Ensuring the security of UK Smart Metering
As a new generation of smart meters is rolled out across the UK, manufacturers must continue to demonstrate that any equipment installed in homes and businesses is (cyber) secure.
Manufacturers are required to obtain and then maintain certification under the Commercial Product Assurance (CPA) scheme, which is overseen by the UK National Cyber Security Centre (NCSC).
Over recent years, members of CyTAL have been instrumental in the development and maintenance of the Commercial Product Assurance (CPA) scheme for UK Smart Meters and CyTAL is an NCSC Assured Service Provider.
If you’re looking for a CPA evaluation, contact us today.
Products that must be ‘CPA certified’ are as follows:
- Gas Smart Metering Equipment (GSME)
- Electricity Smart Metering Equipment (ESME)
- Smart Metering Communications Hub (CH)
- Standalone Auxiliary Proportional Controllers (SAPC)
- HAN Controlled Auxiliary Load Control Switches (HCALCS)
If you’re developing one of more of the above items and would like help in understanding how the CPA process works, just get in touch.
What happens during a typical CPA evaluation?
During a CPA evaluation, CyTAL will assess your product against a Security Characteristic.
The Security Characteristic has three types of requirements that we’ll need to take a look at.
DEV
CyTAL will look at the fundamentals of your product’s design, by examining design and development documentation.
VER
CyTAL will look at your product’s critical functional properties – we’ll perform a variety of security functional tests, and we’ll fuzz the product’s interfaces.
DEP
CyTAL will assess any guidance, administration and installation documentation for your product.
CyTAL will also need to evaluate whether your development process meets the Build Standard. Here we will assess any documentation describing the development and manufacturing processes and make one or more site visits to evaluate the processes in operation.
A successful evaluation will result in certification for six years. Any changes made to the product or process during that time, are dealt with by Assurance Maintenance activities. For this, CyTAL will need to determine whether the existing certificate is unaffected by the changes, or whether the changes require further confirmatory evaluation activities.
CPA - What's the basic process?
Please see the NCSC website for more information on the CPA process:
https://www.ncsc.gov.uk/information/commercial-product-assurance-cpa
UKAS
CyTAL is a UKAS accredited testing laboratory No. 9334, from which we perform Commercial Product Assurance (CPA) evaluations according to the NCSC Process for Performing CPA Foundation Grade Evaluations.
Click here for our schedule of accreditation