SMKI Recovery Procedure

Similar documents
SMKI Recovery Procedure

Smart Metering Implementation Programme: Testing Baseline Requirements Document

Section Development History/Status Origin Link (to relevant. documentation) SEC stage 4 consultation. SEC Stage 4 consultation Content first proposed

Consultation on DCC Enduring Release Management Policy. Consultation opens: 18 September 2015

Incident Management Policy

Certification Practice Statement (ANZ PKI)

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

Cryptography and Network Security Chapter 1

Cryptography and Network Security

Incident Management Policy

TELSTRA RSS CA Subscriber Agreement (SA)

Committee on National Security Systems

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Certificate Policy. SWIFT Qualified Certificates SWIFT

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Smart Meters Programme Schedule 8.6. (Business Continuity and Disaster Recovery Plan) (CSP North version)

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Data Communications Company (DCC) price control guidance: process and procedures

Class 3 Registration Authority Charter

Private Patient Policy. Documentation Control

CORPORATE RECORDS MANAGEMENT POLICY

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

SEC Guidance I Processing of Service Requests, Responses and Alerts

Competition and Markets Authority Energy market investigation: Notice of possible remedies Response of Smart DCC Ltd

How To Prepare A Configuration Change Change Request For The Tfnsw Cmaac

Guidance document for EMIS Web EPS Release 2 deployment

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Smart Meters Programme Schedule 4.1

Trustis FPS PKI Glossary of Terms

Updated SIT1 functionality (annex to SIT Approach Document) request for SEC Panel approval

NHS COUNTER-FRAUD AND SECURITY MANAGEMENT

Smart Meters Programme Schedule 1 (Interpretation and Definitions) (CSP Central version)

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Memorandum of Understanding

Dundalk Institute of Technology Change Control Procedure

Archived NIST Technical Series Publication

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Third Party Security Requirements Policy

Cryptography and Network Security Chapter 14

Network Certification Body

Danske Bank Group Certificate Policy

Transnet Registration Authority Charter

Standard conditions of the Electricity Distribution Licence

December 21, The services being procured through the proposed amendment are Hosting Services, and Application Development and Support for CITSS.

CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE Notarius Inc.

Spotlight on the SEC Seminar. 23 rd October :00 15:00

Co-operative Energy, Co-operative House Warwick Technology Park, Warwick CV34 6DA.

Quality Assurance and Enhancement Documentation. 1.0 Introduction. 2.0 Standard Format. 3.0 Programme Approval Form. 4.0 Validation Documentation

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

BOARD CHARTER Link Administration Holdings Limited ("Company") ABN

ARTL PKI. Certificate Policy PKI Disclosure Statement

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Ericsson Group Certificate Value Statement

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

Equens Certificate Policy

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

GUIDANCE NOTE Building Control (Amendment) Regulations 2014 Procurement Implications for Contracting Authorities

Information Security Policies. Version 6.1

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Land Registry. Version /09/2009. Certificate Policy

Access Control Policy. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

An Introduction to Cryptography and Digital Signatures

BANK OF RUSSIA RECOMMENDATIONS ON STANDARDISATION MAINTENANCE OF INFORMATION SECURITY OF THE RUSSIAN BANKING SYSTEM ORGANISATIONS

Information Security Management System (ISMS) Policy

CERTIFICATION PRACTICE STATEMENT UPDATE

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

Advanced Topics in Cryptography and Network Security

Smart energy for business. Our approach to engaging microbusinesses in the smart meter roll-out

Gatekeeper PKI Framework. Archived. February Gatekeeper Public Key Infrastructure Framework. Gatekeeper PKI Framework.

PUBLIC. Response to consultation on EMR data flows

Corporate Credit Card Policy and Procedures

Schedule 13 - NHS Counter Fraud and Security

CSCI 4541/6541: NETWORK SECURITY

Insurer audit manual

Chap. 1: Introduction

X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities

ADELAIDE BRIGHTON LIMITED ACN

Department: Corporate Secretariat

ACADEMIC POLICY FRAMEWORK

Office of Inspector General

Certification Practice Statement

Transcription:

- file formats Consultation opens: 23 September 2015 Consultation closes: 7 October 2015 Version: v1.0 Date: 23 September 2015 Author: Classification: Jonathan Jennings, Andy Barraclough DCC Public

Document Control Revision History Revision Date Summary of Changes Changes Marked Version Number 1.0 Issued for consultation No 1.0 Reviewers Name Title / Responsibility Release Date Version Number Approvals Name Signature Title / Responsibility Release Date Version Number DCC Public Page 2 of 9 Further Consultation

Contents 1 Executive summary... 4 2 Background... 5 3 File formats and usage... 6 3.1 Organisation Compromise... 6 3.1.1 Organisation Compromise Notification File... 7 3.1.2 Organisation Compromise Recovery Progress Files... 7 3.2 Other Compromises... 7 3.2.1 Other Compromise Notification File... 7 3.2.2 Other Compromise Recovery Progress Files... 8 4 Consultation questions... 9 4.1 How to respond... 9 5 Referenced Documents... 9 DCC Public Page 3 of 9 Further Consultation

1 Executive summary DCC is conducting a short further consultation on the, focusing solely on file formats required to support the. The SMKI Recovery Procedure (previously published for consultation in July 2015) has been updated to specify the formats of files that are required to ensure that information required to support recovery is transferred between affected Subscribers and DCC, and between DCC and the SMKI PMA. This consultation paper briefly summarises the proposed file formats to support the SMKI Recovery Procedure, asks questions to which we would welcome responses and informs stakeholders of how to respond, and by when. Following this consultation, and taking respondents feedback into account, DCC will update the, which includes the file formats. The SMKI Recovery Procedure will become a draft SEC Subsidiary Document and will be submitted to the Secretary of State for approval as being fit for inclusion in the SEC. On its approval, this document will become a SEC Subsidiary Document, forming part of the legal framework for enabling the roll-out of smart meters. DCC Public Page 4 of 9

2 Background An integral part of the security arrangements is the Smart Metering Key Infrastructure (SMKI), which provides a secure and effective means of ensuring that messages to and from Smart Metering Equipment are properly authenticated, provide integrity and, where applicable, provide non-repudiation through the use of public key cryptography and certificates. The addresses recovery from a Compromise, or suspected Compromise in respect of any Relevant Private Key listed immediately below: a) Private Keys associated with Organisation Certificates stored on Devices; b) the Contingency Symmetric Key; c) the Contingency Private Key; d) the Private Key associated with an Issuing OCA Certificate; e) the Private Key associated with a Root OCA Certificate; and f) the Private Key associated with a Recovery Certificate. A Compromise in the context of the means (extract from SEC 4.2): in relation to any Secret Key Material, that that Secret Key Material (or any part of it), or any Cryptographic Module within which it is stored, is accessed by, or has become accessible to, a person not authorised to access it. The sets out procedures in respect of: a) notification of a Compromise or the suspected Compromise of a Relevant Private Key or Contingency Symmetric Key associated with an Organisation Certificate or OCA Certificate held on a Device; b) the activities that may be required to recover (i.e. replace) affected Certificates on Devices; c) decisions required, in certain circumstances, by the SMKI PMA as to whether or not the Recovery Private Key or the Contingency Private Key should be used to recover from a Compromise; d) post-recovery actions (including reporting to the SMKI PMA); e) nomination, verification and appointment of Key Custodians for certain DCC Private Keys, along with the procedure for ceasing to be a Key Custodian; and f) periodic testing of the. DCC s consultation on the draft in July 2015 sought input on the degree to which the procedures are appropriate and will be effective. DCC has updated the drafting in response to the comments received as part of the consultation. Further background on the can be found in the previous consultation paper, which can be found at https://www.smartdcc.co.uk/consultations/dccconsultations/smki-recovery-procedure/. At the time of the July 2015 consultation, the specifications of the files required to support the (i.e. transfers to/from DCC) were not available. The file formats have now been added to the drafting of the, with the following file format specifications being introduced as Appendices B to E of the SMKI Recovery Procedure. General obligations in respect of file formats are provided in Appendix A of the. DCC Public Page 5 of 9

File Organisation Compromise Notification File (Appendix B) Organisation Compromise Recovery Progress File (Appendix C) Other Compromise Notification File (Appendix D) Other Compromise Recovery Progress File (Appendix E) Purpose Notification of affected Certificates / Devices / anchor slots for Organisation Compromise (methods 1 to 3 in the ), where the affected Subscriber is not DCC Notification of progress (success or failure) of replacement of affected Certificates on Devices for Organisation Compromise (methods 1 to 3 in the SMKI Recovery Procedure), where the affected Subscriber is not DCC Notification of affected Certificates / Devices / anchor slots for non-organisation Compromise (all but methods 1 to 3 in the ) plus methods 1 and 3 where DCC is the affected Subscriber Notification of progress (success or failure) of replacement of affected Certificates on Devices for non-organisation Compromise (all but methods 1 to 3 in the ) plus methods 1 and 3 where DCC is the affected Subscriber 3 File formats and usage When a Compromise occurs, files are required to be provided: a) from affected Subscribers to DCC; b) from DCC to affected Subscribers; c) from DCC to Responsible Suppliers (where not the affected Subscriber); and d) from DCC to the SMKI PMA. There are four file formats: a) two support methods 1-3, the Organisation Compromise Notification File and the Organisation Compromise Recovery Progress File (see section 3.1 below); and b) two support the remaining procedures, the Other Compromise Notification File and the Other Compromise Recovery Progress File (see section 3.2 below). 3.1 Organisation Compromise In conjunction with the DSP, DCC has developed an Organisation Compromise Notification File and corresponding Organisation Compromise Recovery Progress File. The Organisation Compromise Notification File will be used, where the affected Subscriber is not the DCC, to support notification of affected Devices/Certificates (for methods 1 to 3) and replacement Certificates (for method 3). The Organisation Compromise Recovery Progress File is used to report on the replacement or failure of attempts to replace affected Certificates on Devices for methods 1 to 3 (where the affected Subscriber is not the DCC). DCC Public Page 6 of 9

3.1.1 Organisation Compromise Notification File DCC has provided a set of slides along with this consultation, which describe: a) the elements comprising the name of the Organisation Compromise Notification File (slide 3); b) the fields within each Organisation Compromise Notification File (slide 4); c) when the Organisation Compromise Notification File is used to exchange information with DCC (slides 15, 17-19); and d) which fields will be populated for each relevant procedure (slides 26, 28, 29). 3.1.2 Organisation Compromise Recovery Progress Files DCC has provided a set of slides along with this consultation, which describe: a) the elements comprising the name of the Organisation Compromise Recovery Progress File (slide 6); b) the fields within each Organisation Compromise Recovery Progress File (slide 7); c) when the Organisation Compromise Recovery Progress File is used to exchange information with DCC (slides 15, 17-19); and d) which fields will be populated for each relevant procedure (slides 26, 28, 29). Q1 Do you agree that the proposed structure of the Organisation Compromise Notification File and Organisation Compromise Recovery Progress File will support the efficient and effective recovery from an Organisation Compromise? If not, please provide a rationale for your answer. 3.2 Other Compromises In conjunction with the DSP, DCC has developed two files to support notification and progress reporting for other (i.e. not Organisation and not DCC) Compromises. The files to be used are the Other Compromise Notification File and corresponding Other Compromise Recovery Progress File. The Other Compromise Notification File will be used by DCC to support notification of affected Devices/Certificates and/or replacement Certificates, depending on the nature of the procedure. The Other Compromise Recovery Progress File is used (by a Subscriber or DCC) to report on the replacement or failure of attempts to replace affected Certificates on Devices, for procedures what do not relate to a single Organisation compromise. 3.2.1 Other Compromise Notification File DCC has provided a set of slides along with this consultation, which describe: a) the elements which make up the name of the Other Compromise Notification File (slide 9); b) the fields contained within each Other Compromise Notification File (slide 10); c) when the Other Compromise Notification File is used to exchange information with DCC (slides 16, 20-24); and d) which fields will be populated for each relevant procedure (slide 27, 30, 31). DCC Public Page 7 of 9

3.2.2 Other Compromise Recovery Progress Files DCC has provided a set of slides along with this consultation, which describe: a) the elements which make up the name of the Other Compromise Recovery Progress File (slide 12); b) the fields contained within each Organisation Compromise Recovery Progress File (slide 13); c) when the Other Compromise Recovery Progress File is used to exchange information with DCC (slides 16, 20-24); and d) which fields will be populated for each relevant procedure (slide 27, 30, 32). Q2 Do you agree that the proposed structure of the Other Compromise Notification File and Other Compromise Recovery Progress File will support the efficient and effective recovery from the procedures in the that do not relate to recovery from an Organisation Compromise (methods 1 to 3, where DCC is not the subject of the Compromise)? If not, please provide a rationale for your answer. Q3 Do you agree that the, amended following the July 2015 consultation and issued as part of this consultation, is fit for purpose and is suitable for inclusion in the SEC? If not, please provide a rationale for your answer. DCC Public Page 8 of 9

4 Consultation questions Q1. Do you agree that the proposed structure of the Organisation Compromise Notification File and Organisation Compromise Recovery Progress File will support the efficient and effective recovery from an Organisation Compromise? If not, please provide a rationale for your answer. Q2. Do you agree that the proposed structure of the Other Compromise Notification File and Other Compromise Recovery Progress File will support the efficient and effective recovery from the procedures in the SMKI Recovery procedure that do not relate to recovery from an Organisation Compromise (methods 1 to 3 where DCC is not the subject of the Compromise)? If not, please provide a rationale for your answer. Q3. Do you agree that the, amended following the July 2015 consultation and issued as part of this consultation, is fit for purpose and is suitable for inclusion in the SEC? If not, please provide a rationale for your answer. 4.1 How to respond Please provide responses by 7 October 2015 to DCC at contact@smartdcc.co.uk. If you have any questions about the consultation documents, please contact contact@smartdcc.co.uk. Consultation responses may be published on our website www.smartdcc.co.uk. Please state whether all, or any part, of your consultation response is confidential. Please note that responses in their entirety (including any text marked confidential) may be made available to the Department of Energy and Climate Change (DECC) and the Gas and Electricity Markets Authority (the Authority). If you have questions about our approach to consultations, please contact our Regulation Manager at richard.sullivan@smartdcc.co.uk. 5 Referenced Documents Document Title Issue Dated Smart Energy Code SEC 4.2 01/07/2015 (consultation document) version 16/09/2015 (consultation document) Initial consultation version 01/07/2015 Table 1 Referenced Documents DCC Public Page 9 of 9