ENISA Guidelines in the Energy Domain and its Synergy with the SPEAR Project
6/12/2020
The energy sector is one of the vital areas of any economy. It is not surprising that there is constant reform in this sector to ensure its sustainability and security, especially with the integration of information and communication technology (ICT) with legacy electricity infrastructure to make the power grid “smart”. While this integration brings many benefits in terms of efficiency, it also raises significant cybersecurity threats. It is in this regard that the work of the European Union Agency for Cybersecurity (ENISA) in the energy sector is relevant. Over the years, ENISA has issued several guidelines and recommendations on cybersecurity targeted at the energy sector, including among others:
- ENISA Smart Grid Security Recommendations
- Smart Grid Threat Landscape and Good Practice Guide
- Communication Network Interdependencies in Smart Grids
- Report on Cyber Security Information Sharing in the Energy Sector
- Power Sector Dependency on Time Service: Attacks against Time-sensitive Services.
For example, in its recent publication on power sector dependency on time service, ENISA describes specific threats against energy providers’ services that depend on the availability of precise timing and communication networks and offers some recommendations on how to secure such systems. Notably, time measurement technologies used in the power grid have become so essential due to their functions in monitoring grid operation and power balancing, as well as identification of unwanted events, among others. Attacks against time services can have an impact on the power infrastructure. They can affect the confidentiality, integrity, and availability (CIA) of time services in various ways, such as by causing synchronisation failures and monitoring errors between the Transmission/ Distribution operator and the power stations.
In light of the above, it is vital for there to be continuous advances and improvements in cybersecurity, and emergency incident management systems in the smart grid sector, and here current EU research projects are playing a key role. One such project is SPEAR (Secure and PrivatE smArt gRid) in which LUH is participating, through the Institute for Legal Informatics. In turn, this project proposes to develop effective solutions in detecting, responding and taking countermeasures against advanced cyber threats and attacks targeted to modern smart grids. SPEAR’s three-tier platform is designed to timeously detect threats and attacks in smart environment, provide a rigorous forensic framework and increase trust among smart grid operators by providing a secure communication channel for information sharing. In developing the project’s requirements, various ENISA documents were utilised in designing the privacy by design approach as well as other relevant requirements. In this regard, ENISA’s work in the area of cybersecurity offers a key strategy for the protection of the energy sector.
References
- https://www.enisa.europa.eu/publications/ENISA-smart-grid-security-recommendations
- https://www.enisa.europa.eu/publications/smart-grid-threat-landscape-and-good-practice-guide
- https://www.enisa.europa.eu/publications/communication-network-interdependencies-in-smart-grids
- https://www.enisa.europa.eu/publications/information-sharing-in-the-energy-sector
- https://www.enisa.europa.eu/publications/power-sector-dependency