Organised crime and EU solidarity – Enel Italy talks cybersecurity


What is the best approach to combating malicious threats? 
Metering & Smart Energy International spoke to Massimo Rocca, head of information security at Enel Italy, to better understand the European cybersecurity landscape and how the global energy utility is gearing up to combat threats to data and infrastructure.

When asked how real is the cyber threat for European utilities, Mr Rocca said it is “concrete”. The challenge for an energy company, however, is to identify the intended effects of a cyberattack, he said. “We have huge background noise in the identification of cyber threats. Enel's global IT security infrastructure identifies more than 100,000 events a day.

"For this reason it is very complex to understand if a security event is a common incident or a deception made to hide another type of threat that is focused on our assets or people.” 

Italy industrial “lab” for developing and testing solutions
Enel, a multinational electricity and gas operator present in 30 countries, isn't your average utility and is able to share experiences across its information security departments. The energy company has coordinated most of its global cyber security initiatives from Italy, which acts as an industrial “lab” for developing and testing solutions and policies that are rolled out in other countries.

Rocca said this is due to the way the utility has been targeted in Italy in the past five to 10 years, constituting a "remarkable scenario” in the European context. “We have faced many phases [regarding the sources of attacks] that we haven’t experienced in all the other countries and for this reason we started to work on ICS security more than five years ago, with a particular attention to Italy.”  

On the subject of who is carrying out the malicious attacks, Rocca said Enel Italy is being targeted from many different audiences. “Organized cyber crime has been targeting us. From our analysis, we are quite sure that it happened in the past and is impossible to exclude that this is still happening.”

Read the full article here.


The aftermath of Stuxnet: answers from the CRISALIS project

The discovery of highly sophisticated and targeted attacks such as Stuxnet and Duqu showed that these threats are a reality. Their success in infiltrating Critical Infrastructure environments is calling attention on the ineffectiveness of standard security mechanisms at detecting them.

Following the aftermath of these cyber-weapons, the CRISALIS project focused on devising new approaches and technology to protect Critical Infrastructure and their Industrial Control Systems from cyber attacks. EE-ISAC members Enel, Liander, Siemens and Security Matters participated in the project delevering innovative tools to monitor, detect and analyse strange behaviour in the ICS and AMI systems.

Reducing down the time required to perform forensics analysis after a (supposed) cyber incident to only hours
The project team will be presenting the outcomes of the project during the EE-ISAC Open House Member Meeting on 4 November at European Utility Week. Tools delivered and presented include passive fingerprinting techniques, intrusion detection solutions and fuzzer tools. Both the tools and lessons learned will be shared by the projectteam.  

Damiano Bolzoni (Security Matters) is more than satisfied with the results of the project. "The CRISALIS consortium not only achieved the original goal of making Europe's Critical Infrastructure more secure, but went beyond to improve the overall cyber resilience". The project's end-to-end approach resulted in the development of:

  • methodologies and technologies for testing critical software in a more comprehensive way so that issues can be fixed before deployment
  • technologies for detecting both intentional and unintentional (cyber) events that could affect business continuity, including cyber attacks, operational errors or misconfiguration
  • technology for reducing down the time required to perform forensics analysis after a (supposed) cyber incident to only hours

Join our free-to-attend Open House Member Meeting during European Utlity Week and hear about all the technical details!

Barack Obama calls for cyber security information sharing

During our Open House Member Meeting on 4 November 2015 at European Utility Week, Chris Blask (Chair ICS-ISAC, US and executive director of Webster University's Cyberspace Research Institute) will share his lessons learned in cyber security information sharing models in the US. 
US Government encourages the voluntary formation of organizations establishing mechanism to share cyber information
Within the US, the Department of Homeland Security (DHS) through DHS 13691 is looking to foster the creation of 200 ISAOs in the US over the next three years, as compared to the dozen or two ISACs that have been created to date. The president of the United States declares in DHS 13691:
"Organizations engaged in the sharing of information related to cybersecurity risks and incidents play an invaluable role ... The purpose of this order is to encourage the voluntary formation of such organizations, to establish mechanisms to continually improve the capabilities and functions of these organizations ...."
"... private companies, nonprofit organizations, executive departments and agencies (agencies), and other entities must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible."
The progress of information sharing to date
This is pertinent to the conversation and the talk in Vienna, according to Mr. Blask, because it indicates that the number of sharing organizations is multiplying dramatically. "The EE-ISAC is an example of this increase in sharing centers. This supports the idea that organizations should join the EE-ISAC and become part of this rapidly growing field."
Mr. Blask, being the chair of the ICS-ISAC for the Industrial Control System sector, will be sharing lessons learned in information sharing as a whole, including the ICS-ISAC but also the evolution of ISAOs in the US and similar sharing centers internationally. "We will be providing the audience an understanding of the progress of information sharing to date and a forecast for the future, including an steps they should consider for their own planning purposes."
Chris Blask is speaking during the EE-ISAC Open House Member Meeting on 4 November. This session is free-to-attend. Click here for more information and registration!

Trust-based security information sharing in the US - Lessons learned


In the run-up to the launch of EE-ISAC in December, our future members are meeting today in the Hague to decide upon final details about the partnership. Furthermore, since information sharing is what we are about, we have invited several industry organizations and experienced ISAC chairs to share the lessons they learned on security information sharing.

Start your journey soon, as the adversaries have already begun their journey
For example, we were highly honoured with mister Tim Roxey visiting the meeting. Mister Roxey is Chief Operations Officier of the Electricity Sector-ISAC (ES-ISAC) and VP of North American Electric Reliability Corporation in the US. ES-ISAC serves as the primary security communications channel for the US electricity sector. It enhances the ability to prepare for and respond to cyber and physical threats, vulnerabilities and incidents. Mister Roxey shared many useful examples of the essential role of ES-ISAC played in preventing several security incidents in the past.

Because of our strict participation rules, much of the information shared won't leave the meeting room. However, his main advice kindly reminded us of the urgency of the matter - "start your journey soon, as the adversaries have already begun their journey". Mister Roxey looks forward to the ES-ISAC partnering with EE-ISAC to address global security threats. 

Interested to hear more?
The information shared during our meetings is only available to EE-ISAC members. 
If you think your company adds up to our geographical scope (European utilities), coverage of the smart energy supply chain or cyber security expertise, please contact us

Live Demonstration: your network's ability to auto-respond to a cyber intrusion.

EE-ISAC Stakeholder Viasat contributes field-tested security expertise, for example the knowledge and experiences they gained from their DOE funded research together with Duke Energy and Southern California Edison. Their US research on policy-based automated responses to cyber events has increased our European knowledge on ICS attacks.

Watch this video showing David Lawrence (Technology Development Manager at Duke Energy) and Steve Lusk (Program Manager at Viasat) giving a live demonstration of an ICS attack, highlighting the experiences with the Cyber-intrusion Auto-response and Policy Management System (CAPMS).