[Owasp-royalholloway] [Owasp-london] Smart Meter Security Consultation

Colin Watson colin.watson at owasp.org
Wed Jun 27 06:47:39 UTC 2012


Thanks Tobias. The risks to parties other than the energy provider is
an important point.

Some other people have replied directly too, so I will wait and see
who else is interested and then re-contact everyone.

Colin

On 26 June 2012 11:35, Tobias Gondrom <tobias.gondrom at gondrom.org> wrote:
> Hi Colin,
>
> thank you for bringing this up.
> I think you are right and it would make sense for OWASP to submit a
> response.
> Thanks for taking the coordination lead on this.
> I'll be happy to join and help with the response.
>
> Best regards, Tobias
>
> Ps.: some things coming to my mind immediately, would be:
> 1. for the the security of applications to read and manage the meters, OWASP
> could provide great to input
> 2. and from what I know about smart metering, it might also be important to
> talk about risks from the perspective of all main stakeholders:
> - risks to the provider
> - risks to the public (critical infrastructure/availability of assets/power)
> - and risks to the customer (exposure of customer data, btw. I saw a smart
> meter scenario in the US, where you could basically determine all kinds of
> personal activities based on meter data (when you get up, when you have
> dinner, wash your laundry, up to which film you are watching on TV
> (seriously, the power consumption pattern could be correlated to specific
> channels)).
>
>
>
> On 25/06/12 12:51, Colin Watson wrote:
>>
>> [UK list cross-post - sorry if I missed any chapter out]
>>
>> The Department for Energy and Climate Change (DECC) has opened a
>> consultation on the proposed security requirements for smart meter
>> systems, due to be rolled out from 2014 to 2019. The consultation is
>> at:
>>
>>
>> http://www.decc.gov.uk/assets/decc/11/consultation/smart-meters-security-risk-assess/5434-cons-smart-meters-security-risk-assess.pdf
>>
>> It mentions "good practices", "ISO 27001" and includes a definition of
>> "secure". It asks three open questions:
>>
>> * Do you consider that the draft licence conditions deliver the policy
>> intention outlined in this document? Please provide comments on where
>> the drafting could be amended or clarified.
>>
>> * Do you have any comments on the proposed approach that suppliers
>> should carry out a number of good practice security disciplines and
>> procedures as is set out in this document?
>>
>> * Do you have any further comments with regard to the issues raised in
>> this document? We also welcome general comments around the approach to
>> small suppliers, the processes expected of suppliers in general, and
>> any related costs.
>>
>> Maybe OWASP's UK chapters would like to collaboratively submit a
>> response? I am happy to coordinate. If anyone is interested please
>> contact me directly or via these lists. The consultation closes on
>> 27th July.
>>
>> Colin
>> _______________________________________________
>> Owasp-london mailing list
>> Owasp-london at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-london
>
>
>


More information about the Owasp-royalholloway mailing list