In its latest consultation (18-page / 118KB PDF) on use of the technology the Department for Energy and Climate Change (DECC) has set out steps suppliers will have to carry out to ensure their systems are secure to an "appropriate standard" in the period running up until the launch of its Data and Communications Company (DCC).
Suppliers will have to conduct an initial risk assessment of their end-to-end systems as well as ongoing risk assessments as new threats emerge, and will have to have annual independent security risk audits conducted by external specialists.
Suppliers will also be expected to have incident management procedures, enabling them to identify and respond to security incidents in a coordinated manner, in place along with business continuity and disaster recovery procedures. They will also be expected to install physical security controls to protect equipment that interacts with the smart metering system.
No comments:
Post a Comment