Threat Intelligence Management

EE-ISAC members believe that Threat Intelligence can play a very important role in both, preventive and reactive cyber security. Considering the additionally complexity arising from Industrial Control System (ICS) Attack Vectors, the energy sector, more than other sectors, seems to depend even more on good Threat Intelligence Management. This paper explicitly addresses the needs of small and medium enterprises (particularly, these are enterprises with a headcount of less than two thousand employees and cyber security departments with a headcount of one to five) in the energy sector, planning to use Threat Intelligence to improve detective and reactive cyber security controls in their organisation.

Alexander Harsch, Kostantinos Moulinos, Andreas Seiler, Christina Skouloudi (2020)  

Cyber Security Incident Response

EE-ISAC has gathered a synthesis of experience from their membership to offer some useful guidance, especially to assist smaller businesses to prepare and respond adequately to cyber incidents. In recent years several incidents have targeted critical infrastructures, including the energy sector. As devices used in Operational Technology (OT) facilities trust each other and their users, one compromised device can allow a compromise to the whole system. With an increasing likelihood of incidents, and both small and larger organisations being targeted, it is essential to prepare incident response capability in order to safeguard society’s dependency on energy. Regulations such as the Network and Information Security (NIS) Directive are now enforcing the requirement for an Incident Response capability. This document aims to offer some assistance in building that capability.

Paul Smith, Tania Wallis, Christina Skouloudi, Konstantinos Moulinos, Daniel dos Santos, Jalal Bouhdada, Marcel Kulicke, Alexander Harsch, Marius Staggenborg, Aleksander Wiśniewski, Alexander Novotny, Michael Knuchel, Dmytro Cherkashyn, Andreas Seiler, Ivan Dragnev (2020)

Developing Novel Solutions to Realise the EE-ISAC

For more effective decision making in preparation for and response to cyberevents in the energy sector, multilevel situation awareness, from technical to strategic is essential. With an uncertain picture of evolving threats, sharing of the latest cybersecurity knowledge among all sector stakeholders can inform and improve decisions and responses. This paper describes two novel solutions proposed during the formation of the EE-ISAC to build situation awareness and support information sharing. The development of EE-ISAC towards regular information sharing among members is described. This demonstrates the foundations achieved so far upon which a situation awareness network can be built for the energy sector.

Rafal Leszczyna, Tania Wallis, Michal R. Wrobel (2019)

Cyber Security Risk Management for Digitalized Energy Systems: Challenges & Solutions

The challenges and solutions of cyber security risk management for digitalised energy systems are presented and discussed in EE-ISAC’s white paper (2018). Developed by members who are lead researchers selected from academia and the sector’s solution providers, it gives an ultimate overview of standards and methodologies and that can be taken as the cutting edge for experts who are designing advanced threat identification and analysis in their companies. The tools and methods described here can offer a useful vision to work towards and contribute to more effective management of risks for the energy sector.

Massimo Rocca, Stefan Schauer, Paul Smith, Reinder Wolthuis (2018)

Task Forces

MISP & Threat Intelligence

EE-ISAC uses the Malware Information Sharing Platform (MISP) for the detection analysis and subsequent phases of incident handling. MISP is focused on sharing information that is related to specific issues in quasi-real-time, enforcing the need for proactivity. MISP identifies particular threats artefacts and recognises malicious activities.

Incident Analysis & Response

EE-ISAC aims to help utilities improve their resilience to cyber attacks by enabling information sharing and improving cybersecurity awareness across the energy sector. EE-ISAC gathers a synthesis of experience from their membership to offer some useful guidance, especially to assist smaller businesses to prepare and respond adequately to cyber incidents.

Media

Collaborating Across Continents and In Quasi Real Time

Starting European Energy Information – Sharing Analysis Center

Meeting the Members and Going to Japan

Knowledge Sharing and European Parliament Panel

EU Commission supports EE-ISAC 2019
Smart Energy International 2018
Smart Energy International 2018
Global Smart Energy Elites 2016