METI
Font Size Change
S
M
L
Easy Web Browsing tool

Agency for Natural Resources and Energy METI Formulates Cybersecurity Guidelines for Energy Resource Aggregation Business

The Ministry of Economy, Trade and Industry (METI) compiled cybersecurity measures that businesses participating in the energy resource aggregation business (hereinafter referred to as the “ERAB”) framework should take and formulated Cybersecurity Guidelines for Energy Resource Aggregation Business.

1. Outline of the guidelines

ERAB is a business framework in which consumers’ energy resources, e.g., storage batteries, solar energy, and the demand response program, are integrally controlled, are seemingly functioned as one power plant, and are traded in electricity markets or on a negotiation basis. Concerning this business framework, METI compiled measures that businesses participating in the ERAB framework should take into the guidelines.

2. Background to the formulation of the guidelines and details thereof

In August 2016, to discuss ideal approaches to cybersecurity in the ERAB framework, METI established a Cybersecurity Working Group of experts and businesses in the related fields under the ERAB Study Group.* Since then, the working group has been holding discussions concerning the preparation of draft guidelines.

The formulated guidelines include explanations concerning: security measures taken between devices; inspection and improvement of security measures across entire systems; announcement of information to consumers; and other issues.

*Note: Outline of the ERAB Study Group: The study group, established in January 2016, aims to develop the ERAB framework and, to this end, it will streamline the overall perspectives of challenges in a variety of areas, e.g., developing communication standards and systems, at the working-level through industry-academia-government collaboration.

Major cybersecurity measures that businesses should take

Introducing systems for authorization, encryption and other cybersecurity means
The guidelines require businesses to introduce systems for device authorization, communication encryption and other cybersecurity means to protect their devices.
Inspection and improvement through a plan-do-check-act (PDCA) cycle
The guidelines require businesses to inspect and improve security measures through a PDCA cycle.
Announcing information on measures for vulnerability
The guidelines require businesses to announce to consumers information on measures for vulnerability.

Release date

April 26, 2017

Division in Charge

Advanced Energy Systems and Structure Division, Energy Conservation and Renewable Energy Department, Agency for Natural Resources and Energy

Ministry of Economy, Trade and Industry1-3-1 Kasumigaseki, Chiyoda-ku, Tokyo 100-8901, Japan Tel: +81-(0)3-3501-1511
Copyright Ministry of Economy, Trade and Industry. All Rights Reserved.