December 27, 2019
The Ministry of Economy, Trade and Industry (METI) revised the Cybersecurity Guidelines for Energy Resource Aggregation Business, a compilation of cybersecurity measures that companies participating in the energy resource aggregation business (hereinafter referred to as the “ERAB”) framework should take.
1. Outline of the Cybersecurity Guidelines for Energy Resource Aggregation Business Ver. 2.0
ERAB* is a business framework in which consumers’ energy resources, e.g., small-scale power sources, storage battery systems and the demand response program, are utilized. Concerning this business framework, METI formulated the guidelines as measures that companies participating in the ERAB framework (“ERAB companies”) should take in April 2017 and revised them in November 2017.
2. Background to and details of the revision
In August 2016, METI established a Cybersecurity Working Group under the ERAB Study Group,** and, since then, the working group has been holding discussions on ideal approaches to cybersecurity in the ERAB framework. Forecasting the future expansion of related business in the field of electricity systems by ERAB companies, the working group revised the guidelines concerning ERAB. Key points of this revision are as follows:
Key points of the revision
Securing interoperability of cyber physical systems
The ERAB system aims not only to protect information but also to secure resilience to encourage electricity systems to continue to work physically, and to this end, the revised guidelines additionally require ERAB companies to formulate security measures for entire supply chains.
Response to occurrence of accidents
The revised guidelines require ERAB companies to simulate damage caused by accidents that may occur, to develop response measures to minimize such damages and to build a response system therefor.
Verifying feasibility to see if companies are able to implement recommended actions
The revised guidelines additionally require ERAB companies to verify their own implementation of mandatory actions through receiving third parties’ audits, educational programs and other measures.
Constructing a collaborative framework among ERAB companies
The revised guidelines additionally require ERAB companies to designate personnel responsible for security management, to construct a collaborative framework for sharing information among such personnel and to clearly determine the scope of responsibilities of such personnel.
*1. The term “ERAB” refers to a business framework in which businesses make use of virtual power plants (VPP) and the DR program, and provide a variety of services for: balancing power, avoidance of supply-demand imbalance, electricity-rate cut, avoidance of renewable energy curtailment and other measures to their customers, including electricity transmission/distribution businesses, electricity retailers/consumers, and renewable-energy utilities.
**2. Outline of the ERAB Study Group: The study group, established in January 2016, aims to develop the ERAB framework and, to this end, it will streamline the overall perspectives of challenges in a variety of areas, e.g., developing communication standards and systems, at the working-level through industry-academia-government collaboration.
Links to Related Information
- METI Formulates Cybersecurity Guidelines for Energy Resource Aggregation Business (April 26, 2017)
- Cybersecurity Guidelines for Energy Resource Aggregation Business Revised (November 29, 2017)
Division in Charge
Advanced Energy Systems and Structure Division, Energy Efficiency and Renewable Energy Department, Agency for Natural Resources and Energy