Live Demonstration: your network's ability to auto-respond to a cyber intrusion.

EE-ISAC Stakeholder Viasat contributes field-tested security expertise, for example the knowledge and experiences they gained from their DOE funded research together with Duke Energy and Southern California Edison. Their US research on policy-based automated responses to cyber events has increased our European knowledge on ICS attacks.

Watch this video showing David Lawrence (Technology Development Manager at Duke Energy) and Steve Lusk (Program Manager at Viasat) giving a live demonstration of an ICS attack, highlighting the experiences with the Cyber-intrusion Auto-response and Policy Management System (CAPMS).

The role of trust in improving the cyber resilience of the European energy grid

 

Johan Rambi is Corporate Privacy & Security Advisor for the Dutch network operator Alliander. In his role of (interim) chair of EE-ISAC, to be launched in December 2015, his task is to lay the foundations of this partnership - namely, trust and commitment. Cyber resilience risks force the energy sector to start sharing sensitive information, both across national borders and between the public and the private sector. This will only happen if you create a safe environment of trust, says Rambi.

  • Alliander is already participating in the Dutch Energy ISAC. Can you explain why, as a regional network operator, you were also pushing for an Energy ISAC at European level?

Cyber security does not stop at national borders. Focusing on Dutch cases only would be unrealistic since the increased interconnectedness to the internet creates a reality in which our national "grid" is no longer independent from the outside world.

We need to address cyber resilience risks at an international (EU) level. Other international ISAC’s (e.g. the European FS-ISAC or United States ES-ISAC) have already proven the importance and benefits of international information sharing. In the end, different international ISACs should work together to realise global information and experience sharing. However, scaling up from national to European level is a good and necessary start.
 

"Cyber resilience risks force the energy sector to start sharing sensitive information,
both across national borders and between the public and the private sector.
This will only happen if you create a safe environment of trust."

 

  • ISACs are based on trust; stakeholders are being asked to share (sometimes confidential) company information. What does an ISAC do to make utilities but also technology providers feel safe about sharing sensitive data?

The trust-based environment in which our members will share data, knowledge and experiences is legally defined by our Terms of Reference (ToR). Every individual member will commit itself to the ToR before participating. We will cooperate with each other under strict participation rules, including those regarding transparency and information sharing, and using the traffic light protocol (TLP) protocol in our meetings.

Topics such as vulnerabilities in ICS/SCADA systems or cyber security incidents in smart meters are classified as RED according to the TLP protocol. These topics will not be shared outside the meeting room.

  • But doesn't it take more than just the legal boundaries of a trust-based environment that makes people talk about what is worrying them?

Yes, definetely. It is easier to trust those you know. The role of EE-ISAC is to build a good relationship between its members. This will facilitate information and experience sharing in the already legally defined trust-based environment.

Also, EE-ISAC will monitor the mutual benefit of the information shared. This is a very important factor since it creates a situation in which the interests of the different stakeholders are equal. If this situation is out of balance, the willingness to share will diminish.

I think you can put it like this, EE-ISAC brings together top experts dealing with cyber security issues from different perspectives. It creates an environment in which they start talking to each other without legal or social hesitations. This results in a broader view upon the solution to these issues for each indivdual member. In the end we believe that this will strengthen the cyber resilience of energy sector as a whole.
 

"EE-ISAC creates an environment in which cyber security experts
start talking to each other without legal or social hesitations."

EE-ISAC will be officially launched during European Utility Week 2015, on 4 November at the Siemens booth in hall A.

Enel's view on data and information sharing within the setting up of EE-ISAC

Massimo Rocca is the Head of Information Security, Italy for Enel Group (Enel). The Italy-headquartered Group and three other leading European utilities will be the Founding Utility Members of EE-ISACAs EE-ISAC will be launched in December 2015, the actual data & experience sharing will officially start in a few weeks. However, the run-up period has already brought Enel a wealth of cyber security insights, as Massimo explains in the interview below.
 

"EE-ISAC's success in challenging cyber threats is strictly
related to access to updated and comprehensive information."

 

  • EE-ISAC is the main deliverable of the DENSEK Project. Enel was already involved in the DENSEK Project and now will be among the Founding Members of EE-ISAC. What made Enel decide to participate already at such an early stage?

Enel has been working heavily on ICS security and critical infrastructure protection at least since 2008. We realized from the very early days of the process that a standardization of organizational processes, technologies, architectures and interoperability is key to infrastructure resilience. Therefore, a single utility cannot afford to take up the cyber security challenge on its own, whatever its size.

As a result, Enel’s research and security teams launched several initiatives involving ICS and IT Security suppliers, acting as product testers at Enel’s Livorno lab, thus enhancing our expertise in the field as well as giving us the opportunity to strengthen our contacts with experts from other EU countries but also from outside the EU. These were the conditions that brought Enel to participate in the DENSEK project.
 

"No single utility can afford to take up the cyber security
challenge on its own, whatever its size."

 

  • Although officially launched during EUW15 in November, EE-ISAC stakeholders are already meeting regularly. Is Enel benefitting from the data and information shared via these meetings?

Our fellow experts participating in the meetings are all top specialists in their field, already involved in several international projects and task forces. So, yes, Enel Security Italy has already benefitted from several opportunities offered by the DENSEK and EE-ISAC activities. For instance, during the visit to an innovative project from one of our EE-ISAC partners we were allowed to collect some interesting inputs we shared with our colleagues at Enel’s headquarters in Rome.

Another time, I was requested by Enel to prepare an assessment of some features of our distribution networks and two fellow members from DENSEK, who are members of an international task force working on those kinds of assessments, provided me valuable information about those systems. Of course without breaching any confidentiality agreement, that goes without saying.

  • Utilities need to be willing to share trusted information with each other and the private partners of EE-ISAC. How is Enel dealing with this? 

EE-ISAC's success in challenging cyber threats is strictly related to access to updated and comprehensive information. I believe that the only option is to build a trusted community as cyber intelligence sources are still struggling in the industry sector. We are already cooperating with government authorities to protect public safety. It seems equally reasonable to cooperate with private partners for the benefit of our businesses, exactly as EE-ISAC proposes.

From the data disclosure point of view, once the Terms of Reference are shared between members, it will be possible to share incident’s information. At the same time, Enel Security is reviewing information classification and incident management policies and procedures, in order to create organizational and technical interfaces to the security information sharing processes.
 

"We are already cooperating with the public authorities in this respect.
It seems equally reasonable to cooperate with private partners for
the benefit of our businesses, exactly as EE-ISAC proposes."

 

Read more about EE-ISAC and it's current group of stakeholders

Security measure mapping

A map helps you navigate. Keeping this in mind, the European Network and Information Security Agency (ENISA) - EE-ISAC Stakeholder - produced a 92 page catalogue of 45 available security measures, grouped in 11 domains.

This report contains the security measures, and the mapping of the identified security measures to potential threats.  It helps grid providers find their way iwhen improving the level of the cyber security of their installations. 

The report was prepared in the context of European Commission (EG2 task force) ad hoc group on security measures of smart grids, including EDF, Enel, UK National Grid, Eon and Swissgrid. The report has been adopted by the Smart Grid Task Force.

Click here to download the report.

Is cryptography the answer to security threats?

ee-isac, cyber security, stakeholder, cryptography

This paper on Circuit Challenges from Cryptography by the researchers of KU Leuven (EE-ISAC Stakeholder) demonstrates with actual data how conflicting challenges around implementing cryptography can be addressed.

Implementing cryptography and security into integrated circuits such as an energy grid is somehow similar to applications in other fields. One needs to worry about comparable optimization goals: area, power, energy, throughput and/or latency.
 
Moore’s law helps to attain these goals. However, it also gives the attackers more computational power to break cryptographic algorithms. On top of this, quantum computers may soon become reality, so that novel, very computationally demanding “post-quantum” cryptographic algorithms need implementation. Finally, there is a third dimension to the problem: implementations have to be resistant against physical attacks and countermeasures increase the cost. 
 
 The paper was keynote at the International Solid-State Circuits Conference of IEEE earlier this year.

Pages