Applus+ is an accredited laboratory for performing Common Criteria evaluations of Smart Meters. This certification allows manufacturers to differentiate their products and guarantee that they have an adequate level of security adapted to the European regulatory framework under development for Smart Grids.
Water, electricity and gas distribution networks are critical infrastructures. The conversion of these infrastructures into Smart Grids requires the incorporation of diverse key security IT products, such as gateways, that act as an interface between the meter and the supplier; the mini-HSM embedded in the gateway, in charge of cryptographic operations, and the Smart Meters themselves.
From a cybersecurity standpoint, meters have their own security risks. Due to the great amount of devices installed in households and businesses, a vulnerability in their design may put at risk users’ access to basic services or even a whole country.
The European Union has spent the last few years deploying a new regulatory framework to guarantee the security of Smart Grids. Germany was the first European country to regulate the security requirements of the Smart Metering systems through the development of specific protection profiles for gateways and mini-HSMs.
In 2019, the CEN/CENELEC/ETSI work group published the first specific protection profile for the meters, with the support of the European Smart Meter Industry Group (ESMIG). The goal of this new protection profile is to establish the minimum security requirements that Smart Meters must meet, in line with the regulations laid down by the European Cyber Security Act.
This new protection profile allows Smart Meter manufacturers to certify their products under the Common Criteria scheme. This internationally recognized official certification is a differential element in terms of the quality and security of a product and ensures its conformity with the European regulatory framework.
Applus+ is an accredited IT Security Evaluation Facility (ITSEF) for conducting Common Criteria evaluations, and has been recognized by the European body SOGIS as a laboratory accredited in the Hardware with Security Boxes technical Domain, which includes Smart Meters. Additionally, Applus+ takes part in the JEDS work group, in charge of maintaining state-of-the-art technical domain and its protection profiles.
Our security experts take care of the whole evaluation process, supporting manufacturers in the preparation of the documentation and coordinating the project management to meet the expected deadlines.
As an alternative to Common Criteria, Applus+ can carry out a lighter, independent evaluation, adapted to the company’s needs and to the product’s specifications. The objective of this evaluation is to provide guarantees to the end client regarding the safety of the product against potential attacks, protecting their brand and reputation.