German BSI TR-03109 assessment reaching final phase
Utimaco to become first supplier of certified HSMs for smart metering infrastructures
Aachen (Germany), 03. March 2016 – Utimaco sets the pace for the smart metering industry: As the first and only supplier in the German market, the leading manufacturer of hardware based security technology has reached an advanced phase in the assessment process for HSMs in smart metering infrastructures. The certificate obtained at the end of this process will prove that all requirements of BSI technical guideline TR-03109 for smart metering environments are met. Utility companies consequently can add this much needed security component to their IT architectures.
The German technical guideline 03109 specifies, which requirements IT components in smart metering environments need to fulfill regarding functionality, interoperability and security. Parts three and four of this guideline define „cryptographic specifications for the infrastructure of smart measurement systems“ as well as specifications related to Public Key Infrastructure (PKI) security. A PKI ensures the integrity, confidentiality and authenticity of data circulating around the Smart Metering Gateway (SMGW), the central communication unit of the smart grid architecture.
In this context, TR-03109 requires that specialized Hardware Security Modules are used to securely generate, store and use cryptographic keys. In addition, the guideline states that HSMs for smart metering have to be certified or evaluated according to referenced Common Criteria protection profiles. The high quality of a true random number generator as well as the physical security through active tamper resistance are major certification criteria. Utimaco is the first and only supplier to date who has reached an advanced phase in the certification assessment process. The SRC GmbH in Bonn is the designated recognized evaluation laboratory.
Malte Pollmann, CEO of Utimaco, explains: „With a progressive adoption of smart meters, a large amount of consumption data will be stored and transmitted online. The only way to ensure that no unauthorized individual can access this data – or worse, manipulate entire power grids – is an embedded HSM as root of trust. The certificate we aim for will give utility companies and their customers the certainty that our HSM devices fulfill the requested legal security requirements.”