Public Hearing on amendments to AMS security requirements in the Metering and Settlement Regulation
A proposal for more detailed security requirements for Advanced Metering System (AMS), to ensure comprehensive protection of the metering value chain, is currently on public hearing in Norway.
Norwegian regulation no. 301 of 11 March 1999: regulations governing metering, settlement and coordinated action in connection with electricity trading and invoicing of network services (hereafter shortened to the Metering and Settlement Regulation), has AMS conditions that are intended to contribute to correct settlement, provide necessary information for managing electricity consumption and give increased opportunity for grid companies to streamline network operation.
The deadline for feedback on the hearing is 21 May 2018.
Please send your feedback in writing to NVE at email@example.com.
• Two new definitions regarding AMS and remote disconnection
• Minor changes to functionality in AMS
• New condition on security requirements in AMS
• Introduce violation fees when security requirements are breached
Link to information in Norwegian.
Clearer AMS security requirements
Grid companies are required by law to install AMS at all meter points in Norway by 1 January 2019. Currently, 50% have been installed. NVE has gained valuable experience through inspections and communication with the industry. Development of this type of technology is fast, and it is important that ICT Security Regulations are updated accordingly. There are functionality requirements imposed on AMS, including general security requirements. Thus, NVE is proposing amendments to clarify what the security obligations for AMS imply.
In the Autumn of 2016, on NVE’s request, SINTEF conducted a review of NVE's AMS Security Guide. The purpose of the assignment was, among other things, to evaluate the guide’s security requirements, new issues, as well as provide recommendations for improving the content of the guide. The report uncovered a need for clearer security requirements in AMS.
In addition, NVE reviewed its own ICT Security Regulations between Autumn 2016 and Spring 2017. The assessments were published in NVE Report 2017: 26 - "ICT Security Regulation" (in Norwegian). The purpose of the review was to assess the need for amendments to the ICT Security Regulation framework for energy supply. NVE concluded that it was necessary for more specific regulation of AMS security.
In December 2017, NVE sent a proposal for amendments to the Security and Emergency Preparedness regulation out on public hearing. Amending §6-9, specifying measures for protective security of digital information systems, including AMS. In addition, new security requirements for remote disconnection in AMS have been proposed in § 6.10. The proposed amendments to the Metering and Settlement Regulation include definition of AMS and remote disconnection, as well as new security requirements intended to provide AMS with a higher level of security than the general protective security measures in the Security and Emergency Preparedness regulation.
Proposed amendments to the Metering and Settlement Regulation
As determined by The Norwegian Watercourses and Energy Directorate (NVE) xx.xx.2018, pertaining to the Act of 7 December 1990 no. 959 on production, transformation, transmission, turnover, distribution and use of energy, etc (The Energy Act), § 9-1, letter i, cf Act of 29 June 1990 no. 50 on production, transformation, transmission, turnover, distribution and use of energy, etc (The Energy Act) § 10-6.
The following amendments are made to the Metering and Settlement Regulation of March 11, 1999 no. 301.
§ 1-3 Two new definitions as follows:
Advanced Metering System (AMS): Two-way information and communication system between electricity meters used in settlement of each meter point and the grid company’s or its supplier’s head-end system.
Remote disconnection: a system for remotely connecting and disconnecting the electrical current in an AMS meter point.
§ 4-2 to read:
§ 4-2. Functional requirements
Grid companies are responsible for making sure that AMS:
a) Is able to store metering values at maximum 60-minute intervals, allowing for interval to be changed to minimum 15-minute intervals
b) Has a standardised interface that facilitates communication with external devices based on open standards
c) Is able to connect and communicate with other types of metering devices
d) Is able to disconnect and limit power output at each meter point, excluding transformer metered installations
e) Is able to send and receive information on electricity prices and tariffs as well as transfer control and residual current device signals, and
f) Is able to record two-way flow of active and reactive power.
The Norwegian Water Resources and Energy Directorate may, in special circumstances, grant exemption from certain requirements.
New § 4-2a to read:
§ 4-2a. AMS security requirements
The grid company is responsible for ensuring that security is taken into account when initialising and implementing change processes associated with AMS. When choosing between different AMS solutions, the grid company must choose the solution with the highest level of security as long as the cost of implementation is justifiable after cost-benefit assessment.
The grid company is responsible for AMS security. Security solutions in AMS, including encryption solutions, must meet the requirements of digital information systems in the Security and Emergency Preparedness regulation. In addition, the following requirements must be met:
a) Devices used for communication with or within AMS must be approved by the grid operator or network service provider before access is granted; similarly, software must be approved before it is installed in AMS
b) End-to-end security for data exchange between the AMS meter and grid company
c) AMS meters, central operating systems and elements of the communication infrastructure that have functionality that may affect security in AMS must be updated at all times
d) Incidents that jeopardise the security of an AMS meter or its communication with the central system should not affect the security of other AMS meters, their communication with the central system, or the central system itself
e) AMS meters, central systems and the communication infrastructure between these entities must, in order to ensure availability, be able to carry out tasks the system is designed to perform at all times. AMS accessories must not have functionality beyond what is required to perform the tasks they are designed for.
f) There must be a clear distinction between AMS and other ICT networks in order to prevent unauthorised access to AMS through such networks and
g) Access to the AMS meter’s interfaces is restricted to end-users, grid companies and other legitimate parties.
In the event of the grid company or its supplier connecting other devices or systems to AMS, the same security level must be maintained or improved; similarly, if end-users or third parties connect to AMS.
Grid companies must document that they fulfil the demands of sections 1 – 3 in an internal control system.
§ 9-1c to read:
§ 9-1c. Violation fees
Fines may be given when conditions in § 2-1a, § 2-2, § 3-3, § 3-7, § 3-8, § 3-10, § 4-2a, § 6-12, § 8-1, § 8-1a and § 8-3 are violated.