Threat Intelligence Management
EE-ISAC members believe that Threat Intelligence can play a very important role in both, preventive and reactive cyber security. Considering the additionally complexity arising from Industrial Control System (ICS) Attack Vectors, the energy sector, more than other sectors, seems to depend even more on good Threat Intelligence Management. This paper explicitly addresses the needs of small and medium enterprises (particularly, these are enterprises with a headcount of less than two thousand employees and cyber security departments with a headcount of one to five) in the energy sector, planning to use Threat Intelligence to improve detective and reactive cyber security controls in their organisation.
Alexander Harsch, Marcel Kulicke, Kostantinos Moulinos, Andreas Seiler, Christina Skouloudi, Antigone Zisi (2020)
Cyber Security Incident Response
EE-ISAC has gathered a synthesis of experience from their membership to offer some useful guidance, especially to assist smaller businesses to prepare and respond adequately to cyber incidents. In recent years several incidents have targeted critical infrastructures, including the energy sector. As devices used in Operational Technology (OT) facilities trust each other and their users, one compromised device can allow a compromise to the whole system. With an increasing likelihood of incidents, and both small and larger organisations being targeted, it is essential to prepare incident response capability in order to safeguard society’s dependency on energy. Regulations such as the Network and Information Security (NIS) Directive are now enforcing the requirement for an Incident Response capability. This document aims to offer some assistance in building that capability.
Paul Smith, Tania Wallis, Christina Skouloudi, Konstantinos Moulinos, Alexander Harsch, Marius Staggenbrog, Massimo Rocca, Daniel dos Santos, Jalal Bouhdada, Marcel Kulicke, Aleksander Wiśniewski, Alexander Novotny, Michael Knuchel, Dmytro Cherkashyn, Ivan Dragnev, Andreas Seiler (2020)
Developing Novel Solutions to Realise the EE-ISAC
For more effective decision making in preparation for and response to cyberevents in the energy sector, multilevel situation awareness, from technical to strategic is essential. With an uncertain picture of evolving threats, sharing of the latest cybersecurity knowledge among all sector stakeholders can inform and improve decisions and responses. This paper describes two novel solutions proposed during the formation of the EE-ISAC to build situation awareness and support information sharing. The development of EE-ISAC towards regular information sharing among members is described. This demonstrates the foundations achieved so far upon which a situation awareness network can be built for the energy sector.
Rafal Leszczyna, Tania Wallis, Michal R. Wrobel (2019)
Cyber Security Risk Management for Digitalized Energy Systems: Challenges & Solutions
The challenges and solutions of cyber security risk management for digitalised energy systems are presented and discussed in EE-ISAC’s white paper (2018). Developed by members who are lead researchers selected from academia and the sector’s solution providers, it gives an ultimate overview of standards and methodologies and that can be taken as the cutting edge for experts who are designing advanced threat identification and analysis in their companies. The tools and methods described here can offer a useful vision to work towards and contribute to more effective management of risks for the energy sector.
Massimo Rocca, Stefan Schauer, Paul Smith, Reinder Wolthuis (2018)
Malware Information Sharing
EE-ISAC uses the Malware Information Sharing Platform (MISP) for the detection analysis and subsequent phases of incident handling. MISP is focused on sharing information that is related to specific issues in quasi-real-time, enforcing the need for proactivity. MISP identifies particular threats artefacts and recognises malicious activities.
Threat Intelligence & Incident Analysis-Response
EE-ISAC aims to help utilities improve their resilience to cyber attacks by enabling information sharing and improving cybersecurity awareness across the energy sector. EE-ISAC gathers a synthesis of experience from their membership to offer some useful guidance, especially to assist smaller businesses to prepare and respond adequately to cyber incidents.
EE-ISAC aims at establishing a threat modeling standard to be disseminated among Members as the guidelines and best practices of threat intelligence and incident management. This will include the cooperation with other ISACs and expert communities in the definition of common practices, a taxonomy and general awareness raising.
To solidify as the unified voice for cybersecurity in the European energy industry, EE-ISAC tracks and engages in various activities with European institutions, including EU projects, open consultations, feedback to the NIS & CER Directives.
Collaborating Across Continents and In Quasi Real Time
Starting European Energy Information – Sharing Analysis Center
Meeting the Members and Going to Japan
Knowledge Sharing and European Parliament Panel
Celebrating 5 successful years of cooperation for a resilient European Power Grid