Trilateral Memorandum of Understanding

We look forward to signing the Trilateral Memorandum of Understanding with US E-ISAC and JE-ISAC on Wednesday, October 17, 2018 at GridSecCon 2018 in Las Vegas (US), to promote international collaboration and information sharing through public–private partnership.

Energy Analytic Security Exchange and European Energy-Information Sharing & Analysis Centre Form Intelligence Sharing Partnership

October 3, 2018- Energy Analytic Security Exchange (EASE) and European Energy-Information Sharing & Analysis Centre (EE-ISAC) have partnered to exchange international threat intelligence that will serve to further protect the global utilities sector.

EASE and EE-ISAC will share cybersecurity and physical security information on threats against the utilities sector to support the resilience of their members’ electric grids from attacks by nation-state actors, criminals and “hacktivists.”

“While geographically separated, these two organizations both support an industry that is committed to providing reliable energy to its customers,” said Cindy Donaldson, president of Global Resilience Federation, the parent company of EASE. “Our goal is to enhance the security and resilience of that industry and EE-ISAC is on the frontlines of defense against threat actors. It is a natural partner for us given the detail and scope of information with which we want to arm our members, in support of the greater good for the sector.”

EASE, developed at the request of industry, collects and shares information from members, vendors, government and other partners. With rapid turnaround, EASE analysts provide added investigation and analysis to enrich intelligence alerts on topics spanning IT and ICS/SCADA vulnerabilities, malware attacks, terrorist activity and other threats to energy companies and the electric grid. With its partners, EASE has shared thousands of timely and actionable alerts this year, and through its automated sharing platforms has access to millions of Indicators of Compromise that are parsed into nearly 200,000 industry-specific threat indicators every month.

The EE-ISAC, founded after a European CIPS project, is the successful result of multidisciplinary cooperation reached in Europe by private operators, vendors, academy and government agencies, with the mission to achieve resilience through information sharing. The 20+ members are actively working on cybersecurity of the energy systems and critical infrastructures protection by support for the development of a community through a collaboration. Activities include sharing information on the evolution of the threat to energy infrastructures and sharing of best practices and innovative initiatives in the context of the protection of networks and industrial systems. Lastly, the EE-ISAC is developing an automatic sharing tool on the threats affecting the operators.

Working together, the two intelligence sharing bodies will broaden visibility into threats against the industry and further the security of their constituent member companies.

###

Energy Analytic Security Exchange (EASE) is a private sector non-profit organization that brings together energy companies to collect, analyze and share cyber and physical threat intelligence for mutual defense. EASE works with members to analyze and mitigate risks in ways that complement companies’ own efforts; from tracking systems vulnerabilities to providing in depth reporting, EASE works to enrich security product. At its most tactical, EASE analysts evaluate and disseminate signatures and indicators. At a strategic level, EASE provides reports to CSOs and CISOs while sharing cross-sector intelligence in a multi-industry defensive network of more than 7,000 organizations. Intelligence is also drawn from other ISACs and ISAOs, CERTs, government partners, and private vendors that monitor the Dark Web and geopolitical events, among other issue areas. Learn more on the EASE website, by visiting @EnergyASE on Twitter or Energy Analytic Security Exchange (EASE) on LinkedIn. Inquiries may be directed to Patrick McGlone at pmcglone@grfederation.org.

EE-ISAC is an industry-driven, information sharing network of trust. Both private utilities and solution providers and (semi)public institutions such as academia, governmental and non-profit organizations share valuable information on cyber security and cyber resilience. The EE-ISAC is the result of the European research project DENSEK, which was realized with the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme, European Commission - Directorate-General Home Affairs. For more information, please visit www.ee-isac.eu. For media inquiries, please contact pia@ianusgroup.com.

5th Cyber & SCADA Security Forum for Power and Utilities Industry 2018

Take actions in strengthening your cyber defence, manage risks & vulnerabilities and ensure cyber resilience in today’s energy infrastructure.

“From the moment, we wake up in the morning to the sound of our alarm clocks until we turn off the lights at night, our daily activities are supported by a reliable operation of critical infrastructures. Critical Infrastructure systems (CIs) facilitate our communication, transportation, trade and financial transactions and last but not least, most of our comfort and entertainment. On a higher level our daily lives depend heavily on CI networks (such as energy, telecom, transportation, etc) as the lifelines of our economies and in effect our safety, health and prosperity.”

Cyber security attacks have rapidly increased in the power and utilities industry recently. It cause very harmful and tangible damage to businesses, not only in terms of financial losses, cyber espionage, but also in terms of damage to reputation.

5th Cyber & SCADA Security Forum for Power and Utilities Industry 2018 will gather senior decision-makers & experts from leading Power & Utility companies to exchange knowledge, challenges and experiences in an exclusive business - friendly environment. It is a great opportunity to brainstorm on how to improve cyber security resilience, strengthen cyber defences but remain compliant and maintain IT & information security cost-efficiency.

Participants will gain valuable insight from their industry peers and stay up-to-date with latest cyber security practices, policies and rules to protect energy infrastructure from cyber threats during face-to-face and networking sessions.

This Prospero event will address not only the main topics about SCADA and Cyber Security implementations featuring high-level experts in Cyber Security but also new trends, latest attack, ICS, IoT, NIS Directive, unknown side of cyber-attacks, Security aspects in 2017 on SCADA, TSO and EV (electric vehicles) cyber security and other emerging cyber security aspects within the power and utilities companies.

Contact: David Schkade davids@prosperoevents.com

Website: 5th Cyber & SCADA Security for Power and Utilities Industry, 26 – 28 September 2018, Amsterdam

Intellisub

Intellisub Europe 2018

10-12 April 2018 in Dusseldorf, Germany.

The 5th annual IntelliSub Europe 2018 draws together 120+ utility substation asset management, engineering, operations & maintenance, and cyber-security professionals for 3 intensive days of digital substation implementation reviews.

Through a series of case-study presentations leading utilities reveal how they are making their investment decisions, technology choices, and implementation plans to drive the cost-effective deployment of next generation digital substations.

Days 1 & 2 focus on the investment drivers, new system architectures, and operations and maintenance approaches for new and refurbished substations in HV, MV and LV networks. Whilst the third day deep-dives into cyber-physical security considerations for next generation substations particularly in the context of IoT and cloud enabled systems, integrated with self-learning and self-healing capabilities.

On April 12th, EE-ISAC's member Security Matters will be leading a workshop on cybersecurity, joined by fellow EE-ISAC members Enel, AIT, Applied Risk, Accenture, and Brandenburg University.

For more information, please click here.

Cooperative models for ISACs

Cooperative models for ISACs

By ENISA

Information Sharing and Analysis Centres (ISACs) are non-profit organizations that provide a central resource for gathering information on cyber threats (in many cases to critical infrastructure) as well as allow two-way sharing of information between the private and the public sector. ISACs have created communities within the private sector. They could be oriented on a specific critical sector (e.g. finance, energy, health) or serve as a focal point on the national level to gather information about cyber incidents and analyse it.

Collaboration is a common objective of every European national cyber security strategy. Collaboration to enhance cyber security at all different levels i.e. information on threats sharing, awareness raising can be achieved in two formal structures: The Information Sharing and Analysis Centers (ISAC) and Public Private Partnerships (PPP). This year ENISA has conducted a study on Cooperative Models for Public Private Partnership (PPPs) and Information Sharing and Analysis Centers (ISACs), collating information on best practices and common approaches.

European ISACs are concentrated on building partnerships and trust between members. They are largely industrydriven, but governmental support is expected – not in terms of funding, but rather in facilitating functions (secretariat) and offering professional knowledge (fighting cybercrime, sharing information relevant for the industry). Participation of governmental bodies gives the ISAC an increased formality and also corroborates the public sector’s respect of industry needs and supports it in facing new challenges (e.g. NIS Directive and GDPR implementation).

For the full report, click here.

Pages