Sunday, July 22, 2012

ENISA Report: Ten Smart Grid Security Recommendations

Smart Grids need protection from cyber attacks

The EU Agency ENISA has launched a new report on how to make smart grids and their roll out a success, in particular by making sure that IT security aspects are properly taken into account from the beginning.

A smart grid is an upgraded electricity network with two-way digital communication between supplier and consumer. The adoption of smart grids will dramatically change the distribution and control of energy for solar panels, small wind turbines, electric vehicles, etc.

By making energy distribution more efficient, smart grids give clear benefits to users, electricity suppliers, grid operators, and society as a whole. At the same time, their dependency on computer networks and Internet makes our society more vulnerable to cyber-attacks, with potentially devastating results. 

Therefore, to prepare for a successful roll-out of smart grids, this study proposes 10 security recommendations for the public and private sector out of almost 100 findings.

Some key report recommendations include:

  • The European Commission (EC) and the competent authorities of the Member States (MS) need to provide a clear regulatory and policy framework on smart grid cyber security at the national and EU level, as this presently is missing.
  • The EC, in collaboration with ENISA, the MS, and the private sector, should develop a minimum set of security measures based on existing standards and guidelines.
  • Both the EC and the MS authorities should promote security certification schemes for the entire value chain of smart grids components, including organisational security.
  • The MS authorities should involve Computer Emergency Response Teams to play an advisory role in power grids’ cyber security.

Cyber security aspects of smart grids Smart grids give rise to new information security challenges for electricity networks. Information systems’ vulnerabilities may be exploited for financial or political motivation in cyber-attacks to shut off power plants.

This study makes 10 recommendations to the public and private sector involved in the definition and implementation of smart grids. These recommendations intend to provide useful and practical advice aimed at improving current initiatives, enhancing co-operation, raising awareness, developing new measures and good practices, and reducing barriers to information sharing.

The top 10 recommendations, aimed at various European Union and member-state organizations, are: 

  1. Improve the regulatory and policy framework on smart-grid cybersecurity at both the national and EU level.
  2. Create a public-private partnership to coordinate cybersecurity initiatives. 
  3. Promote initiatives to raise awareness of cybersecurity threats and conduct training.
  4. Foster knowledge-sharing initiatives.
  5. Develop minimum security measures based on existing standards and guidelines.
  6. Develop security certifications for components, products and organizational security.
  7. Create test beds and security assessments.
  8. Develop and refine joint strategies to counter large-scale cyberattacks on power grids.
  9. Involve computer security incident response teams in an advisory role.
  10. Promote academic and R&D research into smart-grid cybersecurity, including through existing research programs.

The full ENISA smart grid report can be downloaded here.

No comments: