[Owasp-royalholloway] [Owasp-london] Smart Meter Security Consultation

Tobias Gondrom tobias.gondrom at gondrom.org
Tue Jun 26 10:35:07 UTC 2012


Hi Colin,

thank you for bringing this up.
I think you are right and it would make sense for OWASP to submit a 
response.
Thanks for taking the coordination lead on this.
I'll be happy to join and help with the response.

Best regards, Tobias

Ps.: some things coming to my mind immediately, would be:
1. for the the security of applications to read and manage the meters, 
OWASP could provide great to input
2. and from what I know about smart metering, it might also be important 
to talk about risks from the perspective of all main stakeholders:
- risks to the provider
- risks to the public (critical infrastructure/availability of 
assets/power)
- and risks to the customer (exposure of customer data, btw. I saw a 
smart meter scenario in the US, where you could basically determine all 
kinds of personal activities based on meter data (when you get up, when 
you have dinner, wash your laundry, up to which film you are watching on 
TV (seriously, the power consumption pattern could be correlated to 
specific channels)).


On 25/06/12 12:51, Colin Watson wrote:
> [UK list cross-post - sorry if I missed any chapter out]
>
> The Department for Energy and Climate Change (DECC) has opened a
> consultation on the proposed security requirements for smart meter
> systems, due to be rolled out from 2014 to 2019. The consultation is
> at:
>
>    http://www.decc.gov.uk/assets/decc/11/consultation/smart-meters-security-risk-assess/5434-cons-smart-meters-security-risk-assess.pdf
>
> It mentions "good practices", "ISO 27001" and includes a definition of
> "secure". It asks three open questions:
>
> * Do you consider that the draft licence conditions deliver the policy
> intention outlined in this document? Please provide comments on where
> the drafting could be amended or clarified.
>
> * Do you have any comments on the proposed approach that suppliers
> should carry out a number of good practice security disciplines and
> procedures as is set out in this document?
>
> * Do you have any further comments with regard to the issues raised in
> this document? We also welcome general comments around the approach to
> small suppliers, the processes expected of suppliers in general, and
> any related costs.
>
> Maybe OWASP's UK chapters would like to collaboratively submit a
> response? I am happy to coordinate. If anyone is interested please
> contact me directly or via these lists. The consultation closes on
> 27th July.
>
> Colin
> _______________________________________________
> Owasp-london mailing list
> Owasp-london at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-london




More information about the Owasp-royalholloway mailing list