Embed Size (px)
Citation preview
World Class Standards
Report of EC Smart Grid Task ForceExpert Group 2 activities
Regulatory Recommendations for Data Safety, Data Handling and
Data Protection
François Ennesser
ETSI EG2 Representative© ETSI 2010. All rights reserved
14 June 2010
World Class Standards
Expert Group 2 Scope
Within the general Task Force mandate: TASK 1. Produce a common vision in conjunction with institutional
actors and key stakeholders for the implementation of Smart Grids
TASK 2. Identify the strategic decisions and regulatory recommendations for the EU-wide implementation of Smart Grids
TASK 3. Produce a strategic roadmap for the implementation of Smart Grids and Smart Meters into the European internal market
Expert Group 2 mandate: "The key deliverable is to identify the appropriate regulatory scenario
and recommendations for data handling, safety and consumer protection”
ETSI/B72(09)XX 2
World Class Standards
EG 2 Represented organizations
3
ESMIG 5 Metering Industry
DigitalEurope 3 IT Industry
EECA - ESIA 4 Semiconductor Industry
DSO Club 3 Energy Distribution
CEN/CENELEC 5 Standards Development Organization
EU TC 3 Utilities Telecom Council
EU TREN 2 European Commission
ANEC - BEUC 2 Consumers
ERGEG 1 Energy regulation
EURELECTRIC 1 Electricity Industry
T&D Europe 1 Energy Transmission and distribution
GEODE 1 Energy Distribution
ConsumentenBond 2 Consumers
CEDEC 1 Energy companies
ETSI 1 Standards Development Organization
World Class Standards
EG2 intentions
Identify benefits and concerns of customers to become active actors
Overview of European legislation on data protection Identify:
possible risks in data handling, safety and protection data exchange issues ownership of data and access rights responsible parties for data protection
Analyse how to handle these issues along the value chain Develop a framework for using data Recommendations for Information and Communication of Smart
Grid benefits to consumers and politicians
4
World Class Standards
EG2 Organization
The group organized 7 subtasks, to produce input documents for final contribution:1. Definitions
2. EU Countries Inventory
3. Benchmark of other industries (Telecom, Banking…) and countries
4. Recommendation for Open Standards
5. Recommended data safety, data protection and data handling framework
6. Recommendation on Smart Grid Benefits/Risks
7. Business case Smart Grid / Smart Meter
5
World Class Standards
The situation in Europe today
Efforts towards the implementation of Smart Grid reached sophisticated but not coordinated level
Example initiatives: Dutch Smart Metering Standard (DSMR) German Open Metering System Specification (OMS) German FNN MUC Specification
Recommendations for data security exist (including smart grid data security) but…
EU-wide guideline for end-to-end security in Smart Grid is missing
Critical infrastructures such as power grids are targets for cyber attacks and therefore, need strong protection
Actual happenings in other fields (banking, healthcare) show that high attention of consumer data safety is critical
6
World Class Standards
The Dutch experience 2009: Dutch law mandating smart meters voted down due to
privacy concerns Same as another Dutch law, for Road Pricing (also M2M) Problem: Frequent monitoring of energy consumption gives insights
on people’s privacy
Energy distributors in the Netherlands became sensitive to Security & Privacy issues and addressed the issue Extensive studies initiated, encompassing all aspects
According to EC Directives (subject to national interpretation): Unless user chooses to enroll, there shall be no interference to
privacy right, except as allowed by law in the interest of democratic society
When do privacy violations counterbalance benefits to society?
Level of trust to be raised by appropriate public communication 80% smart meter coverage intended and needed to break even
ETSI/B72(09)XX 7
World Class Standards
EG2 Report presentation
EC expectations:
Reports to be about 20 pages long
Each EG report will be maintained as an independent document
EGs will be tasked with further investigations as a next step
EG2 Report outline with recommendations are listed in the following slides
ETSI/B72(09)XX 8
World Class Standards
1- Presentation of European Privacy Framework
Recommendation 1:
Investigate how EC Privacy and Data Protection framework cover Smart Metering and Smart Grids
Determine any additional legal framework needed for regulation
Propose particular privacy requirements for the stakeholders
ETSI/B72(09)XX 9
World Class Standards
2- Other industries and international experience
Banking, Telecom, Automated Fare collection, Road Pricing: • Recommendation 2: Address Security & Privacy at the design stage • Consider security features developed out of identified threats in Telecom• Data aggregation and anonymization will be essential for Smart Grids
Dutch Experience: • Apply below Framework for developing Security & privacy requirements
ETSI/B72(09)XX 10
Stakeholder analysis and ‘rulebase’
Goals of the grid company
Official rules, laws, etc.
Norms and standards
Stakeholders’expectations
Requirements‘what’ to protect?
Privacy and security goals
Measures‘how’ to realize it?
Formulation principles
Riskanalysis
Considerationsand choices
Stakeholder analysis and ‘rulebase’
Goals of the grid company
Official rules, laws, etc.
Norms and standards
Stakeholders’expectations
Requirements‘what’ to protect?
Privacy and security goals
Measures‘how’ to realize it?
Formulation principles
Riskanalysis
Considerationsand choices
U.S.: More focused on malevolent attacks and less on privacy
World Class Standards
3- Data Security
First assessment of security risks on the involved interfaces Recommendation 3: CEN/CLC/ETSI Joint Working Group to update,
extend or develop standards covering Smart Grid security
ETSI/B72(09)XX 11
Pending issueabout ETSI’s involvement in this picture…
World Class Standards
4- Data Handling
Recommendation 4:
Develop pilot projects in consultation with banking and payment card industry, to propose list of high level data handling principles for smartgrid operators to design their systems and processes
Produce and present paper to CEN, CENELEC Joint WG highlighting additional detailed standardization required in Data Handling
Define the Security levels from minimum to advanced and estimate their cost.
ETSI/B72(09)XX 12
World Class Standards
5- Data Privacy
Recommendation 5:
Detail and distinguish the different data elements between:
• Consumers data: Specific data that can be traced back to the individual consumer
• Technical data: Aggregated and anonymous data that does not contain explicit reference to persons
Define roles and responsibilities regarding ownership, possession and access to data, read and change rights, etc.
ETSI/B72(09)XX 13
World Class Standards
Next Steps
EG 2 Report Version 1.0 open for comments until Close of Business Tuesday, June 15
Possible 1 to 1 Teleconf on Wednesday June 16 to resolve major areas of conflicts
Presentation to Task Force Steering Committee by June 22
Expectation that EG2 will be tasked with further investigations in the next phase
ETSI/B72(09)XX 14
