EE-ISAC at OECD Going Digital

The EE-ISAC was invited by OECD to partake to the Workshops on Digital Security and Resilience in Critical Infrastructure and Essential Services in Paris on February 15th and 16th.

On behalf of EE-ISAC, Johan Rambi (Board Member) joined the panel of Digital Security Risks to Government and Public Services to disseminate best practices on international collaboration and public-private partnerships (PPP). Specifically, EE-ISAC was able to contribute to governments under threat by showcasing best practices of how private companies are able to contribute to the discussion of cybersecurity. In addition, cross-national collaborations can help individual governments prepare and, even in some cases, prevent for cyber attacks on energy.

On the panel focusing on cybersecurity across various sectors, Mr Rambi was joined by Steve Casapulla (Acting Branch Chief for International Affairs, Office for Cybersecurity and Communications, Department of Homeland Security (US)) and Chaetae Im (Senior Researcher at Korea Internet & Security Agency, Korea Internet Security Centre). The panel was introduced by Jack Radisch (Senior Project Manager, OECD High Level Risk Forum) and was moderated by Stephen Davies (Strategic Technology Partners, Fireye). 

About the OECD: The Organisation for Economic Co-operation and Development (OECD) provides a forum in which governments can work together to share experiences and seek solutions to common problems. The OECD works with governments to understand what drives economic, social and environmental change. More about OECD Going Digital.


Introduction to the concept of Hybrid Threats


Georgios Giannopoulos (Scientific Officer, European Commission, DG Joint Research Centre) will be speaking at the EE-ISAC Expert Seminar on 7 September. He will provide us with an introduction to the concept of Hybrid Threats.

Hybrid Threats

Hybrid Threats can be defined as a mixture of coercive and subversive activities, conventional and unconventional methods (i.e. diplomatic, military, economic, technological), which can be used in a coordinated manner by state or non-state actors to achieve specific objectives while remaining below the threshold of formally declared warfare. Hybrid Threats also are a hot issue within the EU and critical infrastructures (including energy) have a central role in this field.

Framework for Industrial and Automation Control Systems

Furthermore, the work that the DG Joint Research Centre (JRC) is conducting towards a certification framework for Industrial and Automation Control Systems will be presented. This work is part of the support that the JRC provides to Directorate‑General for Communications Networks, Content and Technology (DG CONNECT) and it is particularly relevant to the recently adopted NIS Directive. Finally, an update on the Incident and Threat Information Sharing EU Centre (ITIS-EUC) will be provided.


The EE-ISAC Expert Meeting is organized in collaboration with the Thematic Network on Critical Energy Infrastructure Protection (TNCEIP). TNCEIP is an initiative by DG ENER and supported by DG JRC. The aim of this network is to connect electricity, oil and gas operators and also transmission & distribution companies to

EE-ISAC and TNCEIP are welcoming European utilities to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape. Click here for more information about the seminar.


Accomplishing a mature cyber security culture: how to empower employees as your First Line of Defense?


Like any other grid operator, EDP Distribuição has the responsibility to protect its critical energy infrastructure. What can we learn from their strong focus cultural change?

EDP strongly believes that it can only be successful if it fosters and elevates both cyber security and data protection from a merely technical challenge to an overall organization objective, achieved through a deep cultural change and a general understanding of what is at stake.


Top-down commitment & common values

To accomplish such a mature cyber security culture, EDP aims to ensure a top down commitment and establish common values and behaviors by continuously improving security awareness and training.

Therefore, EDP has established a Cyber Security cultural shifting program assuring that its employees are the first line of defense against cyber threats. The program encompasses different training and/or awareness initiatives considering the specificities of the various target audiences.


Presentation at EE-ISAC Expert Meeting (7 September, Athens)

Aurélio Blanquet (Director of Automation and Telecommunications) & Nuno Medeiros (Head of OT Cyber Security) will be sharing their vision and explain how EDP:

  • is empowering its employees as the First Line of Defense
  • using their Training and Awareness Program on Cyber Security of Critical Information Infrastructure (CII)
  • enhancing its cyber resilience with the Cyber Range Platform

On behalf of all EE-ISAC Members, EDP Distribuição is welcoming European utilities to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape. Click here for more information about the seminar, including the session in collaboration with TNCEIP and the afternoon session with a country focus on Greece.


Please note: registration is open to utilities only. 



The missing link in protecting critical facilities


How does one tell if unusual traffic on the network originated from a malicious insider, a malware or some rogue device attached to the network?

And can you tell whether a legitimate maintenance personnel entering and exiting a facility only performed the task he was supposed to do and not something “extra” because he has been bribed, threatened or simply made a mistake?

Kayato Sekiya, Principal Researcher at NEC, argues that answering the above types of questions is difficult since two critical properties are missing from most security systems:

  1. Integration of cyber security and physical security
    Conventionally, IT cyber security, control system cyber security and physical security has been monitored by separate departments using independent systems which has resulted in lack of situational awareness and of strict policy enforcement.
  2. Segregation in monitoring of automated processes and human-intervened tasks
    Automated processes and human-intervened tasks intrinsically have very distinct security requirements. Automated processes even if suspicious should never be blocked. However, each human-intervened task should be authorized before execution and any suspicious activities in general should be escalated to higher authority and blocked until explicit security clearance.


The approach of Automated Processes Monitoring & Human-Intervened Task Monitoring

At the EE-ISAC Expert Seminar in Athens, Mr Sekiya will be discussing the above and explaining how to deal with these challenges following the approach of

  • Automated Processes Monitoring: Automated learning of “benign process” model and detection of “malicious processes” through network / application anomaly detection.
  • Human-Intervened Task Monitoring: Continuous monitoring, recording and restriction of workers’ behaviors across physical and cyber space based on identity and authorization.

For human-intervened task monitoring, a case study will be discussed in which security administrators were able to view and control a worker’s activities across physical and cyber. Workers were then enforced follow a specific sequence of activities that is defined by the work order.


EE-ISAC Expert Seminar on 7 September (Athens)

Mr Sekiya is presenting during the EE-ISAC Expert Meeting. On behalf of all EE-ISAC Members, ENISA is welcoming European utilities in Athens to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape.

Click here for more information about the seminar, including the full-day, free-to-attend programme.


Please note: registration is open to utilities only. 

Seminar: Trusted cyber security information sharing within the European energy landscape


As EE-ISAC's main purpose is to improve the cyber resilience of the European energy grid, we will be organizing a free-to-attend seminar on the 7th of September focusing on trusted cyber security information sharing within the European energy landscape.


Full-day cyber security programme

In collaboration with the TNCEIP, EE-ISAC will welcome cyber security experts from European DSOs and TSOs to promote, help organize and foremost, execute actual cyber security information sharing.

EE-ISAC member ENISA, the European Union Agency for Network and Information Security, will be hosting the seminar in Athens, Greece. ENISA is working on a soon to be published, full-day programme including:

  • Morning session with a special focus on the connection between TSOs and DSOs, including presentations from both the TNCEIP (Thematic Network on Critical Energy Infrastructure Protection, allowing operators to exchange information on threat assessment, risk management, cyber security, and other related topics) and EE-ISAC
  • Two afternoon sessions, one of them titled ‘The European threat landscape’ and the second having a special country focus on Greece
  • Networking event

Registration for the seminar will be open for utilities only. For more information, please contact

On behalf of all EE-ISAC members, we look forward to welcome you in Athens on the 7th of September!


Please note: registration is open to utilities only.