ENISA Outlines Security Regulations for EU Smart Grid Expansion

ID THREATPOST:CA41B8255644044043527DA620EB7F77
Type threatpost
Reporter Brian Donohue
Modified 2013-04-17T20:02:41


ENISAThe European Union has set a series of ambitious goals for itself: by 2020, the 27 member states expect to collectively use 20 percent renewable energy, reduce CO2 emissions by 20 percent, and increase energy efficiency by 20 percent. In order to accomplish these goals, Europe will need to perform a major overhaul to its power grid, which will play an integral role in the development of the Union’s proposed energy economy.

As the continent’s energy economy becomes more interconnected through the smart grid, it becomes increasingly important that that smart grid is secure from external attacks and internal mishaps, and that is precisely what the 84-page, “Appropriate security measures for smart grids: Guidelines to assess the sophistication of security measures implementation” was written to provide a framework for.

The European Network and Information Security Agency (ENISA) produced the report that focuses on making sure smart grid technology is integrated into EU energy systems as safely, securely, and reliably as possible. Essentially, ENISA’s concerns are to provide a regulatory framework to member states and smart grid stakeholders that establishes bottom-line standards for systems security and resilience, ensure that such frameworks are adhered to so that weak links don’t emerge, demand a level of harmonization and compatibility between various stakeholders and member states to keep costs down, create audit guidelines to measure these standards, and, eventually increase the level of transparency within Europe’s energy market.

According to the European Smart Grid Task Force, smart grids are “electricity networks that can efficiently integrate the behavior and actions of all users connected to it – generators, consumers and those that do both – in order to ensure an economically efficient, sustainable power system with low losses and high levels of quality and security of supply.”

ENISA’s report is exhaustive, but its proposed security measurements are more or less designed to improve the minimal level of security across the EU energy ecosystem. ENISA propositions target 10 separate domains that are further partitioned into three levels of sophistication. The domains are as follows: Security governance & risk management, Management of third parties, Secure lifecycle process for smart grid components/systems and operating procedures, Personnel security, awareness and training, Incident response & information knowledge sharing, Audit and accountability, Continuity of operations, Physical security, Information systems security, and Network security.

It’s a pretty much common knowledge among IT professionals that the state of security within U.S. critical infrastructure systems is laughable. So the EU’s intention to implement security into its smart grid as it is expands is praiseworthy. For our part though, the Federal Energy Regulatory Commission (FERC), America’s energy watchdog, announced the creation of a new office in September, the Office of Energy Infrastructure Security (OEIS), tasked with identifying, communicating and advising on risks to FERC facilities stemming from cyber attacks and physical attacks.