OSGP Compliant Products Are Not Affected by the AMNESIA:33 TCP Vulnerability
15 Dec 2020

The OSGP Alliance continues to ensure that OSGP based products and solutions provide industry leading cyber security

 

Amsterdam, The Netherlands, 15 December 2020: The OSGP Alliance, a global non-profit association dedicated to promoting the adoption of the Open Smart Grid Protocol (OSGP) and infrastructure for smart grid applications towards a future proof modern smart grid, provides periodic updates to its members and the industry about potential cyber security issues. Accordingly, we have reviewed a recent industry issue with our members.

 

On the 8th of December 2020, Forescout1 disclosed 33 software security vulnerabilities affecting millions of embedded devices worldwide. This bundle of vulnerabilities is called AMNESIA:33. They were found in four open-source TCP/IP stacks, and four of the vulnerabilities are considered critical. These four TCP/IP stacks collectively serve as the foundational components of millions of connected devices worldwide, and these vulnerabilities can allow attackers to compromise devices, execute malicious code, perform denial-of-service attacks and steal sensitive information.

 

The OSGP Alliance and its members immediately conducted a review of its OSGP compliant products and solutions, and we confidently confirm that they are not affected by AMNESIA:33 vulnerabilities and the associated four specific implementations of the TCP/IP stack. OSGP based products do not use any of these stacks.

 

The OSGP Alliance and its members take all aspects of security very seriously. This includes all OSGP based solutions as well as OSGP compliant products. Cyber security is of growing concern in the utility sector, especially related to Smart Grid and Smart Metering Systems. The OSGP Alliance will continue to be vigilant in identifying any potential security vulnerabilities.

 

(1)  Source: https://www.forescout.com/research-labs/amnesia33/ 

 

About The Open Smart Grid Protocol

The Open Smart Grid Protocol (OSGP) is a family of specifications published by the European Telecommunications Standards Institute (ETSI) used in conjunction with the ISO/IEC 14908 control networking standard for smart grid applications. OSGP is optimized to provide reliable and efficient delivery of command and control information for smart meters, direct load control modules, solar panels, gateways, and other smart grid devices. With over 5 million OSGP based smart meters and smart grid devices deployed worldwide it is one of the most widely used smart meter and smart grid device networking standards. The OSGP set of public standards includes ETSI TS 104 001, CENELEC CLC/TS 50586, and IEC 62056-8-8.

 

About The OSGP Alliance
The OSGP Alliance, founded in 2006 as the Energy Services Network Association (ESNA), is an independent global, not-for-profit association that promotes the adoption of the Open Smart Grid Protocol (OSGP) and related services and infrastructure for smart grid applications. Members include utilities, software, hardware and service providers, and solution integrators that share a common goal and vision for promoting open standards for energy demand side management, smart grid and smart metering systems. More information about the OSGP Alliance can be found at www.osgp.org.

 

Contact:

Elly Kreijkes, Director

secretariat@osgp.org