Cybersecurity and Data Privacy

Activities and Goals

  • Summarisation of EU-wide and member country specific recommendations and regulations for smart metering
  • Analysis of existing best practice security and privacy recommendation frameworks for embedded systems

Key Learnings

The AnyPLACE platform implementation is based on an embedded system that resides on the end-user’s premises. While recent publications have shown that embedded systems often raise security and privacy concerns, the development of the AnyPLACE platform followed a secure development lifecycle and best practice recommendations from the very beginning. Connecting multiple stakeholders and their infrastructures, the development of the solution had to take into account the EU-wide and member-specific recommendations and regulations for smart metering as well as the best practices for embedded systems security. In addition, attention was paid to data protection through technology design (“Privacy by design and by default”), which is an important principle of the European General Data Protection Regulation (GDPR).

The information we learned would be of interest to:

Results from the security point of view are interesting for device manufacturers and system architects of smart meter gateways. In particular, within the AnyPLACE solution an up-to-date summary of EU-wide and member country specific recommendations and regulations for smart metering was provided. Additionally, the AnyPLACE solution covers analysis of existing best practice security and privacy recommendation frameworks for embedded systems.

Further reading

NISTIR 7628 Rev. 1, Guidelines for smart grid cybersecurity, National Institute of Standards and Technology, Standard, 2014.

ENISA, Smart grid security recommendations European Union Agency for Network and Information Security, Tech. Rep., 2012.

Smart Meters Coordination Group, Privacy and security approach – part i CEN-CENELEC-ETSI, Tech. Rep., 2013.

BSI-CC-PP-0073-2014, “Protection profile for the gateway of a smart metering system” Federal Office for Information Security, Protection Profile, 2014.

European Parliament,Regulation (eu) 2016/679 of the european parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec, Official Journal of the European Union, 2016.

European Network for Cyber Security, “End-to-end security for smart metering,” Österreichs Energie, Requirements Catalog, 2018.

Netbeheer Nederland – WG DSMR, Dutch smart meter requirements v4.2.2, Netbeheer Nederland, Requirements Catalog, 2014.

Christian Kudera, Viktor Ullmann, Markus Kammerstetter, Wolfgang Kastner, Security and Privacy Implementations within the AnyPLACE Energy Management Solution, IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA 2018), September 4th – 7th, 2018, Torino, Italy.