Open Search Partner with DCC

Enduring Change of Supplier (ECoS)

Enabling customers to change supplier more securely

What is ECoS?

Enduring Change of Supplier (ECoS), is a programme to enhance the security when you switch from one energy supplier to another. An essential component of this is the replacement of certificates on devices (primarily meters) which identify the responsible supplier.

smart meter

Transitional vs Enduring Arrangement

What's changing?

There are many different security keys protecting the system which underpins the smart meter network and devices. As part of the original Smart Network deployment a Transitional Change of Supplier (TCoS) process was implemented (the Transitional Arrangement). This was to be replaced with the Enduring Change of Supplier process (the Enduring Arrangement).

So what does this mean..

At a high level, this involves replacing one of the keys and hosting the Enduring Change of Supplier in a new location and with a new supplier. The ECoS Programme has been tasked with delivering this change.

smart home

The solution

The ECoS programme will make the required changes that include:

  • Building the ECoS functionality within a new software component
  • The provisioning of a new supplier where the new software component will be hosted
  • Putting in place the relevant support to manage the new Change of Supplier solution

Other key elements to the delivery are to change the keys on the devices that have already been rolled out to homes/businesses and to ensure new devices that are added to the smart network support the Enduring Change of Supplier solution.

People working

Got a question?

Frequently asked questions

What are we going to do when a device cannot be migrated to ECoS?

The number of devices where the migration fails and a device cannot be migrated to ECoS is expected to be small.

Prior to migration the communication history for devices will be analysed to identify those devices where there is no communication history. These devices will be excluded from the migration in order to ensure no confusion related to their migration status. Details of excluded devices will be shared with the relevant Energy Supplier for subsequent action.

Devices that are communicating will be included in the TCoS to ECoS migration. If the updates fail there will be a number of network retries and the response codes received will be analysed as part of the triage, remediation, analysis, comms checks. This analysis will drive and subsequent retries managed by the Migration Control Centre (MCC). If all retry attempts and comms checks fail the relevant Energy Supplier will be provided with details.

The subsequent options which will be dependant upon the underly reason will be either a device swap or a firmware upgrade. Where a firmware upgrade occurs the device will be resubmitted for migration. It is expected that this will resolve the vast majority of the underlying problems.

What happens to devices which cannot be migrated to ECoS when TCoS is turned off, i.e. the TCoS credential is still on the device?

Change of Supplier (CoS) requests that are sent to TCoS credentialled devices will not be able to be actioned and the CoS request will fail as the TCoS Smart Network component will not be in place. Only CoS will be affected as all other functionality will continue to operate as before.

The challenges that this presents are understood and as a result other options are being explored to see if it is possible to continue to support the TCoS credentials once the TCoS Smart Network Component has been turned off. It will take some time to understand whether this option is possible and what will be required to make it available. As this work progresses more information will be provided.

What is the expected failure rate after all attempts to migrate devices including corrective actions have completed?

The programme will be able to provide details of anticipated failure rates once testing of the ECoS Migration solution has started. This will give indicative numbers which will firm up as testing progresses.

Numerous testing activities will be undertaken prior to Migration in order to collate further information. This will include undertaking TCoS to TCoS tests which should identify any device types / variants where there could be problems that would contribute to the overall failure rates. The overall migration failure rate is expected to be small.

Information about failure rates will be shared when it becomes available.

The forecasts will continue to be updated based upon the failure rates from production once migrations have started.

What are we going to do to migrate devices where there are currently issues? For example an existing ACB (Access Control Broker) swap issue, a firmware issue or the device is not contactable?

A number of steps will be undertaken before migration start to ensure devices can be successfully migrated. These include:

  • Learning from other device updates is being used to shape the Migration approach. For example, some of the problems with ACB swaps have been tied back to the devices not having completed the ‘Post Commissioning Process’. Within the ECoS migration the submission of devices for TCoS to ECoS will be delayed on a device-by-device basis to allow this process to be completed. This will be achieved via a configurable parameter within the Device Candidate Selection Engine (DCSE).
  • Within the Migration each device type / variant will have its own migration plan and a handful of devices will be used to re-confirm that the TCoS to TCoS updates work. Once proven, the migration from TCoS to ECoS will begin in a stepped manner with additional numbers of devices being submitted / processed. Confirmation of subsequent successful CoS events will provide confirmation that larger numbers of devices can be migrated. Where devices fail to update the triage and analysis will begin.
When will TCoS be turned off?

The formal decision as to when to turn off the TCoS Network Component will be made by BEIS following migration. Industry views will be an important consideration in that decision-making process.

Can devices at the same location have a mix of TCoS and ECoS credentials and still work?

Yes - all devices, of all types, can be updated with an ECoS credential separately.

What are we going to do if a device’s behaviour changes after a TCoS to ECoS migration attempt?

The TCoS to ECoS migration is a credential update only and everything else remains unchanged. There should be no change in the behaviour of devices or Comms Hubs when the credential is updated.

If after a TCoS to ECoS credential update a problem occurs the triage and remediation processes will be used to recover the device to operational status.

How can Energy Suppliers influence when their devices are migrated? i.e. to avoid periods where Energy Suppliers have other items to focus on. For example major system upgrades, major events, etc.

DCC does not believe it is necessary for Energy Suppliers to influence when their devices and Comms Hubs will be migrated. The migration from TCoS to ECoS is a behind the scenes change which has been specifically designed to be non disruptive and invisible to Energy Suppliers. As such, CoS requests can be submitted as normal in line with existing business processes.

Will migration prevent Energy Suppliers from conducting business as normal?

No. The ECoS changes and migration have been specifically designed to be non disruptive and invisible to Energy Suppliers. As such, CoS requests can be submitted as normal in line with existing business processes.

What reports will be provided to track and understand progress?

A number of reports will be produced for Energy Suppliers which will cover:

  • The number of successful migrations
  • The number of migrations that have not completed, i.e. are waiting for network responses or are within the triage and remediation processing
  • The number of failed migrations after all triage and remediation processing is complete. This will include details of the devices and migration failure reason
What changes do Energy Suppliers need to put in place to be able to use the new ECoS credential installed on the device?

Energy Supplier systems do not need to be aware of the CoS credential being used on the device therefore.

What changes do Energy Suppliers need to be in place in order to support the ECoS migration?

Energy Suppliers will need to have applied the following changes before migration:

  • XML Signing
  • The inclusion of the correct MPIDs aligned to the gaining Energy Supplier’s signing certificate
  • Adjusted Anomaly Detection Thresholds (ADT)
  • The management of the device and Comms Hub supply chains so that after Go Live
    • ECoS credentialled devices and Comms Hubs are made available as soon as possible and,
    • TCoS credentialled devices and Comms Hub inventory is run down as soon as possible
What happens if DUIS changes are applied before ECoS is deployed?

DUIS changes can be applied independently of ECoS. If DUIS changes are to be applied, the ECoS related components would not be activated via the use of the normal ‘Feature Switch Control’.

Energy Suppliers do not need to use the DUIS version with ECoS Changes applied as earlier versions of DUIS will work as before. However, the benefit of the DUIS for ECoS is that some additional Alerts relating to SRV6.23 processing will be available too those that do.

What about SMETS1 devices?

SMETS1 devices do not hold CoS Party credentials on the device. The S1SP holds details of the credentials for SMETS1 devices to enable CoS. Whilst the devices are not affected as such there is processing required in DSP that will identify SMETS1 related CoS requests.

The details of SMETS1 devices will be registered with the new ECoS Party as part of ECoS Go Live. Once registered CoS requests will be managed by the ECoS Party without any further changes. SMETS1 devices are not part of the wider TCoS to ECoS migration as above they do not contain TCoS credentials.

What is going to happen to my existing TCoS supply chain inventory after ECoS Go Live?

After ECoS Go Live existing TCoS inventory will continue to be deployed. As part of the overall requirement to reduce TCoS credentialled devices, once this inventory is exhausted new ECoS credentialled devices will be deployed.

The length of all supply chains and inventory volumes for devices will form part of the decision making process for the switch off of the TCoS Network Component.

Get involved

Ask our team a question

Read our ECoS newsletter