAC or digest to the data.
Access to key
material
NA Not a functionality of the technique.
Integrity of key
material
NA Not a functionality of the technique.
Authentication 2 Authentication of entities can be achieved.
Auditing/logging 2 Technique can transmit audit and logging events.
Non-repudiation 2 The standard supports signing of transmitted data.
Privacy and Data Protection
CMS has no impact on data storage and collection.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 CMS is used as the key cryptographic component of many other
cryptographic standards, such as S/MIME, PKCS#12 and the
RFC 3161 Digital timestamping protocol.
Standardisation 2 CMS is specified in RFC 5652 and is an IETF standard.
Upgradability 2 CMS can in principle support transfer of upgrades.
Page 131 of 211
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
0 (if
combined
with the
use of
XML), 2
(if only
CMS is
used)
Based on the questionnaire responses, CMS, in some cases, is
used in combination with XML. XML produces at least a 33%
overhead12.
Bandwidth
required
2 It is possible to configure CMS in such a way that it can be
used over low-bandwidth channels by sending only the fields
of a certificate that are strictly necessary.
Latency tolerance /
“Always-on
communication
required?”
2 It is not required that the communication is “always-on”
Impact to
processes
0 CMS is used as part of a key management system, it’s a
technique used to sign, digest, authenticate or encrypt any
form of digital data. Key management itself has significant
impact to processes, but this particular technique has been
designed to optimise aspects encryption.
12 Smart metering uses binary data, which must be „base64“ encoded in XML. Additionally, the tags tend to
be more verbose and must occur twice.
Page 132 of 211
Ranking Summary
CMS without XML
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.5
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 133 of 211
CMS combined with XML
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Like other communication protocols, confidentiality is assessed in the part related to the
cyber security. For that reason, the usage of CMS does not have any impact on privacy and
data protection. CMS provide good guarantee in terms of cyber security more especially
for confidentiality, authentication and integrity. CMS is easy to maintain, is fully
standardize and have not a lot of impact towards architecture.
10.1.3. M-Bus
M-Bus is a European standard for the remote reading of meters. The M-Bus standard uses
communication via a 2-wire bus or wireless communication (different frequency bands are
supported).
Applicable components: Ox, CH
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 2 It is assumed that the M-Bus employs a mode using authenticated
encryption (AES-CCM, GCM, CBC-CMAC). Those modes will
ensure confidentiality of the transmitted data.
Page 134 of 211
This rating will not apply if a different mode is used.
Integrity 2 It is assumed that M-Bus employs a mode using authenticated
encryption (AES-CCM, GCM, CBC-CMAC). Those modes will
ensure integrity of the transmitted data.
This rating will not apply if a different mode is used.
Access to key
material
2 M-Bus allows a secure key update by using a key encryption key
Integrity of key
material
0 The integrity of a key update is not checked.
Authentication 0 The M-Bus standard does not provide access control
mechanisms.
Auditing/logging 2 The M-Bus standard is providing logging capabilities for fraud
related events.
Non-repudiation NA Does not provide non-repudiation mechanisms.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 M-Bus is widely adapted in Europe and used for electricity, gas,
water and heat metering in several Member States.
Standardisation 2 M-Bus is fully standardized under the EN 13757 norm.
Upgradability 2 The M-Bus standard allows transmitting updates for end-devices.
This rating does not apply for uni-directional device
communication, were upgrade functionalities are not supported.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 The standard is in particular aimed to generate minimal
overhead.
Bandwidth
required
2 The standard is designed to operate with low bandwidth
requirements.
Page 135 of 211
Latency
tolerance /
“Always-on
communication
required?”
2 The technique does not require any “always-one” capabilities.
Impact to
processes
1 When M-Bus is used in smart metering infrastructures messages
have to be encrypted and authenticated to prevent eavesdropping
and maintain integrity. This will require some form of key
management which has moderate impact to processes.
Ranking Summary
Domain Rank
Cyber-security 1.33
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.75
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Like other communication protocols, confidentiality is assessed in the part related to the
cyber security. For that reason the usage of M-Bus does not have any impact on privacy
and data protection. M-Bus provides some guarantee for cyber security but lacks user
authentication and integrity of the key material. M-Bus is fully standardized and do not
have a lot of impact towards the architecture.
Page 136 of 211
10.1.4. DLMS
DLMS is a set of standards for the exchange of metering data. It is an application layer
protocol that can be operated over several communication channels, for example HDLC
serial links or IP communication (TCP or UDP). The DLMS standard is one of widely used
smart metering standards in Europe. It defines several security functionalities for
protecting the communication links, as well as for authentication and access controls.
Applicable components: Ox, CF, CH
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 2 DLMS supports a combination of AES-GCM and ECC cryptography
in 3 different security suits. For this rating it is assumed that at least
authenticated encryption with AES-GCM is used.
This rating will not apply if DLMS is used without security or in other
configurations.
Availability NA Not applicable as this is a technique concerned with the
communication security.
Integrity 2 DLMS supports a combination of AES-GCM and ECC cryptography
in 3 different security suites. For this rating it is assumed that at least
authenticated encryption with AES-GCM is used.
This rating will not apply if DLMS is used without security or in other
configurations.
Access to key
material
2 Key material is additionally protected during transport using
RFC3394
Integrity of key
material
2 Key material is additionally protected during transport using
RFC3394.
Authentication 2 DLMS provides authentication and fully configurable access control
mechanisms.
Auditing/logging 2 DLMS provides logging capabilities for fraud related events.
Non-repudiation 2 DLMS supports signing of transmitted information.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Page 137 of 211
Implementation
Scale
2 DLMS is one of the most deployed standards for Smart Metering in
Europe. It is in use in several Member States.
Standardisation 2 DLMS is standardised under IEC 62056.
Upgradability 2 DLMS supports remote updates of endpoint functionality.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 The authentication protocol (HLS) is generating a minimal amount
of overhead.
Bandwidth
required
2 DLMS is suitable to operate with low bandwidth channels.
Latency
tolerance /
“Always-on
communication
required?”
1 Communication in DLMS is normally synchronous and needs to be
always on. However, the standard also supports propagation of
events in an asynchronous mode. DLMS is used in high latency
networks.
Impact to
processes
1 A part of DLMS is dependent on key management processes, and
as such has moderate impact on processes.
Page 138 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.5
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Confidentiality is assessed in the part related to the cyber security. For that reason, the
usage of DLMS does not have any impact on privacy and data protection. DLMS provide
very good guarantee for cyber security. DLMS is easy to upgrade and to maintain, fully
standardize but could have some impact toward architecture more especially on latency
tolerance and on process to manage key materials
10.1.5. Dial in Whitelisting
The Dial in Whitelisting is a technique that is used to prevent successful dial-up
connections to components from unwanted devices. The whitelist is a listing specifying all
the allowed numbers that have been granted permission by the user or an administrator to
establish the connection with the component. All the other are blocked or routed to a
sandbox.
Applicable components: CD, CF, CH
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA No a functionality of the technique.
Page 139 of 211
Integrity NA No a functionality of the technique.
Availability 2 Whitelisting per se affects availability but does not provide
authentication.
Access to key
material
NA No a functionality of the technique.
Integrity of key
material
NA No a functionality of the technique.
Authentication 0 Authentication is necessary but requires separate technique
Auditing/logging 2 Based on the most advanced implementations of this technique,
both the accepted and unaccepted connections shall be
registered in the system security log.
Non-repudiation NA No a functionality of the technique.
Privacy and Data Protection
This technique applies to access control of a system and is not related to data collection
and storage.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 Based on questionnaire response, it is in use in multiple Smart
Meter installations across Europe
Standardisation 0 No particular standard is available.
Upgradability NA Not defined
(a) Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 No communication overhead generated by technique.
Bandwidth
required
2 The technique operates in narrow-band communications, with no
impact on bandwidth required.
Page 140 of 211
Latency
tolerance /
“Always-on
communication
required?”
2 Not applicable
Impact to
processes
2 Impact to processes is negligible, since the technique only requires
the management of the allowed dial up numbers list which is very
small.
Ranking Summary
Domain Rank
Cyber-security 1.3
Maturity and Upgradeability of Technique 1
Impact of Technique towards Architecture 2
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
This technique applies to access control of a system and is not related to data collection
and storage. For that reason, the usage of dial white listing does not have any impact on
privacy and data protection. Dial white listing provide very good guarantee for cyber
security for authentication and audit/logging but have no impact on integrity, availability
and confidentiality. Dial white listing is not standardized but is used in a several member
states. Dial white listing has no impact toward architecture.
10.1.6. LDAP
LDAP is an application protocol for accessing, querying and modifying data of directory
services implemented in Internet Protocol (IP) networks. It is commonly used to provide a
Page 141 of 211
centralized storage for (among others) usernames and passwords, which can be used by
components or applications to validate the identity of authenticating users.
Applicable components: CA, CI, Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA No a functionality of the technique.
Integrity NA No a functionality of the technique.
Availability NA No a functionality of the technique.
Access to key
material
NA No a functionality of the technique.
Integrity of key
material
NA No a functionality of the technique.
Authentication 2 LDAP provides authentication mechanism.
Auditing/logging 2 LDAP provides auditing and logging mechanism.
Non-repudiation NA No a functionality of the technique.
Privacy and Data Protection
This technique applies to access control of a system and is not related to data collection
and storage.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 It is widely used worldwide.
Standardisation 2 LDAP is standardised under RFC 4511.
Upgradability 2 It supports remote updates.
Page 142 of 211
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 Negligible communication overhead generated by technique.
Bandwidth
required
2 The technique has no impact on bandwidth required.
Latency
tolerance /
“Always-on
communication
required?”
1 Some latency is allowed since normal IP is used as a transport layer, but
authentication has to occur in a timely manner.
Impact to
processes
0 Implementation of a LDAP system requires significant maintenance
effort.
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.25
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 143 of 211
10.1.7. TACACS+
TACACS+ is a security application that provides centralized remote authentication of
users attempting to gain access to a network component, providing for separate and
modular authentication, authorization, and accounting facilities. It provides detailed
accounting information and flexible administrative control over authentication and
authorization processes. TACACS+ is facilitated through AAA and can be enabled only
through AAA commands.
Applicable components: CA
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA No a functionality of the technique.
Integrity NA No a functionality of the technique.
Availability NA No a functionality of the technique.
Access to key
material
NA No a functionality of the technique.
Integrity of key
material
NA No a functionality of the technique.
Authentication 2 TACACS+ provides strong authentication.
Auditing/logging 2 TACACS+ provides auditing and logging mechanism.
Non-repudiation NA No a functionality of the technique.
Privacy and Data Protection
TACACS+ is an authentication mechanism that does not have any influence on the privacy
dimension because it is not related to control on data collected or on which data will be
collected to provide specific functionalities.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 It is widely used worldwide.
Standardisation 2 TACACS+ is standardised under RFC 1492.
Upgradability 2 It supports remote updates.
Page 144 of 211
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 Negligible communication overhead generated by technique.
Bandwidth
required
2 The technique has no impact on bandwidth required.
Latency
tolerance /
“Always-on
communication
required?”
1 Some latency is allowed since normal IP is used as a transport layer,
but authentication has to occur in a timely manner.
Impact to
processes
0 Implementation of a TACAS+ system requires significant
maintenance effort.
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.25
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 145 of 211
TACACS+ provide very good guarantee for cyber security because it provide a strong
authentication mechanism with non-repudiation mechanism, protection of the key material
with auditing capabilities.
10.1.8. Firewall
A firewall is a network security mechanism to prevent unauthorized access to a network
or equipment, blocking traffic that is not in accordance with the set of predefined security
rules and policies. It can be based on hardware or software and is recommended as a safety
standard to close all doors for unused applications or services. Firewalls enable the
segregation and control of traffic between different network zones (zoning).
Applicable components: CA, CC, CD, CI
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA Not a functionality of the technique.
Integrity NA Not a functionality of the technique.
Availability 2 The technique provides measures for detection and prevention of
Denial of Service attacks.
Access to key
material
NA Not a functionality of the technique.
Integrity of key
material
NA Not a functionality of the technique.
Authentication NA Not a functionality of the technique.
Auditing/logging 2 Technique provides capabilities for auditing network traffic.
Non-repudiation NA Not a functionality of the technique.
Privacy and Data Protection
Although a firewall might play an important role in an architecture designed with privacy
and data protection mechanisms, the firewall itself provides no functionality specifically
designed for this purpose.
Page 146 of 211
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 Firewalls are used in virtually all network architectures.
Standardisation 2 It is a standard component, although not a standard by itself.
Upgradability 2 All commercial firewall providers offer upgrades in the form of soft- or
firmware updates. This is usually part of the support agreement.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 No communication overhead generated by the technique.
Bandwidth
required
2 The technique has no impact on bandwidth required.
Latency
tolerance /
“Always-on
communication
required?”
NA Not applicable
Impact to
processes
1 Although firewalls are considered part of a standard IT environment,
extra care has to be taken to manage firewall rules and have change
management applied. This is often overlooked.
Page 147 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.66
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
10.1.9. IDS/IPS
The IDS is a component, typically operating together with Firewalls, which has the
function of detecting, identifying and notifying the network administrators in case of
unauthorized or abnormal activities on a target system, i.e., detect and counter intrusions.
An IPS is slightly different to a classical IDS, since after inspecting the content of a request,
it is able to drop, alert, or potentially clean a malicious network request based on its
content. The determination of what is malicious is based either on behavior analysis or
through the use of known malicious signatures.
Applicable components: Applicable components: CA, CC, CD, CI
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 0 An IDS/IPS offers no specific functionality to guard the confidentiality
of data. Sometimes it might even lower the confidentiality (as is the
case with traffic inspection of encrypted data).
Integrity NA Not a functionality of the technique.
Page 148 of 211
Availability 2 The technique provides measures for detection and prevention of
Denial of Service attacks.
Access to key
material
NA Not a functionality of the technique.
Integrity of key
material
NA Not a functionality of the technique.
Authentication NA Not a functionality of the technique.
Auditing/logging 2 The IDS/IPS provides auditing and logging mechanism that can be
used for automated fraud/cyber-attack detection.
Non-repudiation NA Not a functionality of the technique.
Privacy and Data Protection
Although an IDS/IPS might play an important role in an architecture designed with privacy
and data protection mechanisms, the IDS/IPS itself provides no functionality specifically
designed for this purpose. Attempts to breach privacy and data protection might be
identified with a properly configured IDS/IPS, just like security related issues.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 IDS/IPS systems are deployed widely in networks as a monitoring
solution.
Standardisation 0 It is a standard component, although not a standard by itself.
Upgradability 2 An IDS/IPS is highly dependent on timely updates since signatures are
used to detect anomalies. All commercial offerings have mechanisms
in place to ensure updates, usually in the form of a subscription which
is part of the support agreement.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 An IDS/IPS inspects traffic and does not add any additional overhead.
Bandwidth
required
2 The technique has no impact on bandwidth required since traffic is
only inspected, not altered.
Page 149 of 211
Latency
tolerance /
“Always-on
communication
required?”
2 A properly configured IDS should not add significant latency to
network traffic (this is usually achieved by using a span port), and the
latency tolerance requirement therefore is applicable to some of the
traffic that is inspected. Not to the IDS itself. An IPS might add some
latency as it inspects the traffic itself directly to be able to act upon
anomalies.
Impact to
processes
1 It is an additional component that needs continuous administration and
operation. The value of the implementation of an IDS/IPS within a
network is highly dependent on the rules that are configured within
such a system. That requires compliance with business requirements
and therefore needs maintenance and attention.
Ranking Summary
Domain Rank
Cyber-security 1.33
Maturity and Upgradeability of Technique 1.33
Impact of Technique towards Architecture 1.75
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
10.1.10. Retention
The retention is directly related to privacy. Of course retention period could also be subject
to local regulations. But finally the retention period for the storage of personal data must
be defined and be in accordance to the European Data Protection framework.
Applicable components : OA, OB OC, PE
Page 150 of 211
Retention for data after the contract has ended
At the end of the contract data are stored during 6 years by the DNO, the supplier and third
parties because of local regulation
(a) Cyber-Security
Data retention is a technique that’s applied to data, not to systems and devices. Although
proper identification of data and its retention might lead to less risk due to leakage of old
data, it does not add significant benefits to the domain of cyber-security. Therefore, the
cyber-security rankings are deemed not applicable.
(b) Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data
Retention
2 Data retention is directly related to (local) regulation. Data are not stored
longer than what it is legally needed or strictly necessary.
Data
minimization
NA Data minimisation is a step before the retention and is applied before
collecting or storing the data. Therefore it is not applicable.
Data Control NA Data control is a mechanism to control what data is given to whom and is
not directly related to retention (other than being another privacy
technique).
Data Access NA Data access is another privacy mechanism, separate from retention.
Anonymity NA Anonymity is another privacy mechanism, separate from retention.
(c) Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 Data retention is widely used within IT environments. Traditionally for
storage constraints, but nowadays also to be in compliance with security
best practices related to data classification. An increased focus on this
technique has occurred due to recent EU legislation.
Standardisation 2 The development of processes related to data classification and the
removal of data is widely standardised, for example in the ISO
27001/27002
Upgradability 2 Because data are stored in information system, it is easy to upgrade data
retention
Page 151 of 211
(d) Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 Data retention does not add any overhead to communication channels.
Bandwidth
required
2 No additional bandwidth is required by implementing data retention.
Latency
tolerance /
“Always-on
communication
required?”
2 Data retention has no effect on network latency.
Impact to
processes
2 Although processes have to be designed with data retention in mind,
once it has been implemented it makes processes usually easier in the
sense that privacy-by-design has been achieved which requires less
manual actions on the data and requires less considerations about how
to work with the data involved.
(e) Ranking Summary
Domain Rank
Privacy and Data Protection 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 2
0
0.5
1
1.5
2
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 152 of 211
Retention for data stored locally in the meter
Meter readings and interval data are stored for the minimum and maximum lengths of
time required by the local legislation. Log data are also stored for the minimum and
maximum times defined by the local law.
(a) Cyber-Security
Data retention is a technique that’s applied to data, not to smart meters directly in a
technical way. Although proper identification of data and its retention might lead to less
risk due to leakage of old data, it does not add significant benefits to the domain of cyber-
security. Therefore, the cyber-security rankings are deemed not applicable.
(b) Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data Retention 2 Data retention is directly related to local regulation. Data are store
locally and no longer than what it is legally necessary.
Data minimization NA Not applicable.
Data Control NA Not applicable.
Data Access NA Not applicable.
Anonymity NA Not applicable.
(c) Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 Techniques to store a precise amount of data during a precise time
frame is widely used
Standardisation 2 Techniques to store a precise amount of data during a precise time
frame is fully standardized
Upgradability 0 The upgradeability here must be intended as the capability to adapt
to changing regulations in term of amount of information stored. It
is not easy to upgrade because it is linked to physical material (i.e.
if the space available for storage)
Page 153 of 211
(d) Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead generated
NA Not applicable.
Bandwidth
required
NA Not applicable.
Latency tolerance /
“Always-on
communication
required?”
NA Not applicable.
Impact to processes 2 Privacy-by-design has been achieved which requires less manual
actions on the data and requires less considerations about how to
work with the data involved.
(e) Ranking Summary
Domain Rank
Privacy and Data Protection 2
Maturity and Upgradeability of Technique 1.33
Impact of Technique towards Architecture 2
0
0.5
1
1.5
2
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Data retention is a technique that is mainly applicable to privacy and data protection.
Although local storage has also some impact in terms of storage requirement and liability
risk, it has been rated for its privacy benefits. This technique is usually directly linked to
Page 154 of 211
data classification processes that exist within a company and is most often dependent on
law and regulatory requirements.
Reading and transmission frequency
The readings frequency is related to functionality provided by the meter. This analysis is
made regarding the ten minimum functionalities. In some case, frequency is also related to
local regulation. Different use cases will describe different reading frequencies and
transmission frequencies. In the Data Protection European regulation, data collection must
be proportionate to the purposes. The ranking will consider a default transmission and
reading’s frequency.
Applicable components: CD, CF, OB, OD, OA
Use case 1: Hourly interval data is collected without the users consent – this includes
situations where regulation allows this collection.
Use case 2: Hourly interval data is collected with the user consent.
Intervals and daily transmission to provide advance tariff.
Per default, the meter collects hourly interval data and transmits it to the metering system
operator each day. The interval data are used to provide a “time of use” advanced tariff.
(a) Cyber-Security
Intervals and daily collection is a technique that’s applied to data, not to systems and
devices. Therefore, the cyber-security rankings are deemed not applicable.
(b) Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data Retention NA Not applicable because retention is another technique
applied after the collection.
Data minimization 2 To provide time advanced tariffs, interval data are
needed. The interval of collection has to be adjusted
in such a way that a minimum of data is collected in
order to make the calculation for tariffing.
Data Control 0 - 2 A rating of 0 is applied when no consent of the
consumer is involved. When the consumer has given
consent explicitly, a rating of 2 is applicable.
Data Access NA Not applicable because data access is a privacy
aspect that has to be considered separately for the
data collected.
Page 155 of 211
Anonymity NA Not applicable because anonymity is a privacy aspect
that has to be considered separately, and data used for
tariffing is not anonymous by nature.
(c) Maturity and Upgradeability of Technique
The criteria for maturity and upgradability of the technique have been deemed not
applicable because this technique is specifically used within the smart metering domain on
data collection and is more dependent on national regulation and specific industry
agreements.
(d) Impact of Technique towards the Architecture
The criteria for the impact towards the architecture are deemed not applicable because
this technique is not directly related to architecture and infrastructure.
(e) Ranking Summary
Use case 1:
Domain Rank
Privacy and Data Protection 1
Use case 2:
Domain Rank
Privacy and Data Protection 2
The frequency used for readings from the smart meter divulges information about an
individual/household. Thus privacy requirements are strict and this technique has to be
implemented to make sure the data collection is appropriate. This is reflected in the overall
rating.
Six bi-monthly values and 1 second for local interface
DNO collect six bi-monthly values for high level feedback on the energy usage. When the
customer gives consent, the DNO can read out the electricity meter with a 15min values
interval and the gas meter with a 5 minutes interval. On the local interface, the electricity
meter can provide data with a 1 second interval and the gas meter with 5 minutes interval.
(a) Cyber-Security
The 15 minute interval is the agreed value for network planning and chosen as an optimum
between the level of detail and the bandwidth and storage requirements. It has primarily
impact on privacy and data protection of consumers. Other domains are therefore not taken
into account.
Page 156 of 211
(b) Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data Retention NA Not applicable because data retention is applied after
collection.
Data minimization 2 Per default the meter collects only six bi-monthly
values for legitimate purposes. More detailed data are
only available with consent. Very detailed data are
only available locally.
Data Control 2 Consent is needed to collect more detailed data.
Data Access NA Not applicable because directives for this aspect have
been defined in regulation or consent given by the
consumer.
Anonymity NA Not applicable, because this data is by nature not
anonymous and the technique has not been designed
to provide anonymity.
(c) Maturity and Upgradeability of Technique
This technique is based directly on European legislation and has primarily impact on
privacy and data protection of consumers. Other domains are therefore not taken into
account.
(d) Impact of Technique towards Architecture
This technique is based directly on European legislation and has primarily impact on
privacy and data protection of consumers. Other domains are therefore not taken into
account.
(e) Ranking Summary
Domain Rank
Privacy and Data Protection 2
The frequency used for readings from the smart meter divulges information about an
individual/household. Thus privacy requirements are strict and this technique has to be
implemented to make sure the data collection is appropriate. This is reflected in the overall
rating.
10.1.11. Aggregation
Aggregation techniques can be used for very various purposes in a smart metering system.
Aggregation can be used for example for network planning but also to collect less sensitive
data from meter. Aggregation techniques need to be analyse regarding purposes of this
Page 157 of 211
aggregation and which control are giving to users to be part of this aggregation (for
network planning for example)
Applicable components: O*, P*
Data are aggregated for network planning purposes
The meter operator will aggregate individual consumption data for network planning
purposes. The rule for aggregation is to aggregate data retrieved from more than 5
households and only with the consent of the consumers.
(a) Cyber-Security
This technique adds no value to the cyber-security domain and is therefore deemed not
applicable.
(b) Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data Retention 2 The data retention period is proportionate and is only
related to data relevance or legal obligation
Data minimization 2 Network planning is made on aggregated data. This is
the minimum set of data that is needed to provide those
services
Data Control 2 Consent from the consumer is needed to include data
in the aggregation process. This consent represents a
legitimate legal basis.
Data Access NA Not applicable because data aggregation does not
influence which data will be accessible from customer
Anonymity 1 The criterion of 5 households is not sufficient to avoid
the risk of identification but this aggregation could
provide a baseline to produce an anonymous set of
data.
(c) Maturity and Upgradeability of Technique
These criteria are deemed not applicable because this technique is specifically for the
energy sector and solely related to data.
(d) Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Page 158 of 211
Communication
overhead generated
NA Not applicable because the technique defines a
process, not a protocol related aspect.
Bandwidth required 2 or NA Local aggregation reduces the amount of data to be
sent, otherwise not applicable.
Latency tolerance /
“Always-on
communication
required?”
NA Not applicable because this technique has nothing to
do with latency
Impact to processes NA Not applicable because this technique itself describes
a process.
(e) Ranking Summary
Domain Rank
Privacy and Data Protection 1.75
Impact of Technique towards Architecture 2
1.61.65
1.71.75
1.81.85
1.91.95
2
Privacy and DataProtection
Impact of Techniquetowards Architecture
Rank
The frequency used for readings from the smart meter divulges information about an
individual/household. Thus privacy requirements are strict and this technique has to be
implemented to make sure the data collection is appropriate. This is reflected in the overall
rating. Because this technique is not used solely in smart-meter environments, but also in
other areas where big data is analysed maturity and impact towards architecture are also
rated.
Page 159 of 211
Data are aggregated and anonymized for statistic and scientific issues
The meter operator will aggregate individual consumption data with consent from
customer for statistic and scientific purposes. This data will be stored without a defined
retention period. Monthly data will be aggregated for a minimum of 10 households and
without any references to individual meters.
(a) Cyber-Security
These criteria are deemed not applicable because this technique is a privacy-related
technique, not a security related technique.
(b) Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data Retention 2 No data retention period is needed because of the data
is anonymous once it has been aggregated.
Data minimization 2 Anonymized data for scientific end statistics purposes is
proportionate.
Data Control 2 Only data collected with consent by the consumer will
be aggregated
Data Access NA Not applicable because the aggregation mechanism
does not influence which data will be accessible
Anonymity 2 The set of data is anonymous regarding WP29 criteria
(c) Maturity and Upgradeability of Technique
These criteria are deemed not applicable because this technique is very specific for the
energy-sector and describe a process, not a technical implementation.
(d) Impact of Technique towards Architecture
These criteria are deemed not applicable because this technique is very specific for the
energy-sector and describe a process, not a technical implementation.
(e) Ranking Summary
Domain Rank
Privacy and Data Protection 2
Page 160 of 211
Readings from the smart meter divulges information about an individual/household. Thus
privacy requirements are strict and this technique has to be implemented to make sure the
data collection is appropriate. This is reflected in the overall rating.
10.1.12. Read Only Interface
The interface which provides data from the meter is a read only interface. This could be
achieved physically or logically (with the operating system).
Applicable components: OA, OB, OC, PE
Meter is only accessible for read because of physical protection
The interface is only accessible for reading because of physical properties of the interface
(write protected)
(a) Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA Not applicable because this technique is not related to
confidentiality.
Availability NA Not applicable because this technique is not related to
availability.
Integrity NA Not applicable because this technique is not related to
integrity.
Access to key material NA Not applicable because this interface is not used for this
purpose.
Integrity of key
material
2 Physical write protection is one of the best ways to
maintain integrity of data in the meter (see integrity),
including key material.
Authentication NA Authentication on this interface is covered by other
techniques (for example a PIN).
Auditing/logging NA Not applicable because this technique contains no
specifications regarding this criterion.
Non-repudiation NA Not applicable because this technique contains no
specifications regarding this criterion.
(b) Privacy and Data Protection
These criteria are deemed not applicable because this technique does not influence
collection of data and so have no impact on criteria related to privacy and data protection
dimension.
Page 161 of 211
(c) Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation Scale 1 This technique has been implemented in the
Netherlands (on the interface accessible by the
consumer)
Standardisation NA Not applicable because this technique is not so much
related to a standard, but is more a description of a
technical implementation.
Upgradability 0 This protection is implemented as a physical barrier
and cannot be upgraded.
(d) Impact of Technique towards Architecture
These criteria are deemed not applicable because this technique contains no specifications
regarding any of the criteria related to this dimension.
(e) Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 0.5
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Rank
Page 162 of 211
Implementing this technique is beneficial from a cyber-security perspective. The attack
surface on smart meters can be reduced by limiting access to interfaces by not accepting
any input that might be able to exploit vulnerabilities.
Meter is only accessible for read because of logical protection (Operating
System)
Network interface is only accessible for reading because of operating system configuration
or specific logical configuration.
(a) Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA Not applicable because confidentiality offered by this
interface is covered by other techniques.
Availability NA Not applicable because this technique is not related
to availability.
Integrity NA Not applicable because this interface is not used for
this purpose.
Access to key material 1 Key material is stored in the meter as well as other
information.
Integrity of key
material
1 Key material is stored in the meter as well as other
information.
Authentication NA Not applicable because this technique contains no
specifications regarding this criterion.
Auditing/logging NA Not applicable because this technique contains no
specifications regarding this criterion.
Non-repudiation NA Not applicable because this technique contains no
specifications regarding this criterion.
(b) Privacy and Data Protection
These criteria are deemed not applicable because this technique does not influence
collection of data and so have no impact on criteria related to privacy and data protection
dimension.
(c) Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Page 163 of 211
Implementation Scale 1 Some European countries have implemented this
technique in their meters.
Standardisation NA Not applicable because this technique is a risk
mitigation technique not defined by any applicable
standards.
Upgradability 1 This technique is implemented by firmware
functionality which can be adjusted.
(d) Impact of Technique towards Architecture
These criteria are deemed not applicable because this technique contains no specifications
regarding any of the criteria related to this dimension.
(e) Ranking Summary
Domain Rank
Cyber-security 1
Maturity and Upgradeability of Technique 1
0
0.2
0.4
0.6
0.8
1Cyber-security
Maturity andUpgradeability of
Technique
Rank
Implementing this technique is beneficial from a cyber-security perspective. The attack
surface on smart meters can be reduced by limiting access to interfaces by not accepting
any input that might be able to exploit vulnerabilities. Rating of this technique is
comparable to interfaces made read-only physically, but offers the additional benefit of
Page 164 of 211
upgradeability. However, due to the implementation made in software it might be altered
in other ways.
11. ANALYSIS OF THE TECHNIQUES GATHERED FOR COMPONENT P*
11.1.1. Network segregation
By implementing network segregation critical information and systems are logically
separated and divided into different network segments. Firewalls and VLANs are used to
partition a network into smaller zones, and rulesets are used to control communication
between components in the different zones.
Applicable components: Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 1 Confidential information (e.g. PII or encryption keys) is
stored in a secure zone, separated from network areas
with regular business functionality. Functionality to
expose this information to other systems is controlled
by access lists in routers/firewalls.
Availability NA Not applicable as this aspect is controlled by other
techniques.
Integrity 1 The integrity of functionality and information in a
separate secured zone is improved because risks of
intrusion are lower.
Access to key material NA Not applicable
Integrity of key
material
NA Not applicable
Authentication NA Not applicable, authentication is controlled by other
techniques.
Auditing/logging 2 By separating critical functionality from other network
segments access to that functionality can be monitored
on network level.
Non-repudiation NA Not applicable.
Page 165 of 211
Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data Retention NA Not applicable, this is controlled on a higher level in the
OSI model.
Data minimization NA Not applicable, this is controlled on a higher level in the
OSI model.
Data Control NA Not applicable, this is controlled on a higher level in the
OSI model.
Data Access NA Not applicable, this is controlled on a higher level in the
OSI model.
Anonymity NA Not applicable, this is controlled on a higher level in the
OSI model.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation Scale 2 Network segregation is common practice in more
complex networks. Simple networks often contain a
demilitarized zone for services exposed to the Internet.
The same techniques can be applied to create another
secure zone which is segregation deeper in the internal
network.
Standardisation 2 Many standards refer to network
segregation/segmentation. In ICS/Scada networks for
example the IEC 62443 describes best practices to
accomplish this.
Upgradability NA Not applicable.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead generated
NA Not applicable, the modification to headers to apply
vlan tags is negligible.
Bandwidth required NA Not applicable
Latency tolerance /
“Always-on
NA Not applicable
Page 166 of 211
communication
required?”
Impact to processes 2 Management of network separation is considered to
have no significant impact to any processes.
Ranking Summary
Domain Rank
Cyber-security 1.33
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 2
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Network segregation is a technique that should be used in any complex network that
offers interfaces to various parties and carries sensitive data. This technique is used
widely and described in many standards and best practices. Although there is a small
impact towards architecture, the benefits are substantial. This technique works well
against remote attacks, but is of limited use when physical access is granted to the
infrastructure. This technique requires strict change management procedures to maintain
its functionality and to prevent mistakes that might undermine the segregation.
11.1.2. Firmware update
To safeguard smart meters and gateways against new threats and to provide future
requirements it is important that the software that controls those devices can be updated.
Firmware updates can mitigate risks related to newly found vulnerabilities, and can
increase encryption strength when necessary.
Page 167 of 211
Especially in the case of devices that have a relatively long lifespan (e.g. smart meters,
gateways etc.) it is important that the software operating on those devices can be updated
against emerging vulnerabilities. Software is often written using third party libraries,
scrutinized for bugs and vulnerabilities. Certain encryption techniques might become
obsolete due to increased computing power or bad implementations.
Given that a device has enough capacity to accommodate improved firmware, firmware
upgradeability ensures to some extent the ability to face future threats.
Applicable components: OA, OB, OC
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 2 Firmware updates can ensure that risks to the confidentiality of
information in or sent by the meter can be mitigated or lowered.
A prerequisite is that enough capacity is available within the meter
to ensure functionality can be improved during the lifetime of the
meter. Otherwise the ranking is 1.
Availability 2 Firmware updates can ensure that risks to the availability of
information in or sent by the meter can be mitigated or lowered.
A prerequisite is that enough capacity is available within the meter
to ensure functionality can be improved during the lifetime of the
meter. Otherwise the ranking is 1.
Also note that a robust process has to be in place to deliver the
updates. A firmware update can also turn into a risk to availability of
assets when it’s not properly tested or verified during the update
process.
Integrity 2 Firmware updates can ensure that risks to the integrity of information
in or sent by the meter can be mitigated or lowered.
A prerequisite is that enough capacity is available within the meter
to ensure functionality can be improved during the lifetime of the
meter. Otherwise the ranking is 1.
Another prerequisite is that firmware has to be signed and can be
checked for authenticity by the device during the update process,
when firmware is updated by another than the controlling party the
integrity is affected.
Access to key
material
2 When methods to protect key material in the devices are not effective
anymore it can be updated by applying improved functionality in the
firmware.
Page 168 of 211
Integrity of key
material
2 When methods to protect key material in the devices are not effective
anymore it can be updated by applying improved functionality in the
firmware.
Authentication 2 This mechanism can be protected/improved with firmware upgrades.
It ensures that when an issue is found it can be mitigated.
Auditing/logging 2 Additional logging functionality can be added by applying new
firmware.
Non-repudiation 2 This mechanism can be protected/improved with firmware upgrades.
It ensures that when an issue is found it can be mitigated.
Privacy and Data Protection
Even though this technique can be used to address certain issues that occur relating to
privacy and data protection, the technique itself does not offer this specifically. The
software that is upgraded using this technique might offer stricter or lesser privacy and
data protection controls. Therefore this dimension is not rated.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation Scale 2 Firmware upgradability is commonly used in devices.
Standardisation 0 There are a lot of aspects to take into account to make sure
firmware upgradability is implemented in a safe way
(verification, authentication, encryption, storage, etc.), but
usually this functionality is implemented using proprietary
techniques that differ per vendor.
Upgradability 2 This technique offers upgradeability by replacing the firmware
that operates the device.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead generated
0 Normal communication from meters/gateways is relatively
small compared to firmware updates in most situations.
Bandwidth required 0 Firmware updates have significant bandwidth requirements.
The updates need to be scheduled to prevent network
congestion.
Latency tolerance /
“Always-on
2 Depends on the implementation; there should be a mechanism
in place to temporarily store the new firmware in order to be
Page 169 of 211
communication
required?”
able to retrieve it in parts, or request firmware again if it is
corrupted during transportation.
When no caching of new firmware is possible 0 ranking points
will be awarded here.
Impact to processes 0 Impact to processes is significant; proper delivery, testing and
development procedures need to be in place.
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.33
Impact of Technique towards Architecture 0.5
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
This technique is an essential technique for devices with a long lifespan to combat cyber-
security risks. Although privacy and data protection controls might be offered in new
firmware, it is not taken into account in the ranking because those criteria are offered by
the software, not by this technique itself. There is significant impact towards architecture,
mainly because care needs to be taken in testing before the updates are applied. Not
properly tested firmware might render devices unusable. This technique is only effective
on meters and gateways when it can be applied remotely.
11.1.3. Aggregation
Aggregation of information is a generic term used in many contexts. Within the smart
metering domain aggregation is meant as a technique to combine values containing a lot
of detail about usage into values with lower detail in order to protect the privacy of an
individual. In this sense it is used as a technique to comply with the data minimization
principle, whereby only as much data is collected for a specific purpose as needed to fulfil
Page 170 of 211
the need. Possible applications for the aggregation technique include use case where only
summed-up or averaged values are required. The most basic aggregation technique is
described as the “summing-up of measurement values”.
For the rating it is assumed that the aggregation is done to such an extent that the resulting
data is not considered privacy relevant anymore.
Applicable components: Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA Not applicable
Availability NA Not applicable as this aspect is controlled by other techniques.
Integrity NA Not applicable
Access to key
material
NA Not applicable
Integrity of key
material
NA Not applicable
Authentication NA Not applicable
Auditing/logging NA Not applicable
Non-repudiation NA Not applicable.
Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data Retention NA Not applicable
Data
minimization
1-2 When data is aggregated within the consumers premises (in the meter or
local data concentrator) 2 ranking points are awarded. When the
aggregation is performed outside of those premises, before it is stored in
a database only 1 point is given.
Data Control NA Not applicable
Data Access NA Not applicable
Anonymity 1 Potentially this technique can introduce some level of anonymity
Only when aggregation is performed in such a way that the data cannot
be traced back to an individual (household) this rating can be applied.
Page 171 of 211
When aggregation is only performed within the consumers premises the
resulting dataset is still directly linked to an individual and the rating will
be ‘NA’.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 Data aggregation is often used to strike a balance between the collection
of ‘big data’ (large volumes of data used for analysis) and privacy for the
individual. This technique is used widely, but implemented in many
different ways.
Standardisation NA For basic aggregation, no standard specific for smart meter data is
required to be defined. Thus, this criterion is considered as not applicable.
Upgradability NA Not applicable.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 An aggregation technique can purely operate on the measurement
values and device identifiers; no additional communication overhead is
necessary required.
Bandwidth
required
2 An aggregation technique can purely operate on the measurement
values and device identifiers. The data can arrive sequential. Therefore,
the technique can be implemented in existing Smart Meter architectures
without requiring additional bandwidth.
Latency
tolerance /
“Always-on
communication
required?”
2 An aggregation technique can operate with data arriving out of order,
aggregates can be computed after all data has been received that is
required for the computation.
Impact to
processes
0 Data aggregation needs a lot of thought during the design of processes
and systems and is directly related to the use case of the data involved.
It also makes it harder to use collected data for other (future) purposes.
Ranking Summary
Local aggregation
Page 172 of 211
Domain Rank
Privacy and Data Protection 1.5
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.5
0
0.5
1
1.5
2
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Central aggregation
Domain RankPrivacy and Data Protection 1
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.5
0
0.5
1
1.5
2
Privacy and DataProtection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Page 173 of 211
Use of aggregation techniques can significantly improve privacy aspects for smart
metering systems. Aggregation is a generic term. The contribution to enhancing the
privacy will depend on the specific way aggregation is applied to the smart meter system.
Aggregating data inside the consumer’s premises ensures that privacy is enhanced early in
the collection process. Aggregation outside the consumer’s premises, for example during
the intake in the central system, involves more risk due to the fact that detailed data has
already been transferred outside the consumer’s premises and can be intercepted along the
way. When multiple parties are involved in the data collection process aggregation within
the consumer’s premises ensures that fewer mistakes can be made because the process is
enforced within the meter or gateway.
Aggregation will always require additional security mechanisms to ensure properties like
confidentiality and data integrity. Therefore, aggregation should always be applied
together with a technique providing security.
11.1.4. SIEM
SIEM is an abbreviation for security incident and event management. Usually provided as
software or a service that helps identify security events in real-time, and is able to correlate
events to help identify the cause of the events, and perform classification of the events.
Applicable components: Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA SIEM techniques do not provide a particular measure to ensure data
confidentiality. As SIEM systems are used to monitor the status of the
overall infrastructure but are directly ensuring the confidentiality of
exchanged information, this criterion is not ranked.
Availability 1 SIEM systems can monitor the availability of assets in the smart
metering chain. Therefore, making a contribution to the system
availability.
Integrity NA SIEM techniques do not provide a particular measure to ensure data
integrity. As SIEM systems are used to monitor the status of the overall
infrastructure but are directly ensuring the integrity of exchanged
information, this criterion is not ranked.
Access to key
material
NA Not applicable
Integrity of key
material
NA Not applicable
Page 174 of 211
Authentication NA SIEM techniques do not provide a particular measure to provide
authentication of components. As SIEM systems are used to monitor
the status of the overall infrastructure but are directly ensuring the
authentication of entities or exchanged information, this criterion is not
ranked.
Auditing/loggin
g
2 A SIEM functions as a central audit and log component, integrates
various security functions in this domain.
Non-repudiation NA Not applicable.
Privacy and Data Protection
Although privacy and data protection aspects can be monitored by implementing a SIEM
(for example a breach leading to disclosure of personal identifiable information might be
detected), the technique itself is not specifically designed to safeguard this dimension.
Therefore, this dimension is not rated.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 SIEMs are widely adapted in IT infrastructures for many years. The
implementation in Smart Metering infrastructures is also progressing.
Standardisation 1 A SIEM is usually able to process information coming from systems in
a predefined format (e.g. syslog data, netflow information, vendor
specific log formats etc.), and often requires customization to process
more exotic formats that might be encountered in a smart metering
environment. Reliance on standards differs per product; therefore only
one point is given for this criterion.
Upgradability 2 SIEMs generally rely on rules that are able to parse information provided
by other systems. These rules usually can be adjusted and extended in
order to adapt to the new systems.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
1 Events are transported over a network to the SIEM, this creates
additional overhead in the sense that more information is sent than
strictly necessary to perform only the business function.
Page 175 of 211
Bandwidth
required
1 Moderate bandwidth impact can be expected due to the communication
overhead generated.
Latency
tolerance /
“Always-on
communication
required?”
1 Events can be received out of order and do not require the
communication line to be “online” all the time. Event processing can be
performed once the data is available. It has to be noted that a significant
delay in event propagation cause by an unavailable communication
channel can however delay reaction time to events.
Impact to
processes
0 Impact to processes is significant; every asset acts as a data source and
has to be setup accordingly, and processes have to be in place for
following up on the reporting of events.
Ranking Summary
Domain Rank
Cyber-security 1.5
Maturity and Upgradeability of Technique 1.66
Impact of Technique towards Architecture 0.75
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
The use of SIEM systems in the smart metering domain can provide significant support to
the overall security. This can be achieved through monitoring the system´s availability,
gathering and correlating security relevant events and notifications. For SIEM systems to
be effective it is required that the system can process and parse the relevant events from
the individual smart metering devices and systems. This is creating an impact to the system
architecture.
Page 176 of 211
11.1.5. Multi-factor authentication
Multi-factor authentication is a mechanism whereby a user is only successfully
authenticated after presenting several pieces of evidence, often in the form of something
the user knows (i.e. a password) and something the user has (i.e. a security token). Also
biometrics can be used for multi-factor authentication.
Applicable components: Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA Not applicable
Availability NA Not applicable
Integrity NA Not applicable
Access to key
material
NA Not applicable
Integrity of key
material
NA Not applicable
Authentication 2 “Two factor” authentication is a mechanism providing a higher level
of assurance against the misuse of credentials.
Auditing/logging NA Not applicable
Non-repudiation NA Not applicable
Privacy and Data Protection
Criterion Rank Comment
Data Control 0 This process is not under control of the consumer.
Data
minimisation
NA The authentication mechanism does not influence which data is
collected.
Data Access NA The authentication mechanism does not influence the access rights.
Anonymity NA The authentication mechanism does not influence the linking of data
to individuals
Data Retention NA The authentication mechanism does not influence data retention
Page 177 of 211
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 Two factor authentication is commonly used in the IT and OT domain.
Standardisation 2 There are several forms of multi-factor authentication mechanisms
available. NIST Special Publication 800-63-2 discusses various forms of
two-factor authentication and provides guidance on using them in
business processes requiring different levels of assurance.
Upgradability 2 If multi-factor techniques rely on hardware tokens as one factor,
upgrading can have a significant impact. This is especially the case if it
is a larger deployment of tokens. In this case the technique should only
be ranked as “1”.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
NA Since this is an authentication mechanism it does not operate constantly
on a network transport level and cannot be rated appropriately for this
criterion.
Bandwidth
required
NA Since this is an authentication mechanism it does not operate constantly
on a network transport level and cannot be rated appropriately for this
criterion.
Latency
tolerance /
“Always-on
communication
required?”
1 Tokens generate their authentication codes based on an internal clock.
These have to be in sync with the clock operating on the server that
verifies the codes.
Impact to
processes
1 Implementation of this technique within existing systems (for example
administration back-ends, or remote terminal functionality) is usually
straightforward. Most vendors offer API’s that can be integrated in
software, and many software products offer this functionality out-of-the
box when combined with common products (e.g. smart cards, hardware
tokens, Google authenticator etc.).
There is moderate impact on the administration side, tokens get lost,
employees that leave need to have their tokens revoked etc.
Page 178 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Privacy and data protection 0
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1
0
0.5
1
1.5
2Cyber-security
Privacy and dataprotection
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
Multi-factor authentication provides a strong mechanism for the authentication of users
in the smart metering system. In particular, it can be used for managing access right to
central applications.
11.1.6. One-time password (OTP)
A one-time password is a password that is valid for only one session. This is a generic
technique that can be applied as an authentication mechanism for various systems in the
smart metering infrastructure. It provides additional security compared to regular password
authentication in a sense that replay attacks have no effect and compromised passwords
become ineffective. This technique is also often used as part of multi-factor authentication,
whereby the one-time password is generated on a separate device the user has (like a token
or smartphone).
A specific use case is the use on smart-meters, whereby the meter generates a code on the
display that can be used to identify the consumer when assisting remotely.
Applicable components: Px
Page 179 of 211
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA Not applicable
Availability NA Not applicable
Integrity NA Not applicable
Access to key
material
NA Not applicable
Integrity of key
material
NA Not applicable
Authentication 2 One-time password is a mechanism providing resilience against replay
attacks and password disclosures.
Auditing/logging NA Not applicable
Non-repudiation NA Not applicable
Privacy and Data Protection
Criterion Rank Comment
Data Minimisation NA The authentication mechanism does not influence which
data is collected
Data Control NA The authentication mechanism does not provide control
on which data is collected
Data Access NA The authentication mechanism does not influence the
access rights.
Anonymity NA The authentication mechanism does not influence the
linking of data to individuals
Data retention 2 Per default, data retention for one time password is very
short. Password is retained no longer than what is strictly
needed to make services available and proportionate to
the purposes of authentication
Page 180 of 211
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 One-time password authentication is commonly used (often as part of
two-factor authentication).
Standardisation 2 Several standards exist already – for example, RFC 1760 (S/KEY),
RFC 2289 (OTP), RFC 4226 (HOTP) and RFC 6238 (TOTP).
Upgradability 1 Depends on where this technique is implemented. In general it is
upgradeable, but reliance on physical tokens prevents it from being a
small upgrade.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 Very little
Bandwidth
required
2 NA or 2 when a just in time provisions is used
Latency
tolerance /
“Always-on
communication
required?”
1 A one-time-password needs to be used within a predefined timeframe
and will expire after a set limit. This limit has to be large enough for the
consumer to be able to use it, but small enough to prevent abuse (e.g.
brute forcing of the OTP). In general this should not pose a problem on
a network infrastructure, but since it is an important configuration
aspect it is rated.
Impact to
processes
1 Implementation of this technique usually requires an additional system
for specifically for this purpose that has to be integrated with other
systems.
Page 181 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Privacyand data protection 2
Maturity and Upgradeability of Technique 1.66
Impact of Technique towards Architecture 1.5
0
0.5
1
1.5
2Cyber-security
Privacyand dataprotection
Maturity and
Impact ofTechnique towards
Architecture
Rank
OTP provides additional security when compared with regular passwords because one-
time-passwords are usually configured to work only within a specific timeframe, and
cannot be replayed because of their changing nature.
11.1.7. Whitelisting
Whitelisting is used in the smart-metering infrastructure to specifically allow access to
systems by placing the corresponding systems on a list. Instead specifically denying access
to a resource for certain entities (blacklisting), access is denied by default. Whitelisting is
usually performed on network level, based on MAC-address, IP-address or certificate.
Often a combination is made, for example when access is required over the internet a
combination of IP-based whitelisting is performed in conjunction with a VPN-tunnel
protected with certificates.
Applicable components: Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA Not applicable
Availability 2 Whitelisting per se affects availability
Page 182 of 211
Integrity NA Not applicable
Access to key
material
NA Not applicable
Integrity of key
material
NA Not applicable
Authentication 0 Whitelisting per se affects availability but does not provide
authentication. Authentication is necessary but requires separate
technique
Auditing/logging 1 As whitelisting only provides a simple authentication mechanism,
it might not be possible to detect spoofed messages correctly.
Non-repudiation NA Not applicable
Privacy and Data Protection
Whitelisting is a security enhancing technique. Privacy and data protection criteria are
therefore not applicable.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 Whitelisting is widely used as standard network practice, it can for
example be configured in the form of a network access list for IP
based connections or a dialler list for phone based connections.
Standardisation NA As this is a basic technique no special standardisation is required.
The mechanisms is widely used as standard network practice, can be
found is many general IT standards (ISO 27002, ISF Standards of
Good Practice)
Upgradability NA Not applicable
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
2 Use of this technique does not generate any overhead.
Bandwidth
required
2 Use of this technique does not have any bandwidth requirements.
Page 183 of 211
Latency
tolerance /
“Always-on
communication
required?”
2 The use of the technique does not require any “always-on”
connection.
Impact to
processes
1 Moderate and depending on complexity. Whitelisting usually only
works well in systems with limited functions / access required.
Whitelisting can become difficult when many changes are required
often, significantly increasing the maintenance effort of the
implemented technique.
Ranking Summary
Domain Rank
Cyber-security 1
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.75
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
The use of a whitelisting technique only provides a moderate security contribution. There
are several attacks know, that can be used to bypass whitelists, for example spoofing the
sender source addresses. This is possible as whitelisting does not have the possibility for
validate the authenticity of the source.
Whitelisting can however help to prevent or limit the impact of flooding or other denial-
of-service attacks.
Page 184 of 211
11.1.8. VPN
VPN is an abbreviation of Virtual Private Network, and it is used as a method to use an
existing network (often the internet) as a transport medium, while retaining the
confidentiality needed to protect the information that is transferred.
Applicable components: Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 2 VPN technologies allow using state-of-the-art authenticated
encryption mechanisms.
Availability NA Not applicable
Integrity 2 VPN technologies allow to use state-of-the-art authenticated
encryption mechanisms.
Access to key
material
NA Not applicable
Integrity of key
material
NA Not applicable
Authentication 2 VPNs used in smart metering infrastructures are usually used for
network-to-network communication, they can rely on pre-shared
keys or on certificates on both ends.
Auditing/logging NA Not applicable
Non-repudiation NA Not applicable
Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data Retention NA Not applicable
Data
minimization
NA Not applicable
Data Control NA Not applicable
Data Access NA Not applicable
Anonymity NA Not applicable
Page 185 of 211
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 VPNs are widely deployed in telecommunication networks.
Standardisation 2 VPN protocols have been standardised in different variants, such
as IPsec, SSL/TLS-VPNs, DTLS-VPNs, OpenVPN, and others.
Upgradability 2 VPN techniques can be upgraded.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
1 Data is encapsulated, resulting in some overhead. The overhead
differs per protocol used, but will remain a factor.
Bandwidth
required
1 Due to encapsulation more network traffic will be generated which
will required more bandwidth.
Latency
tolerance /
“Always-on
communication
required?”
2 VPNs can be configured so the underlying network link does not
require being “online” permanently. This way keeping the VPN
connection established while the link can remain inactive.
Impact to
processes
2 Depends on where the technique is used. A simple point-to-point
solution has less impact than an infrastructure that has to support
many endpoints.
Page 186 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 1.5
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
The use of VPNs provides a strong mechanism to protect the data exchanged between the
connected networks or hosts. When the VPN connection is secured via an authenticated
encryption techniques listed earlier, it will provide strong data confidentiality and integrity.
The overhead of VPN connections correlates very much with the used encryption
techniques.
11.1.9. Manufacturer – customer key exchange
Key handling of smart meter keys is a vital process within the smart metering
infrastructure. Keys are used to install and administer meters. During the manufacturing
process of smart meters security keys are generated and these keys need to be sent to the
utility of the smart meters in a safe and responsible way.
In order to assess this process a number of assumptions are made which when implemented
together form a solid process:
The smart meter is provided by the manufacturer with unique keys. The keys are
generated randomly; in particular there is no method to derive the provisioned keys
from any combination of values or attributes.
Key handling during the manufacturing process is done in a secured environment.
For key generation an appropriate random number generator is used.
Page 187 of 211
Additional requirements are in the assessment criteria for this process and form the basis
upon which the rating is calculated.
Applicable components: Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality 2 Before the shipment of the meters, the keys related to meter identifiers
are shipped to the customer the keys are encrypted using a public key
provided by the customer to the manufacturer.
Keys must be generated by an approved random number generator of
at least class AIS20/31 DRG.2.
Availability NA Not applicable.
Integrity 2 Integrity of the exchanged material can be ensured using
cryptographic checksums.
Access to key
material
2 When the keys supplied by the manufacturer are solely used during
the installation process by the consumer customer, and are replaced
with a key only known to the customer (meter operator), 2 ranking
point are assigned.
When the manufacturer’s keys stay in use but the manufacturer has a
process in place whereby keys are removed from the manufacturers
systems and administration after shipment, 1 point is assigned.
Any other method gives no ranking points in this category.
Integrity of key
material
2 Two ranking points are assigned if the keys are protected with
cryptographic checksums or digital signatures.
Authentication 2 Ranking points are only assigned when a signature or MAC is used.
Auditing/logging NA Not applicable
Non-repudiation 2 Ranking points are only assigned when a signature is used.
Privacy and Data Protection
Criteria Rank Assessment of Measurement
Data
Retention
NA Not applicable
Page 188 of 211
Data
minimization
NA Not applicable
Data Control NA Not applicable
Data Access NA Not applicable
Anonymity NA Not applicable
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 Widely used for exchange of symmetrical keys that are provisioned to
Smart Meter components at manufacturing sites.
Standardisation 1 A rating of '1' can be given when a shipment file format has been chosen
that has encryption enabled on keys that are transported. For the
transport of the shipment files no industry-standard is available.
Upgradability 2 Easily upgradable as few systems are involved.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
NA This process is not related to the smart meter architecture but to the
exchange process between utility and manufacturer.
Bandwidth
required
NA This process is not related to the smart meter architecture but to the
exchange process between utility and manufacturer.
Latency
tolerance /
“Always-on
communication
required?”
NA This process is not related to the smart meter architecture but to the
exchange process between utility and manufacturer.
Impact to
processes
0 There is significant impact to processes. A retention policy and controls
have to be designed for management of keys by the manufacturer, and
the process is dependent on automation and encryption processes.
Page 189 of 211
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 1.66
Impact of Technique towards Architecture 0
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
The described technique is not directly related to the communication within the smart
meter architecture, the described process can however significantly improve the
provisioning of key material for smart meter devices. Secure provision techniques at
production site and a secure transfer of key material to the central systems should be
considered for a secure smart meter roll out.
11.1.10. PKI
Public Key Infrastructure (PKI) is a mechanism to manage and distribute certificates and
public keys in a computer network. A PKI usually is also tied to roles, policies and
procedures for key generation and revocation. This system can be used manage the keys
used in the smart metering infrastructure. PKI can be used in multiple places, usually
relying on an internal CA (certificate authority) for management of smart meter keys, and
on external CA’s for access to portals, provide secure communication between parties etc.
Applicable components: Px
Cyber-Security
Criteria Rank Assessment of Measurement
Confidentiality NA The PKI is only the mechanism that is providing the key material to
devices.
Page 190 of 211
Availability NA This is highly dependent on the form of implementation. Since many
forms of implementation exist no ranking here is applied.
Integrity NA The PKI is only the mechanism that is providing the key material to
devices.
Access to key
material
2 A PKI can ensure very good protection of the key material; this can
be combined with hardware security to protect the used private keys.
Integrity of key
material
2 The exchanged key material is protected by digital signatures,
providing high assurance of the integrity.
Authentication 2 A certificate binds the possession of a private key to an identification.
Auditing/logging NA Not applicable
Non-repudiation 0-2 Provided by the trust-model.
Privacy and Data Protection
A PKI is essentially a management process that helps in managing encryption to improve
security. Privacy aspects might be secondary because they are reliant on security measures.
Therefore, these criteria are not rated.
Maturity and Upgradeability of Technique
Criteria Rank Assessment of Measurement
Implementation
Scale
2 PKIs are widely in use on central system side.
Standardisation 2 A number of standards exist for different forms, for example
RFC5280 is a widely used standard.
Upgradability NA Not applicable.
Impact of Technique towards Architecture
Criteria Rank Assessment of Measurement
Communication
overhead
generated
1 Regular traffic required to check certificate status
Bandwidth
required
NA Not applicable
Page 191 of 211
Latency
tolerance /
“Always-on
communication
required?”
0 Certificate revocation is generally an issue for devices not
permanently connected to a network
Impact to
processes
0 Impact to processes is significant; managing a PKI required solid
process in place and changes to software and infrastructure.
Ranking Summary
Domain Rank
Cyber-security 2
Maturity and Upgradeability of Technique 2
Impact of Technique towards Architecture 0.33
0
0.5
1
1.5
2Cyber-security
Maturity andUpgradeability of
Technique
Impact ofTechnique towards
Architecture
Rank
PKIs can simplify the establishment of security associations after deployment. Public key
algorithms are well integrated in IT products.
Page 192 of 211
12. BAT RANKING SUMMARY
In this section the summary of the rankings for the different collected and selected
techniques is presented.
As it is possible to see, rankings are clustered per domain/component and per dimension,
so that it is possible to see on a side in details where a given technique scores better respect
to others in the same domain/component, which aspects are not covered by it for what
concerns cyber-security, privacy/ data protection, and maturity/impact to the architecture.
The overall evaluation ranking (i.e. aggregating all the criteria scores for each dimension)
is presented in section 12.4. In the same section is also presented the summarising scoring
indicator per technique and per component.
Section 12.5 presents where a certain technique can be applied with respect to the reference
architecture.
In searching the best available technique, the reader should take into consideration all these
aspects, using section 12.5 as general indicator and entry point and then leverage on the
details of the other tables to fine-tune the identification as the result might vary according
to the component to be taken into consideration, the specific implemented architecture and
the priorities given to the different dimensions.
It is worth remind one more time that the ranking here presented doesn’t take into
consideration the cost-evaluation dimension as stated earlier in this document.
12.1.Validity of techniques for Cyber Security
DOMAIN TECHNIQUE Confidentiality Integrity Authenti
cation
Availability Non-
Repudiation
Key
material
access
Key
material
integrity
Logging
(O*) Access
Control /
Consumer
Use Case
Username/Password sent in
clear to a server
1 0 0
Username/Password stored and
verified in tamper resistant
module
1 2 2
OTP
2
2 factors
Authentication 2
PSK TLS +
Client Certificate
2 2 2
(0*) Access
Control / Op.
and 3rd Party
Use Cases
Username/Pass
word 1
OTP 2
2 factors
Authentication 2
PSK TLS +
Client Certificate
2 2 2
(O*) Crypto-
AES
AES-GCM 2 2
AES-CBC 2 1
AES-CCM 2 2
AES-CMAC 0 2
AES-CTR 2 0
AES-ECB 0 0
SHA1 1
Page 193 of 211
DOMAIN TECHNIQUE Confidentiality Integrity Authenti
cation
Availability Non-
Repudiation
Key
material
access
Key
material
integrity
Logging
(O*) Crypto
– Hash
SHA2 2
(O*) Crypto
– EC
ECDH 0
ECDSA 2 2
(O*)
Monitoring
Switches 1 1 1 2
Seals 1 1
Magnetic field sensor
2
Power Quality
sensor 2
(O*)
Security
Architecture
Unique keys 2 2
Private location 1
DLMS secure
transport 2 2 2
Independent Monitoring
2 2 2
TLS secure
transport 2 2 2 2 2
End-to-end
signing 2 2 2
(O*) Switch
commands
validated against grid
code
2
(O*)
Hardware
Security
Hardening the device’s main
processor (e.g.
TEE: Trusted Executable
Environment)
0 0 0 1 0 1 1 0
Adjunction of
secure storage module (e.g.
TPM) as
hardware root of trust ensuring
the trustability of the processor
boot
0 2 0 2 0 1 1 0
Adjunction of
dedicated crypto processor and
credential
storage (e.g. HSM: Hardware
Security
Module)
2 2 2 0 2 2 2 0
Adjunction of
programmable
tamper resistant processor (e.g.
SE: Secure
Element)
2 2 2 2 2 2 2 2
Component
C*
(applicable
components)
Zigbee SEP (CF, CK)
2 2 2 2 2 2
Crypto Message
Syntax (CF, CI) 2 2 2 2 2
M-Bus (Ox, CH)
2 2 0 2 0 2
DLMS (Ox, CF,
CH) 2 2 2 2 2 2 2
Dial-in
Whitelisting
(CD, CF, CH)
1 2
LDAP (CA, CI, Px)
2 2
TACACS+
(CA) 2 2
Page 194 of 211
DOMAIN TECHNIQUE Confidentiality Integrity Authenti
cation
Availability Non-
Repudiation
Key
material
access
Key
material
integrity
Logging
Firewall (CA,
CC, CD, CI) 2 2
IDS/IPS (CA,
CC, CD, CI) 0 2 2
Read-only
interface (OA, OB, OC, PE) /
Physical
2
Read-only interface (OA,
OB, OC, PE) /
Logical
1
1
Component
P*
(applicable
components)
Component
P*
(applicable
components)
Network
segregation (Px) 1 1 2
Firmware
update (OA, OB, OC)
2 2 2 2 2 2 2 2
SIEM 1 2
Multi-factor
authentication
(Px)
2
One-time
password (Px) 2
Whitelisting (Px)
1 1
VPN (Px) 2 2 2
Manufacturer –
customer Key Exchange (Px)
2 2 2 2 2 2
PKI (Px) 2 0-2 2 2
Page 195 of 211
12.2.Validity of techniques for Privacy & Data Protection
DOMAIN TECHNIQUE Anonymity Minimization Control Access Retention
(O*) Access
Control /
Consumer Use
Case
Username/Password sent in clear to a server
0
Username/Password stored and verified in tamper
resistant module
2
OTP
2
2 factors Authentication 2
(O*) Access
Control / Op.
and 3rd Party
Use Cases
Username/Password 0
OTP 2
2 factors Authentication 2
(O*)
Monitoring and
alarming
(any technique) 0 0 or 2
(O*) Security
Architecture
Private location 1
Component C*
(applicable
components)
Retention for data stored
locally in meter or after
contract has ended
2
Daily transmission of interval data (CD, CF, OB,
OD, OA)
2 0
1 second local intervals
and bi-monthly readings
2 2
Aggregation (O*, P*) 2 2 2 2
Component P*
(applicable
components)
Aggregation (Px) 1 2
Multi-factor authentication
(Px)
0
One-time password (Px) 2
Page 196 of 211
12.3.Evaluation of techniques for Maturity, Upgradability and Architectural impact
DOMAIN Technique Standards Implementation
scale
Upgradability Overhead Bandwidth Latency Process
impact
(O*)
Access
Control
Username /
Password (all
use cases)
0 2 1 2 2 2 or 0 1
OTP (all use
cases)
2 2 2 2 2 2 or 1 1
2 factors
Authenticatio
n (all use cases)
2 2 2 2 2 2 or 1 1
PSK TLS +
Client Certificate
(Consumer
use case)
2 0 2 1-2 1-2 1-2 1
PSK TLS +
Client
Certificate (Operator &
3rd Party use
cases)
2 2 2 1-2 1-2 1-2 1
(O*)
Crypto-
AES
AES-GCM
2 2 2 1 2 1
AES-CBC
AES-CCM
AES-CMAC
AES-CTR
AES-ECB
(O*)
Crypto -
Hash
SHA1 2 2 2 SHA2
2 2 2
(O*)
Crypto -
EC
ECDH 2 1 2 2 2 2 1
ECDSA 2 1 2 1 2 or 1 2 or 1 1
(O*)
Monitorin
g
Switches 2 0 2 2 2 1
Seals 2 0 1
(O*)
Security
Architectu
re
Unique keys 2 0
Private location
2
DLMS secure
transport 2 2 1 2
UC
dependent 2 1
Independent Monitoring
2 0 2 2
TLS secure
transport 2 1-2 2 2 2 or 1 2 or 1 1
End-to-end signing
2 1 2 2 UC
dependent 2 1
(O*) Switch
commands
validated against grid
code
1 1 2 2 2 2
(O*)
Hardware
Security
Hardening the device’s main
processor
(e.g. TEE: Trusted
Executable
Environment)
1 2 2
Adjunction of secure storage
module (e.g. TPM) as
hardware root
of trust ensuring the
trustability of
1 2 1
Page 197 of 211
DOMAIN Technique Standards Implementation
scale
Upgradability Overhead Bandwidth Latency Process
impact
the processor
boot
Adjunction of dedicated
crypto
processor and credential
storage (e.g.
HSM: Hardware
Security
Module)
1 2 1
Adjunction of
programmabl
e tamper resistant
processor
(e.g. SE: Secure
Element)
1 2 2
Componen
t C*
(applicable
component
s)
Zigbee SEP
(CF, CK) 1 1 2 2 2 2 1
Crypto
Message
Syntax with XML (CF,
CI)
2 2 2 0 2 2 0
Crypto
Message Syntax
without XML
(CF, CI)
2 2 2 2 2 2 0
M-Bus (Ox,
CH) 2 2 2 2 2 2 1
DLMS (Ox,
CF, CH) 2 2 2 2 2 1 1
Dial-in
Whitelisting
(CD, CF, CH)
0 2 2 2 2 2
LDAP (CA,
CI, Px) 2 2 2 2 2 1 0
TACACS+
(CA) 2 2 2 2 2 1 0
Firewall (CA,
CC, CD, CI) 2 2 2 2 2 1
IDS/IPS (CA,
CC, CD, CI) 0 2 2 2 2 2 1
Retention
after contract
has ended (OA, OB,
OC, PE)
2 2 2 2 2 2 2
Retention of
data stored locally in the
meter (OA,
OB, OC, PE)
2 2 0 2
Aggregation
(O*, P*) 2 if local
Read-only
interface (OA,
OB, OC, PE)
/ Physical
1 0
Read-only interface (OA,
OB, OC, PE)
/ Logical
1 1
Componen
t P*
(applicable
Network
segregation
(Px)
2 2 2
Page 198 of 211
DOMAIN Technique Standards Implementation
scale
Upgradability Overhead Bandwidth Latency Process
impact
component
s)
Firmware
update (OA,
OB, OC)
0 2 2 0 0 2 0
Aggregation
(Px) 2 2 2 2 0
SIEM
(Px)
1 2 2 1 1 1 0
Multi-factor
authentication (Px)
2 2 2 1 1
One-time
password (Px) 2 2 1 2 2 1 1
Whitelisting (Px)
2 2 2 2 1
VPN (Px) 2 2 2 1 1 2 2
Manufacturer
– customer Key
Exchange
(Px)
1 2 2 0
PKI (Px) 2 2 0
Page 199 of 211
12.4.Summary of evaluation ratings of applicable and selected techniques per
component or Use Case
Applicability area Applicable
technique
Cybersecurity
rating
Privacy
rating
Maturity
rating
Impact
rating
Sum
Ox components
(any of them according to
architecture distribution)
Ox components
(any of them according to
architecture distribution)
Access
Control / Consumer
Username
Password
1 2 1 1.75 5.75
OTP 2 2 2 1.75 7.75
2 factor Auth.
(local auth.)
2 2 2 1.75 7.75
2 factor Auth.
(remote auth.)
2 2 2 1.5 7.5
PSK TLS +
Client
2 1.33 1.75 5.08
Access
Control /
Operator & 3rd Party
Username
Password
1 0 1 1.75 3.75
OTP & 2
factor Auth.
2 2 1 1.75 6.75
PSK TLS +
Client
1 2 1.75 1.75 6.5
Crypto AES GCM 2 2 1.33 5.33
CBC 1.5 2 1.33 4.83
CCM 2 2 1.33 5.33
CMAC 1 2 1.33 4.33
CTR 1 2 1.33 4.33
ECB 0 2 1.33 3.33
Crypto Hash SHA1 1 2 3
SHA2 2 2 4
Crypto EC ECDH 0 1.66 1.75 3.41
ECDSA 2 1.66 1.5 5.16
Monitoring Switches 1.25 0 1 1.75 4
Seals 1 0 1 1 3
Security
Architecture
Unique Keys 2 2 0 4
Private
location
1 1 2 4
DLMS Secure
Transport
2 1.66 1.66 5.32
Independent
monitoring
2 1.33 2 5.33
TLS Secure
Transport
2 2 1.75 5.75
Page 200 of 211
Applicability area Applicable
technique
Cybersecurity
rating
Privacy
rating
Maturity
rating
Impact
rating
Sum
End-to-end
signing
2 1.66 1.66 5.32
Switch
commands validated
against grid
code (with logging)
1.33 0.66 2 3.99
Switch
commands validated
against grid
code (without logging)
2 1 2 5
Hardware (processor)
hardening
2 1 3
Px components Network segregation
(Px)
1.33 2 2 5.33
Firmware update (OA,
OB, OC)
2 1.33 0.5 3.83
Aggregation
(Px)
1.5 2 1.5 5
SIEM (Px) 1.5 1.66 0.75 3.91
Multi-factor authentication
(Px)
2 0 2 1 5
One-time
password (Px)
2 2 1.66 1.5 7.16
Whitelisting
(Px)
1 2 1.75 4.75
VPN (Px) 2 2 1.5 5.5
Manufacturer –
customer Key
Exchange (Px)
2 1.66 0 3.66
PKI (Px) 2 2 0.33 4.33
Cx components
Zigbee SEP
(CF, CK)
2 1.33 1.75 5.08
Crypto
Message Syntax with
XML (CF, CI)
2 2 1 5
Crypto
Message
Syntax
without XML
(CF, CI)
2 2 1.5 5.5
M-Bus (Ox, CH)
1.33 2 1.75 5.08
DLMS (Ox, CF, CH)
2 2 1.5 5.5
Dial-in Whitelisting
(CD, CF, CH)
1.5 1 2 4.5
Page 201 of 211
Applicability area Applicable
technique
Cybersecurity
rating
Privacy
rating
Maturity
rating
Impact
rating
Sum
Cx components
LDAP (CA,
CI, Px)
2 2 1.25 5.25
TACACS+
(CA)
2 2 1.25 5.25
Firewall (CA,
CC, CD, CI)
2 2 1.66 5.66
IDS/IPS (CA,
CC, CD, CI)
1.33 1.33 1.75 4.41
Retention after contract has
ended (OA,
OB, OC, PE)
2 2 2 6
Retention of
data stored locally in the
meter (OA,
OB, OC, PE)
2 1.33 2 5.33
Daily
transmission of interval data
(CD, CF, OA,
OB, OD)
1 1
1s local
readings and 6
bi-monthly values (CD,
CF, OA, OB,
OD)
2 2
Aggregation
for Network
Planning (O*, P*)
2 2 4
Aggregation & Anonymization
for statistics
(O*, P*)
2 2
Read-only interface (OA,
OB, OC, PE) /
Physical
2 0.5 2.5
Read-only interface (OA,
OB, OC, PE) /
Logical
1 1 2
Page 202 of 211
12.5.Applicable techniques per component
Applicable technique PE Other
Px
0A OB OC OD CA CC CD CF CH CI CK
Username / Password X X X X
PSK TLS + Client X X X X
AES (all) X X X X
SHA1/2 X X X X
Elliptic Curves (all) X X X X
Switches X X X X
Seals X X X X
Unique Keys X X X X
Private location X X X X
DLMS Secure Transport X X X X
Independent monitoring X X X X
TLS Secure Transport X X X X
End-to-end signing X X X X
Switch commands
validated against grid code X X X X
(processor) hardening X X X X
Network segregation X X
Firmware update X X X
Aggregation X X X X X X
SIEM X X
Multi-factor authentication X X X X X X
One-time password X X X X X X
Whitelisting X X
VPN X X
Manufacturer – customer
Key Exchange X X
PKI X X
Zigbee SEP X X
Crypto Message Syntax X X
M-Bus X X X X X
Page 203 of 211
Applicable technique PE Other
Px
0A OB OC OD CA CC CD CF CH CI CK
DLMS X X X X X X
Dial-in Whitelisting X X X
LDAP X X X X
TACACS+ X
Firewall X X X X
IDS/IPS X X X X
Retention X X X X
Reading and transmission
frequency tuning X X X X X
Read-only interface
(Physical / Logical) X X X X
Page 204 of 211
13. ANALYSIS OF THE SWITCH ON/SWITCH OFF FUNCTIONAL REQUIREMENT CYBER-
SECURITY
The off-switch, also referenced as the breaker, of a Smart Meter is a functionality that
allows to disconnect electricity supply to the consumer. For this the central system can
issue commands to the Smart Meter triggering the disconnect.
In addition, the functionality is also used for load-limiting purposed or to implement pre-
payment. In those cases, it is possible that the Smart Meter is takes an independent decision
to disconnect electricity supply. This operation might be performed without any interaction
with the central system.
Further developments can also use “standalone” switching devices which are controlling
the power supply of appliances installed at the consumer premises. Application examples
are the control of water boilers or storage heating.
Based on the survey results, the main element for securing the remote disconnect
functionality implemented in smart meters is a secure communication channel between the
smart meter and the central system. To ensure this this several techniques have been
suggested that provide authenticated encryption between meters and central systems. For
this, see techniques such as DLMS, TLS or CMS.
The implementation is mainly dependent on the underlying Smart Meter architecture.
Some architectures allow end-to-end communication from the central system side to the
smart meters. In this those cases the suggested protocols can be directly applied.
Other architectures use intermediate nodes to relay traffic (data concentrators), here
additional hardware security was suggested to further strengthen the security of those
intermediate nodes. Other suggestions are the use of end-to-end singed messages to
establish a trusted connection between the meter and the central system, in case no direct
communication link is available. See techniques listed under 0 for Hardware Security and
the technique described under 9.5.6 for End-to-End Signing. Furthermore, a technique for
grid code sensitive operation was suggested that the stability of the grid is sensed by the
Smart Meter before triggering the disconnect command. The techniques is described under
9.5.8.
To mitigate against a malicious mass switch off messages initiated from the central system
side, a throttle mechanism in the intermediate communication components was
furthermore suggested as a technique. See technique described under 9.5.4 for Independent
Monitoring of exchanged data.
Furthermore, technique for “frequency monitoring” was suggested to especially address
security risks implied through the disconnect functionality. This technique suggests that
the stability of the grid is sensed by the Smart Meter before triggering the disconnect
command. For this see technique described under 9.5.7.
When analysing the properties of all techniques provided, it became evident that no single
technique can ensure the security of the switch on/switch off functionality. The security of
this functionality will need to rely on a combination of strong techniques matching the
underlying architecture.
Page 205 of 211
Furthermore, it has to be noted that several of the suggested techniques have a relatively
low maturity level. The effectiveness of the techniques needs yet to be evaluated.
It is therefore suggested that further pilots are conducted to assess the security contribution
of the suggested techniques for ensuring a secured switch on/switch off functionality. This
will allow to obtain additional data and enhance the ranking of the techniques. It would
also lay the basis for research into additional, more advanced techniques for securing
switch on/switch off functionality.
Page 206 of 211
14. CONCLUSIONS AND RECOMMENDATIONS
This report assembles and presents a large number of techniques which may be considered
in the context of cybersecurity and privacy in smart metering systems and in the
communications involved in the provision of the European Commission’s recommended
ten common minimum functional requirements (2012/148/EU). It evaluates these
techniques, summarising in a common format the strengths and weaknesses of each.
14.1.Structure
AMI communications have been analysed according to the M/441 reference architecture
(Section 3), and the ten functionalities have been associated with use cases previously
identified by the Smart Meter Co-ordination Group (Section 4).
Best Available Techniques have been assessed using the evaluation framework set out in
Section 5, having been collected from a wide range of stakeholders across Europe (Section
6).
In order to facilitate consideration of the large number of individual techniques gathered,
they have been clustered by type/domain of application (section 7). Many techniques occur
in more than one application, as a standard often encompasses several communication
layers. Other techniques are typically ‘building blocks’ of generic services (e.g. PKI).
Section 8 considers the techniques in the context of the ten common minimum
functionalities, and the results of the evaluation of each technique are grouped by
component (Sections 9-11).
14.2.Common minimum functionalities
The stated objective of the study is the identification and selection of Best Available
Techniques for the recommended ten common minimum functional requirements related
to the smart metering system roll-out under a cyber-security and privacy perspective. This
could lead the end user to expect the report to specify a set of BATs for each of the common
minimum functional requirements.
However, analysis of the questionnaire results made it clear that there was no general
consensus among stakeholders on smart metering architectures and processes, due to the
different technological approaches and diverse regulatory environments across Member
States. Evidently, if there are differences in architectures and processes, how the processes
are implemented per functionality/use-case and the applicable BATs will also diverge.
14.3.Approach
For this reason, the techniques gathered were clustered in two different dimensions (as
described in section 7); firstly, by component or information flow and secondly, by the
cybersecurity domain that the technique falls into. By presenting the results in this way,
the authors aim to provide a more flexible model to readers, who can select their preferred
BATs according to their particular smart metering architectures and use cases. See Figure
12 below:
Page 207 of 211
Figure 12: BAT use approach
Additionally, since the selection and implementation of cyber security techniques will
depend on a security risk assessment, the selection of the BATs will vary according to the
risks identified, relevance to the different cybersecurity domains, and the risk appetite of
the organisation.
14.4.Findings & conclusions
This report has assembled a good range of techniques which may be considered for smart
metering components and communications. Techniques are continually evolving so this
should be seen as a ‘snapshot in time’.
Responses by stakeholders to the survey questionnaire also varied in approach and depth,
which complicated the task of the TEG in creating a common basis for evaluating these
techniques. Nevertheless the report provides a useful summary of techniques relevant to
the deployment of smart metering systems and provision of the minimum functionalities.
In practice it is likely that specific techniques will be used in combination, and the security
of the overall system should be seen in this light.
It is evident that stakeholders have differing perspectives on and approaches to security,
probably reflecting different perceptions of likely threats, but also corresponding to the
various architectures involved in Member State deployments. There are also differences in
the perception of privacy, which most probably will change with the full implementation
of the new General Data Protection Regulation (and data protection impact assessment
framework).
In considering Best Available Techniques, the workgroup originally envisaged including
an economic assessment in the evaluation framework. However very few responses
contained information on this matter, probably for reasons of commercial sensitivity. It
was thus not possible to draw conclusions on this aspect and the report deals only with the
technical aspects of the techniques analysed.
It should be stressed that not using a Best Available Technique does not automatically
make the total system insecure. The report is intended as a guide to BATs or checklist
Page 208 of 211
when considering security aspects and the features of individual techniques; it does not
avoid the need for expert assessment of the security of the overall system.
A large number of smart meters are already in operation and the report may be used to
check the solutions used in the installed system. Where this indicates the techniques used
are not among the BATs, this may be natural for a system which has been in operation for
some years - techniques for enhancing privacy and security are constantly being improved.
The important issue is whether the security level in use results in serious threats to the
system, and if so, how these threats may be mitigated.
14.5. Quantum computing threats and recommendations
In recent years, research on quantum computers shows that these machines will be able to
solve mathematical problems that are difficult or intractable for conventional computers such
as Integer Factorization or the Discrete Log Problem over various groups. The security of
asymmetric cryptosystems such as Diffie-Hellman key exchange, the RSA cryptosystem,
and elliptic curve cryptosystems depends on the difficulty of these theoretic problems. Many of our most crucial communication protocols rely principally on three core
cryptographic functionalities: public key encryption, digital signatures, and key exchange,
implemented with these cryptosystems.
The quantum computing presents then a serious challenge to these widely used current
cryptographic techniques. The table below extracted from the Report on Post-Quantum
Cryptography published by the NIST13 (NISTIR 8105), shows the Impact of Quantum Computing
on Common Cryptographic Algorithms
Cryptographic
Algorithm
Type Purpose Impact from large-
scale quantum
computer
AES-256 Symmetric key Encryption Larger key sizes
needed
SHA-256, SHA-3 Hash functions Larger output
needed
RSA Public key Signatures, key
establishment
No longer secure
ECDSA, ECDH
(Elliptic Curve
Cryptography)
Public key Signatures, key
exchange
No longer secure
DSA
(Finite Field
Cryptography)
Public key Signatures, key
exchange
No longer secure
Some of the algorithms used nowadays are not quantum safe algorithms (e.g. RSA, DSA,
DH, ECDH, ECDSA) but are largely deployed and needs to be supported during this
transition period for legacy reasons and before new quantum-safe algorithms take over. It
is important to take into account this quantum computing vulnerability, increasing the key
13 NIST: NISTIR 8105 DRAFT (February 2016) : Report on Post-Quantum Cryptography.
http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
Page 209 of 211
lengths for example for symmetric key algorithms like AES, unfortunately RSA and ECC
are not able to adapt by increasing their key sizes to outpace the rate of development of
quantum computing. As these algorithms could be deprecated, systems currently
implementing these algorithms shall be prepared to transition away from these algorithms
as early as 10 years from now, and a crypto agility is necessary as said in the NIST report.
The recommendation of ETSI14 and NIST for cryptographic algorithms for a better
protection against quantum computing vulnerability is then
To increase the key lengths of symmetric key algorithms
To maintain crypto agility to be prepared to transition away from vulnerable
algorithms to quantum-safe ones when available and their security assessed.
14.6.Recommendations
It is recommended that the responsible for smart metering deployments takes account of
the detailed analyses and evaluations of the technical attributes of the best available
techniques presented in this report, and uses these when assessing the security of their
overall system.
Care shall be taken by the readers, when selecting techniques for a component, considering
the entire set of requirements for this component and selecting the technique covering all
the functionalities and not only the technique that appears as best ranked for one
functionality. For example, a technique may be ranked very well for cybersecurity (2)
because it provides for example a good protection for confidentiality (2) but with other
criteria non applicable. Applying this technique ranked at maximum on a communication
link that needs integrity and authenticity would provide less security for this link than a
technique providing confidentiality, authentication, and integrity even less ranked on
confidentiality (with a value of 1).
In the evaluation and adoption of security techniques, consideration should be given to the
importance of assurance / certification for any BAT selected
It is recommended that readers, when selecting techniques, assess the financial
implications of using particular technique(s) in their particular situations and balance these
against the BAT evaluations in this report. A cost benefit analysis should always be
performed when selecting the BATs in order to assess whether the selection will be really
effective in achieving the expected objectives of protection. In particular, the cost implied
for recovering from an attack should be considered carefully when selecting a technique.
14 : ETSI: ETSI White Paper No. 8: Quantum Safe Cryptography and Security: An introduction, benefits,
enablers and challenges; June 2015
http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf
Page 210 of 211
14.7.Future work
As with developments in IT generally, the security of IT based solutions has a very
dynamic and progressive nature. As threats continuously change, new security solutions
are developed. This implies that an evaluation of Best Available Techniques has only a
short validity. The work performed by EG2 to gather, analyse and evaluate BATs forms a
basis for such evaluations that should be executed on regular basis.
Furthermore it is important to link the outcome of this work to similar activities undertaken
on European level, such as the work on “Minimum Security Requirements” for smart
metering by the Smart Meters Co-ordination Group. The BATs could be coupled with the
requirements for implementation guidance of security controls. As with BATs, these
requirements also need to be maintained, depending on new threats and security incidents.
The SM-CG has a reference architecture and Use Cases available to serve as a basis for
analysing threats, defining requirements and selecting risk mitigating techniques.
In this line of thought, another valuable activity would be to rank the BATs according to
the smart metering Use Cases to identify the techniques that are available for securing
specific Use Cases, depending on the risks associated with such Use Cases.
Some of the work mentioned above, that implies an extra step in the process by using the
current output of EG2’s deliverables, can be taken on board by EG2 and, if appropriate, in
co-operation with other organisations. Routine work, such as maintaining or redefining a
list of BATs should be left to the market or an existing standing organisation.