Cyber security - Does the grid need a new approach? YES!

With the increased connectivity of the smart grid to the internet, taking cyber security measures is a must. However, we cannot pile up our security and degrade our performance. What do we need to start doing today, to prevent a future trade-off in security?
Cyber security as a business enabler
We need to embrace a new approach in which cyber security is not seen as a business blocker but as a business enabler. At least, that is what Emil Gurevitch (Project lead on Smart Grid Security, SEAS-NVE), Johan Rambi (Privacy & Security Advisor, Alliander and Interim Chair of EE-ISAC) and Alex Campbell (Director EMEIA Advisory Services - Information Security, EY) argue. Cyber security is an enabling factor and should function as a quality criterion for your grid, say these gentlemen. They discussed this new approach at EUW15 as part of the Engerati Energy Talks series.
Protection vs. detection and response
To prevent cyber security from being a show stopper, your strategy should be balanced between a protective, detective and responsive approach. Realistically, in the end utilities cannot only prevent attacks. Whether it's next week or in 3 years, the attacker will eventually will hack into your system. In that case, it is key to be able to detect in an early stage and respond with adequate incident management.
The privacy issue
Utilities need to apply a holistic approach to security and privacy. With the implementation of smart meters this now also includes data protection issues. In order to build a trust relationship with your customers, next to protecting data you now also need to be transparent about the way in which your are using this data.
There is no silver bullet
Cyber security is part of your grid. It is essential to have a fundamental understanding of your grid in order to be able to protect it. No two grids are the same and there is no 'silver bullet'. So do learn from your peers, but be aware of the unique characteristics of your own grid.
Want to hear more about the different aspects of this new approach? Check this video report of the conversation in which these 3 gentlemen discuss the new approach to cyber security.

Organised crime and EU solidarity – Enel Italy talks cybersecurity


What is the best approach to combating malicious threats? 
Metering & Smart Energy International spoke to Massimo Rocca, head of information security at Enel Italy, to better understand the European cybersecurity landscape and how the global energy utility is gearing up to combat threats to data and infrastructure.

When asked how real is the cyber threat for European utilities, Mr Rocca said it is “concrete”. The challenge for an energy company, however, is to identify the intended effects of a cyberattack, he said. “We have huge background noise in the identification of cyber threats. Enel's global IT security infrastructure identifies more than 100,000 events a day.

"For this reason it is very complex to understand if a security event is a common incident or a deception made to hide another type of threat that is focused on our assets or people.” 

Italy industrial “lab” for developing and testing solutions
Enel, a multinational electricity and gas operator present in 30 countries, isn't your average utility and is able to share experiences across its information security departments. The energy company has coordinated most of its global cyber security initiatives from Italy, which acts as an industrial “lab” for developing and testing solutions and policies that are rolled out in other countries.

Rocca said this is due to the way the utility has been targeted in Italy in the past five to 10 years, constituting a "remarkable scenario” in the European context. “We have faced many phases [regarding the sources of attacks] that we haven’t experienced in all the other countries and for this reason we started to work on ICS security more than five years ago, with a particular attention to Italy.”  

On the subject of who is carrying out the malicious attacks, Rocca said Enel Italy is being targeted from many different audiences. “Organized cyber crime has been targeting us. From our analysis, we are quite sure that it happened in the past and is impossible to exclude that this is still happening.”

Read the full article here.


The aftermath of Stuxnet: answers from the CRISALIS project

The discovery of highly sophisticated and targeted attacks such as Stuxnet and Duqu showed that these threats are a reality. Their success in infiltrating Critical Infrastructure environments is calling attention on the ineffectiveness of standard security mechanisms at detecting them.

Following the aftermath of these cyber-weapons, the CRISALIS project focused on devising new approaches and technology to protect Critical Infrastructure and their Industrial Control Systems from cyber attacks. EE-ISAC members Enel, Liander, Siemens and Security Matters participated in the project delevering innovative tools to monitor, detect and analyse strange behaviour in the ICS and AMI systems.

Reducing down the time required to perform forensics analysis after a (supposed) cyber incident to only hours
The project team will be presenting the outcomes of the project during the EE-ISAC Open House Member Meeting on 4 November at European Utility Week. Tools delivered and presented include passive fingerprinting techniques, intrusion detection solutions and fuzzer tools. Both the tools and lessons learned will be shared by the projectteam.  

Damiano Bolzoni (Security Matters) is more than satisfied with the results of the project. "The CRISALIS consortium not only achieved the original goal of making Europe's Critical Infrastructure more secure, but went beyond to improve the overall cyber resilience". The project's end-to-end approach resulted in the development of:

  • methodologies and technologies for testing critical software in a more comprehensive way so that issues can be fixed before deployment
  • technologies for detecting both intentional and unintentional (cyber) events that could affect business continuity, including cyber attacks, operational errors or misconfiguration
  • technology for reducing down the time required to perform forensics analysis after a (supposed) cyber incident to only hours

Join our free-to-attend Open House Member Meeting during European Utlity Week and hear about all the technical details!

Barack Obama calls for cyber security information sharing

During our Open House Member Meeting on 4 November 2015 at European Utility Week, Chris Blask (Chair ICS-ISAC, US and executive director of Webster University's Cyberspace Research Institute) will share his lessons learned in cyber security information sharing models in the US. 
US Government encourages the voluntary formation of organizations establishing mechanism to share cyber information
Within the US, the Department of Homeland Security (DHS) through DHS 13691 is looking to foster the creation of 200 ISAOs in the US over the next three years, as compared to the dozen or two ISACs that have been created to date. The president of the United States declares in DHS 13691:
"Organizations engaged in the sharing of information related to cybersecurity risks and incidents play an invaluable role ... The purpose of this order is to encourage the voluntary formation of such organizations, to establish mechanisms to continually improve the capabilities and functions of these organizations ...."
"... private companies, nonprofit organizations, executive departments and agencies (agencies), and other entities must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible."
The progress of information sharing to date
This is pertinent to the conversation and the talk in Vienna, according to Mr. Blask, because it indicates that the number of sharing organizations is multiplying dramatically. "The EE-ISAC is an example of this increase in sharing centers. This supports the idea that organizations should join the EE-ISAC and become part of this rapidly growing field."
Mr. Blask, being the chair of the ICS-ISAC for the Industrial Control System sector, will be sharing lessons learned in information sharing as a whole, including the ICS-ISAC but also the evolution of ISAOs in the US and similar sharing centers internationally. "We will be providing the audience an understanding of the progress of information sharing to date and a forecast for the future, including an steps they should consider for their own planning purposes."
Chris Blask is speaking during the EE-ISAC Open House Member Meeting on 4 November. This session is free-to-attend. Click here for more information and registration!

Trust-based security information sharing in the US - Lessons learned


In the run-up to the launch of EE-ISAC in December, our future members are meeting today in the Hague to decide upon final details about the partnership. Furthermore, since information sharing is what we are about, we have invited several industry organizations and experienced ISAC chairs to share the lessons they learned on security information sharing.

Start your journey soon, as the adversaries have already begun their journey
For example, we were highly honoured with mister Tim Roxey visiting the meeting. Mister Roxey is Chief Operations Officier of the Electricity Sector-ISAC (ES-ISAC) and VP of North American Electric Reliability Corporation in the US. ES-ISAC serves as the primary security communications channel for the US electricity sector. It enhances the ability to prepare for and respond to cyber and physical threats, vulnerabilities and incidents. Mister Roxey shared many useful examples of the essential role of ES-ISAC played in preventing several security incidents in the past.

Because of our strict participation rules, much of the information shared won't leave the meeting room. However, his main advice kindly reminded us of the urgency of the matter - "start your journey soon, as the adversaries have already begun their journey". Mister Roxey looks forward to the ES-ISAC partnering with EE-ISAC to address global security threats. 

Interested to hear more?
The information shared during our meetings is only available to EE-ISAC members. 
If you think your company adds up to our geographical scope (European utilities), coverage of the smart energy supply chain or cyber security expertise, please contact us