Sorry, you need to enable JavaScript to visit this website.
NISTIR 7823 “Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework” April 28, 2015

This month, the National Institute of Standards and Technology (NIST) published the final form of a document that Electrosoft coauthored with NIST scientist Michaela Iorga, NIST Interagency Report (NISTIR) 7823, entitled “Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework.” NISTIR 7823 provides test methods for determining compliance with the voluntary industry standards on firmware upgradeability published by the National Electrical Manufacturers Association (NEMA). The NEMA standard provides functional and security requirements for smart meters, upgrade management systems to upgrade firmware in a secure manner.

The NEMA SG-AMI 1-2009 standard was published by NEMA on 2009-09-25. The purpose is to “[define] requirements for smart meter firmware upgradeability in the context of an advanced metering infrastructure system for industry stakeholders such as regulators, utilities and vendors.” It is packaged I. NEMAs Smart Meter Standards Package, a collection of ANSI and other specifications to “[provide] requirements and guidance on electricity metering, watthour meter sockets, device data tables, meter interfacing to data communication networks and type 2 optical ports.​”

NISTIR 7823 provides test methods for determining compliance with the voluntary industry standards on firmware upgradeability published by the National Electrical Manufacturers Association (NEMA). The NEMA standard provides functional and security requirements for smart meters, upgrade management systems to upgrade firmware in a secure manner. The standard was reasonably good in 2009, but we believe that it is in need of update and improvement, especially in light of updated guidance from NIST on protection of BIOS and other firmware systems.

We believe the original firmware upgradeability standard should be strengthened to be clear that the security boundaries in smart metering systems are the devices themselves. For instance, authentication is required by the standard, but does not make clear whether that entails the authentication of an operator to the Upgrade Management System, or authentication of the Upgrade Management System by the Smart Meter. Electrosoft will continue to be involved in this area of future development and hopes to contribute to the development of an ANSI or other standard to replace NEMA SG-AMI 2009.

Contributed by: Scott Shorter

Return to Electroblog
Top