Utility Week - authoritative, impartial and essential reading for senior people within utilities, regulators and government
Issue link: https://fhpublishing.uberflip.com/i/507450
UTILITY WEEK | 8TH - 14TH MAY 2015 | 23 Operations & Assets Market view I n a complex ecosystem, with as many moving parts as the smart metering implementation programme (SMIP), it can be easy for seemingly small but crucial activities to get lost in the noise. The impor- tance of cyber security and the protection of customers' privacy is clearly at the heart of the smart energy code and the SMIP assurance regime. However, the multi-party nature of the SMIP can make it difficult for participants to identify what they have to do and where they are on the critical path. Com- mercial product assurance (CPA) require- ments are fundamental to help ensure smart metering devices are secured before deploy- ment, adequately planning this workstream is therefore paramount to the SMIP. The SMIP is a large, complex programme, with a structure that is almost unique in smart metering projects globally. Specific fea- tures of the Great Britain programme include the creation of new entities such as the Data Communications Company (DCC), the cen- tral body responsible for the management of implementing the data and communica- tions infrastructure smart meters will use, and new regulation governing smart energy in the form of the smart energy code. All of this requires complex interworking between many industry stakeholders, working toward the same objective – to have a smart meter- ing system in every home and small business in Great Britain by 2020. The testing and assurance regime associ- ated with the SMIP is a critical component of the programme. Many phases need to be completed and milestones reached to ensure that all stakeholders are ready to start mass rollout. The recent delays to the start of the mass rollout (it will now begin in 2016) mean that more and more tasks are being com- pressed into a shorter delivery period. It is more important than ever to de-risk delivery and to remove every potential roadblock to clear the way to success. That includes man- ufacturers, communications providers, and energy suppliers completing certification and assurance steps as early as possible. In some instances, in parallel. Testing and assurance includes many different phases and obligations on differ- ent stakeholders. For example, the DCC is responsible for systems integration testing across its supply chain, while energy sup- pliers are responsible for ensuring that the smart meters they select are compliant with approved smart meter specifications. It is a complex set of interrelated commitments and can be confusing to navigate even for those close to the programme. The need to ensure that the smart meter infrastructure is secure, and that consumers' energy usage data measured by the smart meters is private, have both, rightly, long been concerns of the SMIP. As such, CESG (the information security arm of GCHQ, and the national technical authority for informa- tion assurance within the UK) was involved in defining the security aspects of the SMIP assurance regime. The involvement of CESG and the requirements its standards put on the programme will ensure that the valuable assets being created are protected, and most critically provide assurance that consumers' data privacy is secured. CPA certification is one component of security assurance and is a certification pro- cess for devices established and approved by CESG. SMIP participants (with a particular emphasis on meter and communications hub manufacturers and energy suppliers) should be aware that CPA is a separate requirement, independent from other areas of the smart energy code. The smart metering device assurance initiative supported by many device manufacturers and administered by BEAMA, for example, will provide confirma- tion that the components of smart metering systems are compliant but does not address or provide CPA certification. Participants will either have to seek this certification sepa- rately or it may be an exit criteria and so suc- cessful completion of the smart meter device assurance process becomes contingent on achieving CPA. All parts of the smart metering system (both the gas and electricity meters, and the associated communications hub) need to be CPA approved. Energy suppliers are responsible for ensuring that their selected components are compliant, and device man- ufacturers will be asked to confirm they have certification in place. There are only a small number of CPA cer- tified test laboratories in the UK, and the pro- cess itself is defined and overseen by CESG to a stringent set of criteria and timescales, which everyone has to adhere to in the same way to achieve certification. The commercial product assurance of SMETS2-compliant devices is a relatively small part of ensuring readiness of the smart metering system but is critical to it staying on track. The specification of SMETS2 is com- plete, and the CPA process is well-defined, so CPA certification is a step that can be started now. If not, the programme runs the risk of encountering bottlenecks in the supply of test resources, or that commercial product assurance becomes another step to be com- pleted within short timescales as the testing and assurance reaches its later and more complex phases. KPMG is one of the largest of the UK's CPA-approved laboratories with 300 small and medium-sized enterprises ready to sup- port device manufacturers through this process. Amy Marshall is power & utilities director at KPMG; Alejandro Rivas-Vasquez is principal advisor in the KPMG's cyber security practice Smart meters put to the test The start of the smart meter rollout has been postponed, but energy companies must not let the device testing regime similarly fall behind, say Amy Marshall and Alejandro Rivas-Vasquez. Key facts about the rollout 2020 deadline for all homes and small businesses to have a smart meter in- stalled. All smart meters must be offered with an in-home display. The rollout will involve the replacement of 53 million electricity and gas meters. The rollout will require at least 30 million visits to customers' premises.