European Utilities Come Together On Cyber Security

With the impacts of a large-scale cyber incident amounting to potentially hundreds of billions of dollars, utilities need to be security ready.
Published: Tue 14 Jul 2015

Brought to you by:

With cyber security a key concern for smart grid and other critical energy infrastructure, it makes a good deal of sense for utilities to collaborate and share information and best practices.

Stedin joins ENCS

This is the goal of the non-profit European Network for Cyber Security (ENCS), which comprises a network of major utilities including Alliander, E.ON, EVN, Enexis and KPN. The latest to join up is the Dutch network system operator Stedin, one of the country’s largest.

“The security related threat is a global one. It is therefore self-evident that operators of vital critical infrastructure need to cooperate to be able to address this threat,” says Mark van den Brink, CIO, Stedin. “The ENCS initiative and its current members are an excellent example of how, by joining forces, we can lower the cost of innovation by working together.”

In joining ENCS, the two organizations will share their knowledge and expertise in the domain of cyber security for smart meter systems and critical infrastructures in Europe.

“We are very happy to welcome Stedin as a member of the ENCS community,” added Anjos Nijk, managing director at ENCS. “Together with our other members we are working together to raise the bar higher on cyber security for smart grid and smart meter deployments across Europe.”

Research and training for cyber preparedness

The collaboration focuses on research, testing, knowledge sharing and training.

Among ENCS’s current research activities is a project with Enexis and the electric vehicle (EV) charging infrastructure centre ElaadNL to investigate cyber security around EV smart charging.  [Engerati-Dutch EV Charging Infrastructure Gets Cyber Ready] The organization also has in place an agreement with the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) to collaborate on research and testing for smart grid and smart metering.

Training is also found to be an important component in advancing cyber preparedness. [Engerati-Business Simulations Help Alliander Get Cyber-Ready]

Cyber security impacts

In a recent interview with Engerati, Klaus Kursawe, head of ENCS’s R&D team, discussed cyber security developments in Europe. He suggested that there would probably be ‘demonstrator’ attacks but that a major large-scale cyber incident is unlikely. [Engerati-A Secure Smart Grid Is Still A Challenge (And Might Require Us Thinking Differently)]

Nevertheless it is the potential impacts that highlight the need for preparedness. In a recent study from the insurer Lloyd’s and the University of Cambridge Centre for Risk Studies, a malware attack in the northeastern United States is modelled, which plunges 15 states including New York City and Washington DC into darkness and leaves 93 million people without power.

In the scenario, the malware (named ‘Erebos’) infects electricity generation control rooms in parts of the northeastern United States. When triggered it finds 50 generators that it can control, and forces them to overload and burn out, in some cases causing additional fires and explosions. This temporarily destabilizes the regional grid and causes outages lasting from less than 24 hours up to a number of weeks.

The scenario is improbable but it is technologically possible and is assessed to be one against which insurers must be resilient, according to Lloyd’s. The total impact to the US economy? An estimated US$243 billion, rising in the worst case to more than US$1 trillion. Predicted are a rise in mortality rates as health and safety systems fail, a decline in trade as ports shut down, disruption to water supplies as electric pumps fail and chaos to transport networks as infrastructure collapses. Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain.

While these findings cannot be transferred directly to Europe, they nevertheless point to the possible consequences of a major cyber attack, especially with an increasingly interconnected European grid.

Further reading

Lloyd’s: Business Blackout. The insurance implications of a cyber attack on the US power grid