Mutual Trust and Collaboration Will Combat Cybersecurity Threats on Europe’s Grid

Energy suppliers are sharing vital cybersecurity information with peers and stakeholder groups in order to strengthen their grids.
Published: Tue 27 Oct 2015

With the implementation of the smart grid, security of the European electricity grid has never been more important.  The interconnection of infrastructures to support smart technology means that the system as a whole is under greater threat today than ever before and according to Mr Robert Redl, Head of Information Technology at EVN, a multi-energy provider in Austria, the threats will only escalate.

While awareness around security threats is on the rise, no-one knows exactly how much of it is needed to keep the grid safe from cyber threats. Mr Redl recommends that utilities constantly work to strengthen the grid’s security as it will never be completely secure.  

Sharing security knowledge

However, this process can be very time consuming and expensive. Because every company has resource restrictions, it makes sense to share learnings.  

It is for this reason and because the company is committed to strengthening its security strategy, EVN joined the European Network for Cyber Security (ENCS) as a member earlier this year. EVN joined the association with the aim of establishing a new set of Smart Meter security requirements as well as paving the way for its future smart meter deployments. The membership commits the two organizations to share knowledge and expertise in the domain of cyber security for Smart Meter systems and critical infrastructures in Europe. The collaboration focuses on research, testing, knowledge sharing and training activities for the development of Smart Metering infrastructure and the Smart Grid.

EVN was searching for a partner on a pan European level that can combine the expertise in cyber security on a technical level as well as one that is actively conducting research into new techniques and cryptology that they can utilize to safeguard their networks.  “Security and safety of the energy supply is a focus point for EVN and by working together with other DSOs, we can build a more resilient network not only for EVN, but for everyone.”

EE-ISAC

The research and testing activities done by ENCS contribute to the knowledge level of EVN and the other participating DSOs. But it all starts with the willingness of companies to share. Information sharing definitely seems to be the answer when it comes to tackling cybersecurity in the energy industry.

Cyber threats are directed at the national and European grid, resulting in an urgent need for a collaborative approach at this level. Also, it’s the industry as a whole that needs to work together. The gaps between the different sectors need to be bridged.

And this is where EE-ISAC comes in. The European Energy - Information Sharing & Analysis Centre (EE-ISAC) promises to be an industry-driven answer to the need for a supply chain-wide sharing platform at an international level. It is an information sharing network of trust in which both private - utilities and solution providers - and (semi)public institutions - academia, governmental and non-profit organizations participate.

Whether it is at a Human-to-Human level via open dialogue in quarterly member meetings, or it will in the future be scaled up to Machine-to-Machine real-time data sharing level via Situational Awareness Networks, EE-ISAC forms a group of utility cyber security experts that chose peer review and openness above closing their corporate or sector gates. They feel safe to do so, because they are able to trust each other.

EE-ISAC aims to help the European utility industry to:

  • Establish long lasting relationships of trust with partners across the entire value chain

  • Share both real-time data & analysis within small scale trust-circles

  • Learn from their peer's experiences with grid security incidents and cyber breaches

  • Compare & evaluate security solutions, both from a technical and operational viewpoint

  • Benefit from an open dialogue with industry partners and suppliers

The legal status of EE-ISAC will be that of an Association under Belgium Law (ASBL). EE-ISAC received EC funding via the DENSEK Project. However, EE-ISAC aims at being self-sustaining and future costs will be covered by Membership Fees.

Mr Redl says that EVN supports the EE-ISAC launch as it is an important step forward in grid cybersecurity. However, he says that it is the beginning of the journey and that the roles of participating organizations should be clearly defined on European, national and organizational levels. “It must be made clear as to how these organizations will support the initiative and what the energy sector can expect.”  

Mr Redl believes that there is much to gain from participation, and that benefits should include a higher level of maturity, awareness and knowledge when it comes to cybersecurity. He expects that there should also be savings in terms of resources thereby enabling companies like EVN to carry out their jobs more efficiently and effectively.

A change in behaviour around cybersecurity

Bert Heerbaart of the DENSEK project said that the biggest challenge around cybersecurity is not technology but trust. He said, "We need to change our behaviour. We need to learn to trust and be willing to share vital information among peers and across stakeholder groups.”

Mr Redl agrees with this sentiment and says that the human side is just as important as the technical side when it comes to tackling cybersecurity. “The only way forward is to share learnings in a secure way in order to  tackle issues more effectively.”

EE-ISAC will be officially launched by the end of 2015. In the run-up to the launch, a free-to-attend Open House Member Meeting will take place, incl, information sharing by ICS-ISAC, Enel and the CRISALIS project team.