EASEE-gas publishes CBP 2017-002/01 on Secure Communication over the Internet

Security is important and the overall security of the gas data exchange must be on the right level as the weakest link can jeopardise all market participants”, said Dirk Serruys, Chairman of the EASEE-gas Technology Standard Working Group.
The objective of this CBP, prepared by the Technology Standard Working Group, is to set the minimum requirements for secure communications. It was approved by the ExCom on 29 June 2017.
In order to do this any protocol lower then TLS (Transport Layer Security) v1.2 must be disabled and systems must be configured so that no fall back to early TLS or SLL is possible. Recommendations will also be made for secure ciphers to ensure interoperability.
By adopting this Common Business Practice the EASEE-gas members will use the proposed standard for secure messaging. In general the use of TLS v1.2 should be considered for all communications, even though, the main focus of the CBP is the document exchange in business processes, which means machine-to-machine communication.
EASEE-gas recommends the implementation of this CBP before the end of 2017 or as soon as practical. In practice parties should check if their counterparties support TLS v1.2 with the selected cipher suites. As soon as all counterparties can connect using TLS v1.2 a participant can switch to TLS v1.2 only.
More information on the technology to be used is described in the CBP.