Aurélio Blanquet (EDP Distribuição) elected as Chair EE-ISAC

Picture: former Interim Chair Johan Rambi (left) handing over chairman's gavel to Aurélio Blanquet (right).


Vienna, 3 December 2015The members of the European Energy - Information Sharing & Analysis Centre (EE-ISAC) welcome the election of mister Aurélio Blanquet (Director - Division of Automation and Telecommunications, EDP Distribuição) as chair and Johan Rambi (Alliander), Robert Redl (EVN Group), Volker Distelrath (Siemens AG) and Chris McIntosh (ViaSat UK) as Members of the Board.

EE-ISAC is the first European ISAC for the smart energy sector. ISACs are networks of trust in which both private and public parties share security information either on a Human-to-Human basis via Member Meetings, digitally via an Information Sharing Platform or on a Machine-to-Machine level via Situational Awareness Networks.

EE-ISAC is answering a need for international collaboration at European level in order to protect the energy sector from cyber-attacks. “If we want to tackle future issues more effectively, we have to start taking an open approach towards cyber security. The only way forward is to share experiences with security incidents, whether they are success stories or not. EE-ISAC offers a platform to share this sensitive information in a secure way” says mister Blanquet.

EE-ISAC Members
This non-profit, industry-driven network is a joint initiative of 4 major European utilities together with technical universities, security technology providers and governmental & non-profit organizations.

Alliander, EDP Distribuição, EVN, ​TU Delft, SecurityMatters, Siemens, ViaSat, ENCS​ and the NCSC-NL  are the founding members of EE-ISAC. Enel, ENISA, KU Leuven and Accenture are finalising their founding membership procedure. New members are Applied Risk, Webster University and T-Systems Austria GesmbH.

Cyber security information sharing on a European level
EE-ISAC enables top utility security experts to learn from their peer's experiences with security incidents, compare and evaluate security solutions (both from a technical and operational viewpoint) and discuss future challenges. Members benefit from an open dialogue with industry partners and suppliers. The trust-based environment in which members share information is legally defined by the Terms of Reference, to be signed by every individual member.

The strength and unique characteristics of EE-ISAC lie within the private/public composition of the partnership - bridging the gaps between the different disciplines, the lasting nature of the relationship between the participants – strengthening the already legally defined relationship of trust, and the low-profile, industry driven organisation of the network.

Requests for membership, interviews, logos and additional pictures can be sent to


Cyber security - Does the grid need a new approach? YES!

With the increased connectivity of the smart grid to the internet, taking cyber security measures is a must. However, we cannot pile up our security and degrade our performance. What do we need to start doing today, to prevent a future trade-off in security?
Cyber security as a business enabler
We need to embrace a new approach in which cyber security is not seen as a business blocker but as a business enabler. At least, that is what Emil Gurevitch (Project lead on Smart Grid Security, SEAS-NVE), Johan Rambi (Privacy & Security Advisor, Alliander and Interim Chair of EE-ISAC) and Alex Campbell (Director EMEIA Advisory Services - Information Security, EY) argue. Cyber security is an enabling factor and should function as a quality criterion for your grid, say these gentlemen. They discussed this new approach at EUW15 as part of the Engerati Energy Talks series.
Protection vs. detection and response
To prevent cyber security from being a show stopper, your strategy should be balanced between a protective, detective and responsive approach. Realistically, in the end utilities cannot only prevent attacks. Whether it's next week or in 3 years, the attacker will eventually will hack into your system. In that case, it is key to be able to detect in an early stage and respond with adequate incident management.
The privacy issue
Utilities need to apply a holistic approach to security and privacy. With the implementation of smart meters this now also includes data protection issues. In order to build a trust relationship with your customers, next to protecting data you now also need to be transparent about the way in which your are using this data.
There is no silver bullet
Cyber security is part of your grid. It is essential to have a fundamental understanding of your grid in order to be able to protect it. No two grids are the same and there is no 'silver bullet'. So do learn from your peers, but be aware of the unique characteristics of your own grid.
Want to hear more about the different aspects of this new approach? Check this video report of the conversation in which these 3 gentlemen discuss the new approach to cyber security.

Organised crime and EU solidarity – Enel Italy talks cybersecurity


What is the best approach to combating malicious threats? 
Metering & Smart Energy International spoke to Massimo Rocca, head of information security at Enel Italy, to better understand the European cybersecurity landscape and how the global energy utility is gearing up to combat threats to data and infrastructure.

When asked how real is the cyber threat for European utilities, Mr Rocca said it is “concrete”. The challenge for an energy company, however, is to identify the intended effects of a cyberattack, he said. “We have huge background noise in the identification of cyber threats. Enel's global IT security infrastructure identifies more than 100,000 events a day.

"For this reason it is very complex to understand if a security event is a common incident or a deception made to hide another type of threat that is focused on our assets or people.” 

Italy industrial “lab” for developing and testing solutions
Enel, a multinational electricity and gas operator present in 30 countries, isn't your average utility and is able to share experiences across its information security departments. The energy company has coordinated most of its global cyber security initiatives from Italy, which acts as an industrial “lab” for developing and testing solutions and policies that are rolled out in other countries.

Rocca said this is due to the way the utility has been targeted in Italy in the past five to 10 years, constituting a "remarkable scenario” in the European context. “We have faced many phases [regarding the sources of attacks] that we haven’t experienced in all the other countries and for this reason we started to work on ICS security more than five years ago, with a particular attention to Italy.”  

On the subject of who is carrying out the malicious attacks, Rocca said Enel Italy is being targeted from many different audiences. “Organized cyber crime has been targeting us. From our analysis, we are quite sure that it happened in the past and is impossible to exclude that this is still happening.”

Read the full article here.


The aftermath of Stuxnet: answers from the CRISALIS project

The discovery of highly sophisticated and targeted attacks such as Stuxnet and Duqu showed that these threats are a reality. Their success in infiltrating Critical Infrastructure environments is calling attention on the ineffectiveness of standard security mechanisms at detecting them.

Following the aftermath of these cyber-weapons, the CRISALIS project focused on devising new approaches and technology to protect Critical Infrastructure and their Industrial Control Systems from cyber attacks. EE-ISAC members Enel, Liander, Siemens and Security Matters participated in the project delevering innovative tools to monitor, detect and analyse strange behaviour in the ICS and AMI systems.

Reducing down the time required to perform forensics analysis after a (supposed) cyber incident to only hours
The project team will be presenting the outcomes of the project during the EE-ISAC Open House Member Meeting on 4 November at European Utility Week. Tools delivered and presented include passive fingerprinting techniques, intrusion detection solutions and fuzzer tools. Both the tools and lessons learned will be shared by the projectteam.  

Damiano Bolzoni (Security Matters) is more than satisfied with the results of the project. "The CRISALIS consortium not only achieved the original goal of making Europe's Critical Infrastructure more secure, but went beyond to improve the overall cyber resilience". The project's end-to-end approach resulted in the development of:

  • methodologies and technologies for testing critical software in a more comprehensive way so that issues can be fixed before deployment
  • technologies for detecting both intentional and unintentional (cyber) events that could affect business continuity, including cyber attacks, operational errors or misconfiguration
  • technology for reducing down the time required to perform forensics analysis after a (supposed) cyber incident to only hours

Join our free-to-attend Open House Member Meeting during European Utlity Week and hear about all the technical details!

Barack Obama calls for cyber security information sharing

During our Open House Member Meeting on 4 November 2015 at European Utility Week, Chris Blask (Chair ICS-ISAC, US and executive director of Webster University's Cyberspace Research Institute) will share his lessons learned in cyber security information sharing models in the US. 
US Government encourages the voluntary formation of organizations establishing mechanism to share cyber information
Within the US, the Department of Homeland Security (DHS) through DHS 13691 is looking to foster the creation of 200 ISAOs in the US over the next three years, as compared to the dozen or two ISACs that have been created to date. The president of the United States declares in DHS 13691:
"Organizations engaged in the sharing of information related to cybersecurity risks and incidents play an invaluable role ... The purpose of this order is to encourage the voluntary formation of such organizations, to establish mechanisms to continually improve the capabilities and functions of these organizations ...."
"... private companies, nonprofit organizations, executive departments and agencies (agencies), and other entities must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible."
The progress of information sharing to date
This is pertinent to the conversation and the talk in Vienna, according to Mr. Blask, because it indicates that the number of sharing organizations is multiplying dramatically. "The EE-ISAC is an example of this increase in sharing centers. This supports the idea that organizations should join the EE-ISAC and become part of this rapidly growing field."
Mr. Blask, being the chair of the ICS-ISAC for the Industrial Control System sector, will be sharing lessons learned in information sharing as a whole, including the ICS-ISAC but also the evolution of ISAOs in the US and similar sharing centers internationally. "We will be providing the audience an understanding of the progress of information sharing to date and a forecast for the future, including an steps they should consider for their own planning purposes."
Chris Blask is speaking during the EE-ISAC Open House Member Meeting on 4 November. This session is free-to-attend. Click here for more information and registration!