EE-ISAC Practical Cybersecurity Solution for the Energy Sector

A recent survey of cybersecurity assessment methods proposed by the scientific community revealed that their practical adoption constitutes a great challenge. Further research that aimed at identifying the reasons for that situation demonstrated that several factors influence the applicability, including the documentation level of detail, the availability of supporting tools, and the continuity of support. This paper presents the European Energy Information Sharing and Analysis Centre (EE-ISAC)—a cybersecurity platform for the energy sector that has been adopted by multiple organisations. The platform facilitates sharing information about cybersecurity incidents, countermeasures, and assessment results. Prospectively, it is envisaged to be integrated with the threat intelligence platform that enables real-time situational awareness. By considering both fault and attack scenarios together, threat awareness can be mapped onto operational contexts to prioritise decisions and responses. This paper analyses EE-ISAC’s approach based on the conceptual applicability framework developed during the research, to improve the applicability and usefulness of this platform for energy sector participants and to identify areas that require further development.

Tania Wallis, Rafal Leszczyna (2022)  

Threat Intelligence Management

EE-ISAC members believe that Threat Intelligence can play a very important role in both, preventive and reactive cyber security. Considering the additionally complexity arising from Industrial Control System (ICS) Attack Vectors, the energy sector, more than other sectors, seems to depend even more on good Threat Intelligence Management. This paper explicitly addresses the needs of small and medium enterprises (particularly, these are enterprises with a headcount of less than two thousand employees and cyber security departments with a headcount of one to five) in the energy sector, planning to use Threat Intelligence to improve detective and reactive cyber security controls in their organisation.

Alexander Harsch, Marcel Kulicke, Kostantinos Moulinos, Andreas Seiler, Christina Skouloudi, Antigone Zisi (2020)  

Cyber Security Incident Response

EE-ISAC has gathered a synthesis of experience from their membership to offer some useful guidance, especially to assist smaller businesses to prepare and respond adequately to cyber incidents. In recent years several incidents have targeted critical infrastructures, including the energy sector. As devices used in Operational Technology (OT) facilities trust each other and their users, one compromised device can allow a compromise to the whole system. With an increasing likelihood of incidents, and both small and larger organisations being targeted, it is essential to prepare incident response capability in order to safeguard society’s dependency on energy. Regulations such as the Network and Information Security (NIS) Directive are now enforcing the requirement for an Incident Response capability. This document aims to offer some assistance in building that capability.

Paul Smith, Tania Wallis, Christina Skouloudi, Konstantinos Moulinos, Alexander Harsch, Marius Staggenbrog, Massimo Rocca, Daniel dos Santos, Jalal Bouhdada, Marcel Kulicke, Aleksander Wiśniewski, Alexander Novotny, Michael Knuchel, Dmytro Cherkashyn, Ivan Dragnev, Andreas Seiler (2020)

Developing Novel Solutions to Realise the EE-ISAC

For more effective decision making in preparation for and response to cyberevents in the energy sector, multilevel situation awareness, from technical to strategic is essential. With an uncertain picture of evolving threats, sharing of the latest cybersecurity knowledge among all sector stakeholders can inform and improve decisions and responses. This paper describes two novel solutions proposed during the formation of the EE-ISAC to build situation awareness and support information sharing. The development of EE-ISAC towards regular information sharing among members is described. This demonstrates the foundations achieved so far upon which a situation awareness network can be built for the energy sector.

Rafal Leszczyna, Tania Wallis, Michal R. Wrobel (2019)

Cyber Security Risk Management for Digitalized Energy Systems: Challenges & Solutions

The challenges and solutions of cyber security risk management for digitalised energy systems are presented and discussed in EE-ISAC’s white paper (2018). Developed by members who are lead researchers selected from academia and the sector’s solution providers, it gives an ultimate overview of standards and methodologies and that can be taken as the cutting edge for experts who are designing advanced threat identification and analysis in their companies. The tools and methods described here can offer a useful vision to work towards and contribute to more effective management of risks for the energy sector.

Massimo Rocca, Stefan Schauer, Paul Smith, Reinder Wolthuis (2018)

Task Forces

Malware Information Sharing

EE-ISAC uses the Malware Information Sharing Platform (MISP) for the detection analysis and subsequent phases of incident handling. MISP is focused on sharing information that is related to specific issues in quasi-real-time, enforcing the need for proactivity. MISP identifies particular threats artefacts and recognises malicious activities.

Threat Intelligence & Incident Analysis-Response

EE-ISAC aims to help utilities improve their resilience to cyber attacks by enabling information sharing and improving cybersecurity awareness across the energy sector. EE-ISAC gathers a synthesis of experience from their membership to offer some useful guidance, especially to assist smaller businesses to prepare and respond adequately to cyber incidents.

Threat Landscape

EE-ISAC aims at establishing a threat modeling standard to be disseminated among Members as the guidelines and best practices of threat intelligence and incident management. This will include the cooperation with other ISACs and expert communities in the definition of common practices, a taxonomy and general awareness raising.

EU Initiatives

To solidify as the unified voice for cybersecurity in the European energy industry, EE-ISAC tracks and engages in various activities with European institutions, including EU projects and public consultations on legislative initiatives.


Collaborating Across Continents and In Quasi Real Time

Starting European Energy Information – Sharing Analysis Center

Meeting the Members and Going to Japan

Knowledge Sharing and European Parliament Panel

Celebrating 5 successful years of cooperation for a resilient European Power Grid

Datatopia Podcast: Cyber Security

EU Commission supports EE-ISAC 2019
Smart Energy International 2018
Smart Energy International 2018
Global Smart Energy Elites 2016