Smart grid security. Annex V. Related initiatives [Deliverable ]

Size: px
Start display at page:

Download "Smart grid security. Annex V. Related initiatives [Deliverable ]"

Transcription

1 Smart grid security [Deliverable ]

2 Smart Grid Security I This document is Annex 5 (of 5) to the ENISA study Smart grid security: Recommendations for Europe and Member States, June Contributors to this report ENISA would like to recognise the contribution of the S21sec 1 team members that prepared this report in collaboration with and on behalf of ENISA: Elyoenai Egozcue, Daniel Herreras Rodríguez, Jairo Alonso Ortiz, Victor Fidalgo Villar, Luis Tarrafeta. Agreements or Acknowledgements ENISA would like to acknowledge the contribution of Mr. Wouter Vlegels and Mr. Rafał Leszczyna to this study. 1 S21sec, the contractor of ENISA for this study is an international security services company with offices in several countries.

3 II Smart Grid Security About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at Contact details For contacting ENISA or for general enquiries on CIIP & Resilience, please use the following details: resilience@enisa.europa.eu Internet: For questions related to Smart grid security: Recommendations for Europe and Member States, please use the following details: Konstantinos.Moulinos@enisa.europa.eu Legal notice Notice must be taken that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Reproduction is authorised provided the source is acknowledged. European Network and Information Security Agency (ENISA), 2012

4 Smart Grid Security III Contents 1 Introduction Europe Belgium Denmark Germany Italy The Netherlands United Kingdom USA International Other web 2.0 initiatives Bibliography Abbreviations... 90

5 2 Smart Grid Security 1 Introduction The aim of this section is to highlight a number of security initiatives and organisations that are important for the cyber security of smart grids. These initiatives have been classified according to their geographical origin and type. Furthermore, their mission/objectives and primary activities related to smart grid cyber security are also described. There are two groups of initiatives that have been excluded in this annex. On one side, all those initiatives which addressed safety and security aspects of power generation and the electricity grid, but not directly addressing cyber security are not included. Only those major initiatives at the EU-level, which in the near term might also address cyber security, are included. In the following lines we provide a list of these initiatives: ETPIS E-Energy BDEW Smart Grid Network Electricity Regulatory Forum ESIA Smart Grid Task Force EUTC - ICT4SDG ICT for Smart Distributed Generation More Microgrids ELECPOR Slovenian Technology Platform SmartGrids FUTURED e-cip HiperDNO On the other hand, there is another group of initiatives which address cyber security issues of general Industrial Control Systems (ICS). However, these documents could be an important source of information for any stakeholder of the smart grid which needs to deal with industrial automation or control systems security. For a detailed outlook on all these documents we refer the reader to annex IV of ENISA s report Protecting Industrial Control Systems - Recommendations for Europe and Member States (1). What follows is a list of these initiatives: IFAC IFIP ISACA MERIDIAN Conference SANS

6 Smart Grid Security 3 TCG EPCIP IMG-S Sixth Framework Programme NAMUR VDI CPNI Byres Security Blog WIB National Risk Assessment CPNI.NL OLF AMETIC CNPIC GIPIC Protect-IC Test bed Framework for Critical Infrastructure Protection Exercise (Cloud CERT) PESI SEMA The MSB Industrial Control System Security Program ACC AGA API DoE DHS Digital Bond- S4 workshop TISP SCADA hacker SCADAsec SCADA/Control System Security Professionals Water Security Cyber Security in Real-Time Systems MPCSIE Finally, the following lines provide a brief explanation of some of the key fields that will be used for the classification of the initiatives/organisations which are presented in this chapter:

7 4 Smart Grid Security : of the initiative/organisation. : of organisation/initiative (see below). : The activities the group is related to (i.e. policy, standards, information sharing, dissemination and awareness, economic or financial, technical, training and education, R&D). : Stakeholder types which participate in the organisation/initiative (i.e. manufacturer or integrator, security tools and services provider, DSO, TSO, power generation, smart grid services provider (e.g. marketer), academia and R&D, public bodies, standardisation bodies). Mission/Objectives: Purpose of the group. : Describes all those activities that the initiative or the organisation being described has undertaken or is currently undertaken on the field of smart grid (cyber) security and resilience. : Standards, Good Practices, Regulations, Technical Reports, Technical Solutions, etc. Comments: Additional information about the organisation/initiative. : The reference for the initiative being described. The values of the field can be one of the following: International agency: An association of public bodies from different countries, which support its members, seeks to achieve common goals and collaborates with other similar agencies and even non-member countries. Industry association: An association that supports and protects the rights of a particular industry and the people who work in that industry, and which seeks to achieve the common goals of its members. There may be a public entity within these associations, but it does not have a leading role. Public Private Partnership: A government service or private business venture which is funded and operated through a partnership of government and one or more private sector companies. Public body: An organization whose work is part of the process of government, but is not a government department. 2 Regular private organisation: An organisation which is privately run and does not rely on money from the government and funds from charities. They get make their own money by providing a service at a cost. Professional association: Also called a professional body, professional organization, or professional society. A professional association is usually a non-profit organization seeking to represent a particular profession, the interests of individuals engaged in that profession, and the public interest. European Technology Platform (ETP): are industry-led stakeholder for a charged with defining research priorities in a broad range of technological areas where achieving EU

8 Smart Grid Security 5 growth, competitiveness and sustainability requires major research and technological advances in the medium to long term. Specialized event: Workshops, forums, conferences or summits focusing on ICS security and CIP. Online resource: A specialised website, blog, e-forum, online group, and similar resources. Project: Projects made by European Union countries and related to the security of smart grids. Other: When an initiative or an organisation does not match with any of the previously defined types, it will be classified with this value.

9 6 Smart Grid Security 2 Europe Mission/Objectives Action plan on CIIP Other Organisational and Policy, Dissemination and awareness, Information sharing, Technical, Economic or financial. Public bodies, Manufacturers, Integrators, Operators, Security tools and services providers. In order to enhance the security and resilience of CIIs, this integrated EU action plan was devised by the European Commission to complement and add value to existing national programmes as well as to the existing bilateral and multilateral cooperation schemes between Member States.This action plan was firstly introduced in COM(2009)149 (19) and consisted of five main pillars: Preparedness and prevention: Baseline of capabilities and services for pan-european cooperation. The Commission invites Member States and concerned stakeholders to: define, with the support of ENISA, a minimum level of capabilities and services for National/Governmental CERTs and incident response operations in support to pan-european cooperation; make sure National/Governmental CERTs act as the key component of national capability for preparedness, information sharing, coordination and response. European Public Private Partnership for Resilience (EP3R). The Commission will foster the cooperation between the public and the private sector on security and resilience objectives, baseline requirements, good policy practices and measures. European Forum for information sharing between Member States (EFMS). The Commission will establish a European Forum for Member States to share information and good policy practices on security and resilience of CIIs. Detection and response: European Information Sharing and Alert System (EISAS). The Commission supports the development and deployment of EISAS, reaching out to citizens and SMEs and being based on national and private sector information and alert sharing systems. Mitigation and recovery: National contingency planning and exercises. The Commission invites

10 Smart Grid Security 7 Member States to develop national contingency plans and organise regular exercises for large scale networks security incident response and disaster recovery, as a step towards closer pan-european coordination. Pan-European exercises on large-scale network security incidents. The Commission will financially support the development of pan-european exercises on Internet security incidents, which may also constitute the operational platform for pan-european participation in international network security incidents exercises, like the US Cyber Storm. Reinforced cooperation between National/Governmental CERTs. The Commission invites Member States to strengthen the cooperation between National/Governmental CERTs, also by leveraging and expanding existing cooperation mechanisms like the EGC.29. International cooperation: Internet resilience and stability. Three complementary activities are envisaged: A Europe-wide debate, involving all relevant public and private stakeholders, to define EU priorities for the long term resilience and stability of the Internet; the definition of guidelines for the resilience and stability of the Internet, focusing inter alia on regional remedial actions, mutual assistance agreements, coordinated recovery and continuity strategies, geographical distribution of critical Internet resources, technological safeguards in the architecture and protocols of the Internet, replication and diversity of services and data; work o na roadmap to promote principles and guidelines at the global level. Global exercises on recovery and mitigation of large scale Internet incidents. The Commission invites European stakeholders to reflect on a practical way to extend at the global level the exercises being conducted under the mitigation and recovery pillar, building upon regional contingency plans and capabilities. Criteria for European Critical Infrastructures in the ICT sector: ICT sector specific criteria. By building on the initial activity carried out in 2008, the Commission will continue to develop, in cooperation with Member States and all relevant stakeholders, the criteria for identifying European critical infrastructures for the ICT sector. The EP3R, the EFMS and EISAS can be interesting platforms for any future action plan on ICS security at the European level. Future activities of EP3R will also address cyber security challenges of smart grids, building on the preparatory work being carried out by the Commission and ENISA.

11 8 Smart Grid Security Comments Policies N/A /ciip/index_en.htm Mission/Objectives CEN/CENELEC/ETSI JWG and SG-CG International agency Standards public bodies, standardization bodies The Smart Grids Task Force highlighted the importance of new standards for a successful deployment of smart grids together with a need for change and improvement of the existing standards. In addition, this group of experts identified the risk of too many standardization bodies providing an inconsistent set of standards. As a result, the Expert Group 1 of the EC Smart Grid Task Force concluded there was a need for a joint CEN/CENELEC/ETSI group on standards for smart grids, to deal more intensively with establishing detailed recommendations to selected standardization bodies. For this reason the CEN/CENELEC/ETSI Joint Working Group (JWG) on standards for the smart grid was established. It worked between June 2010 and March 2011 on the production of a report addressing standards for smart grids. This document was called final report of CEN/CENELEC/ETSI JWG on standards for smart grids. In M/490 the European Commission requested ESOs to develop a framework to enable ESOs to perform continuous standard enhancement and development in the field of smart grids, while maintaining transverse consistency and promote continuous innovation. The focal point addressing the ESO's response to M/490 is the CEN/CENELEC/ETSI Smart Grids Coordination Group (SG-CG) which was built around the membership of the previous JWG. Besides, M/490 requires the work to build on already existing material delivered through other mandates such as the M/441 and M/468. The SG-CG is the main and visible body of a larger structure which includes four Working Groups (WG) which are coordinated by the SG-CG. These working groups include: Reference architecture WG. First set of standards WG. Sustainable processes WG. Security WG (also referred sometimes as Smart Grid Information Security Working Group - SGIS WG).

12 Smart Grid Security 9 Comments In addition to other standardisation aspects (e.g. reference architecture, communication interfaces, generation, transmission, distribution, smart metering, etc.), the CEN/CELEC/ETSI JWG final report on standards for smart grids includes a number of recommendations for smart grid standarisation on the field of information security. On the other hand, the SGIS WG of the SG-CG is defining a number of essential security requirements for smart grids based on confidentiality, integrity, availability, reliability/resiliency, privacy and interoperability criteria. Moreover, this WG is working on the establishment of different security levels to classify the infrastructures that the smart grid will comprise. Besides, it is also revising international standars on, identifying gaps and differences in current European regulations and standards. Finally, the working group is also defining a set of tools and methodologies to help clasiffying assets, assessing risks and filling the aforementioned gaps and other requirements. Standard recommendations, Standards, Policies. SG-CG is built upon the previous JWG /SmartGrids/Pages/default.aspx Mission/Objectives CEN/CENELEC/ETSI SM-CG International agency Standards All stakeholders The European Commission and EFTA addressed Mandate M/441 to CEN, CENELEC and ETSI and a Smart Meters Coordination Group (SM- CG) was set up to answer this request. This group provides a focal point concerning smart metering standardization issues in respect to Mandate M/441 (20). Mandate M/441 has two phases. The first requests the European Standards Organizations to develop a European standard comprising a software and hardware open architecture for utility meters that supports secure bidirectional communication and allows advanced information, management, and control systems for consumers and service suppliers. In this context, the SM-CG identified the main possible functional communication implementations relevant for smart metering systems and the standards relevant to meeting the requirements of mandate M/441, in particular to assist the active participation of consumers in the energy markets.

13 10 Smart Grid Security Comments The second phase of Mandate M/441 requests the European Standards Organizations to develop European Standards containing harmonized solutions for additional meter functionalities within an interoperable framework, using where needed the open architecture developed under the first phase of Mandate M/441. To clarify standardization requirements and to ensure consistency in the smart meter dataflow, it is helpful to consider functionalities in details through Use Cases. The SM-CG produced a technical report, CEN-CLC-ETSI TR 50572:2011 'Functional reference architecture for communications in smart metering systems'(21). This technical report identifies a functional reference architecture for communications relevant for smart metering systems and the standards relevant to meeting the technical/data communications requirements of Mandate M/441, in particular to assist the active participation of consumers in the energy markets. Particularly, it addresses privacy and data security aspects for the definition of the functional reference architecture, emphasising also general security principles for smart meters. Technical Report CENELEC Smart Meter Coordination Group Mission/Objectives DG CONNECT s Ad-hoc Expert Group on the Security and Resilience of Communication Networks and Information Systems for Smart Grids Public Private Platform Policy, standards, technical, dissemination and awareness All stakeholders The European Commission created the Ad-hoc Expert Group to better understand the views and objectives of the private and public sectors on the ICT security and resilience challenges for the smart grids as well as to identify and discuss about the related policies at EU level. COM(2011) 163(22) on Critical Information Infrastructure Protection as well as COM(2011) 202 (23) on smart grids were presented are the two main pillars backin up this initiative. Specifically, COM (2011) 202 declares that the Commission should continue bringing together the energy and ICT communities within an expert group to assess the network and information security and resilience of smart grids. The two main objectives of the Expert Group are: The identification of European priority areas for which action should be undertaken to address the security and resilience of

14 Smart Grid Security 11 communication networks and information systems for smart grids, as well as the definition of recommendations on how to progress on each of these areas at the European level. The identification of which elements of the smart grid should be addressed by the EG (e.g. smart appliances, smart metering, smart distribution, smart (local) generation, smart transmission) as well as the identification of key strategic and high level security requirements, good practices based on learned lessons and the proposition of mechanisms to raise awareness among decision makers. Based on the aforementioned two main objectives, a Programme of Work (24) was defined with the mission of contributing to a coherent and increased effort to improve the cyber security of the smart grids and which focuses on the security and resilience of communication and information systems that are critical for the performance of the physical electricity infrastructure. This programme of work includes four main areas, divided into twelve work packages. The areas and WPs are the following: I. Area 1. Risks, threats and vulnerabilities a. WP 1.1 Identify and categorize all relevant smart grid assets b. WP 1.2 Develop an attach/threat taxonomy for relevant assets c. WP 1.3 Develop a countermeasure taxonomy for relevant assets d. WP 1.4 Develop a high-level security risk assessment methodology for relevant assets II. Area 2. Requirements and technology a. WP 2.1 Security requirements b. WP 2.2 Extend smart grid requirements to include effective security measures c. WP 2.3 Research smart grid communication protocols and infrastructures to incorporate data security measures d. WP 2.4 (Public) procurement III. Area 3. Information and knowledge sharing a. WP 3.1 Develop a cross-border alliance between Member States (MS) and relevant competent bodies IV. Area 4. Awareness, education and training a. WP 4.1 High level conference for strategic leaders

15 12 Smart Grid Security Comments b. WP 4.2 Propose initiatives to increase stakeholder awareness on data security c. WP 4.3 Skilled personnel on cyber security in energy industry Technical reports, Recommendations The first conclusions of the group will be made public in the second quarter of Mission/Objectives Smart Grid Task Force Public Body Policy, Regulation public bodies, standardization bodies To facilitate and support the process of an European Union-wide smart grid implementation, the European Commission decided to set up a Task Force on Smart Grids. The Task Force Smart Grids was designed to provide a joint regulatory, technological and commercial vision on smart grids taking into account accumulated experiences worldwide and the technological challenges to be faced mainly during next decade/s, so as to coordinate the first steps towards the implementation of smart grids under the provision of the Third Energy Package. The Task Force aims to jointly agree among the regulatory authorities, regulated companies and end users on key issues such as the estimated cost/benefits, the associated risks and the incentives needed. The ultimate goal of the initial work programme of the task force is to identify and produce a set of regulatory recommendations to ensure European Union -wide consistent, cost-effective, efficient and fair implementation of smart grids, while achieving the expected Smart Grids' services and benefits for the network users. The planned efforts of this Work Programme are focussed on: Functionalities of smart grid and smart meters: The key deliverable is to provide an agreement among all actors involved on a set of minimum functionalities for smart grids and smart meters. Regulatory recommendations for data safety, data handling and data protection: The key deliverable is to identify the appropriate regulatory scenario and recommendations for data handling, safety and consumer protection. Roles and responsibilities of actors involved in the smart

16 Smart Grid Security 13 grids deployment: The key deliverable is the development of recommendations on the roles and responsibilities of all involved actors in the implementation of the smart grids as well as the definition of criteria and recommendations for funding of smart grid deployment. In the beginnning the Smart Grid Task Force comprised three Expert Groups (EG) to which a fourth one was added afterwards. These EGs are the following: Expert Group 1: Functionalities of smart grids and smart meters. Expert Group 2: Regulatory recommendations for data safety, data handling and data protection. Expert Group 3: Roles and Responsibilities of Actors involved in the smart grids deployment. Expert Group 4: Smart grid aspects related to gas. The EG2 is involved directly in. This group aims to: Identify the benefits and concerns of customers with regard to smart grids. Provide an overview of European legislation on data protection, privacy and its enforcement. Recommend whether further protective measures should be put in place. Identify possible risks in the handling of data, safety and data protection. Identify ownership of data and access rights. Identify responsible parties for data protection and enforcement mechanisms. Develop a framework in which way data can be used. Provide recommendations on the Communication of Smart Grid benefits to consumers, citizens and politicians. The EG2 issued in February 2011 a report titled Regulatory recommendations for data safety, data handling and data protection (25) which focuses on identifying the appropriate regulatory scenario and recommendations for data handling, security and data protection. Regulations, policies, and policy recommendations. Comments The initial duration of the task force was 20 months, till May 2011

17 14 Smart Grid Security taskforce_en.htm Mission/Objectives Seventh Framework Programme (FP7) Other (Research and development programme) information sharing, dissemination and awareness. All stakeholders The FP7 is the main Euroepan research programme with a 7 year duration ( ). The programme has a total budget of over 50 billion and its main objectives are to strengthen the scientific and technological base of European industry, encouraging its international competitiveness, while promoting research that supports EU policies. The five main Specific Programmes that constitute FP7 are: Cooperation, Ideas, People, Capacities and Nuclear Research. The Funding schemes are the types of projects, by which FP7 is implemented. They are the following: Collaborative projects: collaborative projects are focused on research projects with clearly defined scientific and technological objectives and specific expected results (such as developing new knowledge or technology to improve European competitiveness). They are carried out by consortia made up of participants from different countries, and from industry and academia. Networks of excellence: the Networks of Excellence are designed for research institutions willing to combine and functionally integrate a substantial part of their activities and capacities in a given field, in order to create a European virtual research centre in this field. This is achieved through a Joint Programme of Activities based on the integrated and complementary use of resources from entire research units, departments, laboratories or large teams. The implementation of this Joint Programme of Activities will require a formal commitment from the organisations integrating part of their resources and their activities. Coordination and support actions: these are actions that

18 Smart Grid Security 15 cover not the research itself, but the coordination and networking of projects, programmes and policies. This includes, for example: o Coordination and networking activities, dissemination and use of knowledge o Studies or expert groups assisting the implementation of the FP. o Support for transnational access to major research infrastructures. o Actions to stimulate the participation of SMEs, civil society and their networks. o Support for cooperation with other European research schemes (e.g. frontier research ). There are some projects under the scope of the FP7 which are related to. The following sets out a number of them: ELVIRE(26): It is an Information and Communication Technologies (ICT) research project. Its purpose is to develop an effective system which is able to neutralize the driver s range anxiety. In order to ease and optimize energy management of Electric Vehicles (EV) and to cope with the sparse distribution of electrical supply points during the rampup phase, innovative Information and Communications Technologies and service concepts are being developed. The participants of this project are working on procedures to secure data transmission between vehicles and external services, sending the information in real time. AFTER (27): This project addresses vulnerability evaluation and contingency planning of the energy grids and energy plants, considering also the ICT systems used in protection and control. It aims to develop a methodology and a tool for vulnerability analysis and risk assessment of interconnected electrical power systems considering their interdependencies. Moreover, it also aims at developing develop algorithms and tools supporting contingency planning in a two-fold approach: preventing or limiting system disruption, by means of physical security techniques and defence plans; and re-establishing the

19 16 Smart Grid Security system after a major disruption, by means of restoration plans. Open Meter (28): The main objective of the OPEN meter project is to specify a comprehensive set of open and public standards for Advanced Metering Infrastructure (AMI) supporting multi commodities (Electricity, Gas, Water and Heat), based on the agreement of the most relevant stakeholders in the area. The general requirements include aspects such as security, interoperability, robustness, scalability, maintenance, performance and management. Part of its work focuses on the identification and specification of security requirements and on the determination of security clauses. The project includes specific tasks devoted to cyber security in smart grid environments. Besides, a series of deliverables providing an overview on the steps to be implemented to achieve a secure smart grid. Internet of Energy (29) (30): The objective of this project is to develop hardware, software and middleware for seamless, secure connectivity and interoperability achieved by connecting the Internet with the energy grids. The project will evaluate and develop the needed ICT for the efficient implementation in future smart grid structures, including security capabilities. DLC+VIT4IP: this project will develop, verify and test a highspeed narrow-band power line communications infrastructure using the Internet Protocol (IP) which is capable of supporting existing and extending new and multiple communication applications. These shall include the existing power distribution network for novel services in smart electricity distribution networks such as demand side management, control of distributed generation and customer integration. This projects develops, among other things, reference designs and embedded systems architectures for the high efficiency and secure smart network systems addressing requirements on compatibility, networking, security, robustness, diagnosis, maintenance, integrated resource management and selforganization. Comments Technical reports, good practices. FP7 is the short version for Seventh Framework Programme

20 Smart Grid Security 17 Mission/Objectives Smartgrids ETP European Technology Platform Dissemination and awareness, Policy, R&D All smart grid stakeholders The Smartgrids ETP is the European Technology Platform for Electricity Networks of the Future. It is the key European forum for the crystallisation of policy and technology research and the development of pathways for the smart grids sector, as well as the linking glue between EU-Level related initiatives. The mission of the Smartgrids ETP includes: To foster and support the deployment of SmartGrids in Europe by advising and coordinating the stakeholders: European Commission, TSO, DSO, Energy System and Component vendors, Energy Research Centres, Smart Metering Industry, Energy Consumers, Utilities Telecom Providers and Grid Regulators. To ensure the strategic relevance of the Platform and its consistency with EU policy. To link with relevant technology platforms dealing with energy matters that have an impact both at the generation and the demand side, on the future of the grid. To provide relevant input to the EU initiatives such as the SETplan and its European Industrial Initiatives. The Smartgrids ETP main objectives are: To ensure that the vision and its implementation remain focused on responding to the needs of customers and the delivery of European policy. To maintain a high level strategic overview of sector developments, opportunities and threats, bringing forward issues of priority for attention. To be a facilitator, working with the grain of sustainable energy policy for a competitive Europe. To promote SmartGrids research, development, demonstration and deployment projects. To build and maintain a shared vision for the future of Europe s electricity networks and to be a catalyst for its

21 18 Smart Grid Security Comments implementation. The European Technology Platform for Electricity Networks of the Future actively engages with smart grids stakeholders (researchers, academia, civil societies, industry), European Commission-funded research projects and initiatives, related European Technology Platforms and global grids organisations in a wide range of activities relevant to the R&D&I of electricity networks in Europe: Publishing the following documents: vision paper, strategic research agenda, strategic deployment document Formulating proposals and recommendations for the European Electricity Grid Initiative under the framework of the SET-Plan Monitoring Research, Studies, Pilot Plants and Demonstration Responding and disseminating relevant public consultations Organising Workshops of stakeholders to engage them in its activities Taking awareness and communication actions, including the organisation general assemblies, and development of a website. A video to disseminate the concept of the ETP vision for the future was also released in In the Smartgrid ETP s document Strategic research agenda for Europe s electricity networks of the future (31), the security dimenssion, in its broadest sense, is considered one of the strategic pillars. Besides, it defines several research areas which acknowledge the importance of ICT in the new smart grid and the reliability and security factors. Other research areas consider security from the point of view of performance expectations, including topics such as graceful degradation to maximize reliability, availability and resilience of the grid. In any case cyber security or privacy aspects related to Information and communication technology are not directly addressed. The strategic deployment document of 2010 describes the priorities for the deployment of innovation in the electricity networks and the benefits that such innovations will deliver for all takeholders. As it happens with the strategic research agenda, security is at the fundamentals of the document. However it is mainly focused on operational security, relience, reliability and availability, leaving out cyber security or privacy issues. Research plans, Recommendations on future strategies N/A

22 Smart Grid Security 19 Mission/Objectives EU-US Working Group on Cyber-security and Cybercrime Other Information sharing, dissemination and awareness, training and education, organisational and policy. Public Bodies The EU-US Working Group (EU-US WG) on Cyber-security and Cybercrime was established in the context of the EU-US summit of 20 th of November 2010 held in Lisbon. Its main objective is to tackle new threats to the global networks upon which the security and prosperity of our free societies increasingly depend. The EU-US WG addresses a number of specific priority areas and was planned to report progress within a year time after its establishment. The efforts include: Expanding incident management response capabilities jointly and globally, through a cooperation programme culminating in a joint EU-US cyber-incident exercise by A broad commitment to engage the private sector, sharing of good practices on collaboration with industry, and pursuing specific engagement on key issue areas such as fighting botnets, securing industrial control systems and smart grid (such as water treatment and power generation), and enhancing the resilience and stability of the Internet. A programme of immediate joint awareness raising activities, sharing messages and models across the Atlantic, as well as a roadmap towards synchronised annual awareness efforts and a conference on child protection online in Silicon Valley by end Continuing EU/US cooperation to remove child pornography from the Internet, including through work with domain-name registrars and registries. Advancing the Council of Europe Convention on Cybercrime, including a programme to expand accession by all EU Member States, and collaboration to assist states outside the region in meeting its standards and become parties. With respect to ICS and the proposed tasks include the stock taking and comparative analysis of existing initiatives, pilots, good practices and methods addressing ICT risks, privacy and security. The input from the EU side includes: Activities at national level (NL, DE, UK, SE ) as well as at European level (Euro-SCSIE, possibly via Member States

23 20 Smart Grid Security Comments experts in the WG and during the stock taking of the ENISA studies on ICS and smart grids security) Ongoing ENISA studies on industrial control systems and interdependencies of ICT sector to energy Activities of the Expert Group on the Security and Resilience of Communication Networks and Information Systems for Smart Grids, composed of European public and private stakeholders and coordinated by DG CONNECT. The input from the US side includes: Experiences in international public-private coordination to mature acceptance of voluntary security standards. Specific methodology and mechanisms to engage with the private sector to achieve cooperation and mutual engagement in public-private control system security coordination. The deliverables expected from this cooperation include: Strategy for EU and US engagement on the control system/smart grid priority area; Plan of Action for EU and US public private engagement on cyber security of industrial control systems and smart grids; this will also draw on an analysis of existing coordination bodies for security of industrial control systems and highlighting best practices for voluntary participation developed within them. Good practices N/A MEMO/10/658&type=HTML Mission/Objectives JRC, Smart Electricity Systems Group (SES) Public Platform Policy and standards All stakeholders The Smart Electricity Systems (SES) group of the JRC provides scientific support to Directorates-General of the European Commission on policies and initiatives on smart electricity grids. SES supports the policy-making process on the developments of the trans-european and power distribution networks, focusing also on advances towards super and smart grids architectures. The SES Action

24 Smart Grid Security 21 Comments concentrates on the following activities: Design, set up and run the first JRC experimental activities on smart grids to assess the adequacy and reliability of micro grid systems embedding renewables and Distributed Energy Resources, including storage. Provide technical and policy support to customer DGs on initiatives related to the development and the operation of the current and future transmission and distribution networks, taking into account advances in smart and super grids concepts; this will be done particularly with relation to the Strategic Energy Technology Plan (SET-Plan) and the Energy Infrastructure Package. Further develop and improve dedicated models and tools to assess the vulnerability, reliability and security of supply challenges of the EU electricity transmission and distribution systems, during both normal and special operational conditions. The models will be combined with an energy security Geographic Information System (GIS) framework and database, especially designed to communicate results in a user-friendly and geo-referenced manner. Strengthen cooperation on research and demonstration on smart transmission and distribution grids with key stakeholders at the EU, Member State and international level. Contribute assessing the interdependencies of the ICT and power systems and to implement the work plan of the new FP7 AFTER competitive project on power systems vulnerability identification, defence and restoration. As it has already been mentioned in the mission/objectives section, the SES group of the JRC aims to further develop and improve dedicated models and tools to assess the vulnerability, reliability and security of supply challenges of the EU electricity transmission and distribution systems, during both normal and special operational conditions. The models are envisioned to be combined with an energy security Geographic Information System (GIS) framework and database, especially designed to communicate results in a userfriendly and geo-referenced manner. Good Practices, Technical Reports. Following a request from DG ENER, the JRC Smart Electricity Systems Action carried out an independent assessment of smart grid projects throughout Europe. They launched a survey to collect smart grid experiences in Europe and support analysis on trends and developments in smart grids implementation.

25 22 Smart Grid Security Mission/Objectives Comments CEER International Agency Policy, standards Europe's national regulators of electricity and gas at EU and international level. The Council of European Energy Regulators (CEER) is the voice of Europe's national regulators of electricity and gas at EU and international level. Through CEER, a non-for-profit association, the national regulators cooperate and exchange best practice. A key objective of the CEER is to facilitate the creation of a single, competitive, efficient and sustainable EU internal energy market that works in the public interest. Besides, CEER works closely with and supports the work of the Agency for the Cooperation of Energy Regulators (ACER). The Electricity Working Group (EWG) of CEER deals with issues related to the European electricity grids and the EU electricity market. According to them, in 2012, the EWG will focus on the following areas of work: quality of supply, smart grids, sustainable development, security of supply. During 2012 CEER will see the continuation of the previous efforts to address the challenges of security of supply from the viewpoint of generation adequacy, elaborating guidelines of good practices. Three task forces have been defined, from which two of them are directly related to security aspects of the smart grid. These task forces are: Electricity Quality of Supply and Smart Grids (EQS) Task Force, which is working on quality issues and the regulatory aspects of smart grids. Electricity Security of Supply (ESS) Task Force which is addressing the challenges of security of supply from the viewpoint of generation adequacy. Even though security and reliability of the grid are the focus of many of the efforts of this agency, cyber security issues are not still being considered as a key aspect. Annual overview and future work programme documents; Annual national reports for each EU country; Regulatory guidelines and good practices; Newsletter Council of European Energy Regulators

26 Smart Grid Security 23 Mission/Objectives Comments ANEC Other Standardisation Represents the European consumer ANEC is the European consumer voice in standardisation. This association represents the European consumer interest in the creation of technical standards, especially those developed to support the implementation of European laws and public policies. ANEC participates principally through its voluntary experts in the standards development work of the three European Standards Organisations (ESOs) recognised by the European Union and EFTA: CEN, CENELEC, and ETSI. ANEC is governed by a general assembly which comprises one one individual from each of the 30 countries of the European Union and EFTA. The individual is nominated through a collective decision of the national consumer organisations in each country and acts as the interlocutor between them and ANEC. ANEC was invited by ESOs to participate in both, Smart Meter Coordination Group (SM-CG) established to execute Mandate M/441(20) on Measuring Instruments and Smart Grid Coordination Group (SG-CG) established to execute M/490(32) to support European smart grid deployment. Additionally, and in order to defend the consumer interests in the policy and standardisation activities related to the implementation of the third EU Energy Package, ANEC has joined the European Commission Smart Grid Task Force where it helps identifying regulatory recommendations for implementing Smart Grids. As a result of the participation of ANEC in such initiatives, several documents were developed. These documents include a number of aspects considered key by consumers on data privacy and security, mostly referring to keep data confidential and secure both during their transmission and storage. Besides, some of these documents have been a basis for developing COM (2011) 202(23) and SEC (2011) 463(33). Papers and annual technical reports N/A

27 24 Smart Grid Security Mission/Objectives DIGITALEUROPE Industry Association Policy, information sharing, dissemination and awareness Integrators and services providers DIGITALEUROPE represents the digital technology industry in Europe. This initiative has more than 100 members and include some of the world's largest IT, telecoms and consumer electronics companies and national associations from every part of Europe. Digital Europe wants European businesses and citizens to benefit fully from digital technologies and for Europe to grow, attract and sustain the world's best digital technology companies. DIGITALEUROPE aims to facilitate non-commercial collaboration and coordination between member companies and national trade associations across the European Union, and assist them in sharing best-practices in many business operations and facilitating the agreement of international standards in close collaboration with international standards bodies. DIGITALEUROPE provides a full range of services to its membership and generally to stakeholders in the digital economy. Including: Promoting the development of best practices and benchmarking within the DIGITALEOPE membership Providing up-to-date, high-value industry data and information to members on all aspects of the Digital Economy in Europe and around the world Delivering a forum for knowledge exchange and information sharing between members through industry programmes and pan European events. Monitoring all relevant initiatives to industring, informing members through regular mailings, s, newsletters and information transfer, as well as the hosting and and organisation of meetings and events. The organisation is dedicated to improving business environment for the European digital technology industry and to promoting their sector s contribution to economic growth and social progress in the European Union. It represents the interests of both, national associations and corporate organisations, operating in the

28 Smart Grid Security 25 information technology and consumer electronics sector in European towards.the European parliament and the European Commission. Comments DIGITALEUROPE is one of 25 European Associations representing all European Stakeholders that are assumed to play a role in the implementation of smart grids. It participates actively in the Smart Grids Task Force through the participation in the 3 working groups that have been setup, the Steering Committee and the issue of the present position paper representing the position of DIGITALEUROPE members. DIGITALEUROPE have grouped some experts on smart grids to create a technical and regulatory group on privacy and security. DIGITALEUROPE s Privacy & Security group is focusing on three key areas: Data protection: the group is actively engaged in developing common industry agreements on how to balance the opportunities and challenges to harmonisation to enable businesses take a Europe-wide and global view of data protection compliance. Online advertising: the group is contributing to discussions on the benefits and potential risks of monitoring consumer behaviour for commercial purposes, as well as the technologies used for such purposes. Network Information and Security (NIS): the Privacy & Security group is contributing its expertise to initiatives and consultations lead by the Commission and the European Network Information Security Agency (ENISA). Technical reports N/A Mission/Objectives EDSO-SG Industry Association Awareness and dissemination, training and education DSOs EDSO for smart grids aims to be the key reference point in the coordination of all European DSOs efforts. The purpose of the Association is to structure, lead and enhance, not for profit cooperation between European distribution system

29 26 Smart Grid Security Comments operators for electricity as well as assure, manage, represent and promote their common interests, specifically on smart grids development and implementation. Together with ENTSO-E and European Technology Platform SmartGrids (ETP Smart Grids), they play an important role in the planning, monitoring and dissemination of the European Electricity Grid Initiative. EDSO for smart grids plays an active role in the European regulatory process on smart grids development and implementation. Some of its goals include the security of supply and the promotion of the reliability of electricity distribution grids. Technical reports EDSO-SG stands for European Distribution System Operators for Smart Grids Mission/Objectives ENTSO-E International Agency Standards, policy, dissemination and awareness, economical/financial, technical. TSO The European Network of Transmission System Operators for Electricity represents all electric TSOs in the EU and others connected to their networks, with one voice for all regions, and for all their technical and market issues. ENTSO-E's mission is to promote important aspects of energy policy in the face of significant challenges: Security: it pursues coordinated, reliable and secure operations of the electricity transmission network. Adequacy: it promotes the development of the interconnected European grid and investments for a sustainable power system. Market: it offers a platform for the market by proposing and implementing standardized market integration and transparency frameworks that facilitate competitive and truly integrated continental-scale wholesale and retail markets. Sustainability: it facilitates secure integration of new generation sources, particularly growing amounts of

30 Smart Grid Security 27 Comments renewable energy and thus the achievement of the EU's greenhouse gases reduction goals. WG European operational standards (WG EOS) (34): The WG EOS provides proposals for the harmonization of operational standards on the pan-european level and for the promotion of operational coherence among regions, thus facilitating the market processes. It contributes to ensure compatibility between system operation, market solutions and system development issues. The WG EOS analyses proposals for definitions and updating of technical and operational standards for implementation by regions and individual TSOs. WG Critical System Protection (WG CSP) (35): The WG CSP copes with the development of critical system and infrastructure protection on European level. The WG CSP is responsible for coordinating critical system protection issues regarding electricity transmission. The main function of the WG CSP is to follow the development of the critical infrastructure protection at European level, and to contribute to the dialog with the European Commission on critical infrastructure protection. WG Electronic Highway (WG EH) (36): The WG EH coordinates the usage and extension of the electronic highway in order to provide a secure and reliable information exchange for system operations throughout Europe. Technical reports, recommendations. ENTSO-E stands for European network of transmission system operators for electricity Mission/Objectives EEGI Other R&D TSOs and DSOs The EEGI is one of the European Industrial Initiatives under the Strategic Energy Technologies Plan (SET Plan) and proposes a 9 years European research, development and demonstration (RD&D) programme initiated by electricity transmission and distribution network operators (ENTSO) to accelerate innovation and the development of the electricity networks of the future in EU. Both ENTSO-E and EDSO-SG are the main two organisations behind

31 28 Smart Grid Security the EEGI. Comments The programme focuses on system innovation rather than on technology innovation, and addresses the challenge of integrating new technologies under real life working conditions and validating the results. The strategic objectives of the EEGI are: To transmit and distribute up to 35% of electricity from dispersed and concentrated renewable sources by 2020 and a completely decarbonized electricity production by To integrate national networks into a market-based, truly pan- European network, to guarantee a high-quality of electricity supply to all customers and to engage them as active participants in energy efficiency. To anticipate new developments such as the electrification of transport. To substantially reduce capital and operational expenditure for the operation of the networks while fulfilling the objectives of a high-quality, low-carbon, pan-european, market based electricity system. The EEGI s Research, Development and Demonstration (RD&D) programme defines 4 barriers: Technology barriers, RD&D organisation barriers, Market failures and distortions, Public barriers. Technology barrier includes aspects such as cyber security and data privacy on smart grid. All project inside EEGi need to include a cyber secutiry policy besides other policies or strategies. N/A EEGI stands for European Electricity Grid Initiative Mission/Objectives ENCS Public Private Partnership Technical, information sharing, dissemination and awareness DSO, Academia and R&D, public bodies, standardization bodies The ENCS aims to be the partner for organisations working on the security and protection of critical digital infrastructures, to help them to make accurate risk assessments and to take the appropriate measures to safeguard these infrastructures and guaranteeing the

32 Smart Grid Security 29 Comments continuity and smooth running of the systems. ENCS is the evolution of CyberTECH group. ENCS is an independent European public-private collaboration. Their Founding members are Alliander (Dutch DSO), City of The Hague, CPNI.NL, KEMA, KPN (Biggest Dutch Telecom provider), Radboud University Nijmegen and TNO. The idea of ENCS is that it contributes to the resilience of CI by connecting people and organizations, being an information and knowledge sharing catalyst and educating people to the highest management levels. The ENCS will not only focus on the technical, but also on physical and personnel security. The ENCS focuses primarily on the protection of smart grids and critical infrastructures Process Control Domains, which still present substantial cyber security issues and challenges. To address them, the ENCS connects existing organisations. The ENCS is planned to constantly scan the international arena for relevant developments, innovating and creating new initiatives to enable others. Besides the public-private network of experts and organizations, the ENCS will focus on four main areas: Research & Development Test Bed Information & Knowledge Sharing Education & Training All four focus areas are interconnected, providing collaborative input and optimal synergy. The ENCS will start primarily on the protection of smart grids and CI s Process Control Domains. These still present substantial cyber security issues and challenges. To address them, the ENCS will connect existing organisations as the European Commission, ENISA, Joint Research Centre and national public and private initiatives across Europe and beyond collaboration with the DHS Control Systems Security Program and Idaho National Labs are prime examples. Research & development reports, Test beds, Information & Knowledge Sharing platform, Education & training courses ENCS stands for European Network for Cyber Security ENCS was formerly known as Cyber-TECH N/A

33 30 Smart Grid Security Mission/Objectives ESMIG Public Body policy, standards, information sharing, technical All stakeholders The European Smart Metering Industry Group (ESMIG) has the objective to deliver the benefits of Smart Metering across Europe. The association and membership, through their internal working groups and involvement in several stakeholder groups, are providing expertise and advice to European institutions and organisations on the key issues for a European-wide implementation and roll-out of Smart Metering technologies. There are four working groups: ESMIG - European Business Systems Integration and Interoperability Group (EBSII) ESMIG - Communications Technology Group (CTG) ESMIG - Regulation And Policy Group (RPG) ESMIG - Multi Utility Metering Group (MUM) External activities of ESMIG supports the SM-CG (Smart Meter Coordination Group) with the definition of a functional reference architecture of the Advanced Metering Infrastructure (AMI), the definition of a glossary of commonly used terms and finally, with the definition of functional requirements by Use Cases. ESMIG is represented in the steering committee and in the various working Groups of the SG-CG (Smart Grid Coordination Group). ESMIG ensures that the work of the Smart Grid Expert Groups and the SM-CG is taken into consideration and finds its way in the work packages and the results of the SG-CG. ESMIG is one of the industry associations represented in this group. Proposals for changes in the MID are reviewed by the MUM group of ESMIG while its comments are taken into account and discussed by the WGMI (Working Group Measuring Instruments). ESMIG is represented in the European Electricity Grid Initiative (EEGI), which is one of the six European Industrial Initiatives (EII) laid down in the Strategic Energy Technology Plan (SET). ESMIG's RPG group formulates responses to the public consultations of the EEGI(37). Since its foundation in July 2008, ESMIG has achieved in a short time a very high level of recognition and visibility at EU-level and is recognised as an honest broker of industry s interest in the energy area with a specific focus on smart metering and smart grid.

34 Smart Grid Security 31 Comments Technical reports ESMIG stands for European Smart Metering Industry Group Mission/Objectives Comments EURELECTRIC Electricity Industry policy making level Operators, DSO, TSO, Public Bodies The Union of the Electricity Industry - EURELECTRIC is also the association of the electricity industry within the European Union, representing it in public affairs, in particular in relation to the institutions of the EU and other international organisations. Its mission is to contribute to the development and competitiveness of the electricity industry and to promote the role of electricity in the advancement of society. As a centre of strategic expertise, The Union of the Electricity Industry - EURELECTRIC identifies and represents the common interests of its members and assists them in formulating common solutions to be implemented and in coordinating and carrying out the necessary actions. To that end it also acts in liaison with other international associations and organisations, respecting the specific missions and responsibilities of these organisations. EURELECTRIC identifies and represents the common interests of its members and assists them in formulating common solutions to be implemented and in coordinating and carrying out the necessary actions. To that end it also acts in liaison with other international associations and organisations, respecting the specific missions and responsibilities of these organisations. This initiative develops many projects and one of them is a project about smart grids, 10StepsTosmartGrids (38). One of this project steps is focused on DSO Ensuring security and reliability of supply for good practices on a regulation environment. White Paper, Events N/A EuroSCSIE

35 32 Smart Grid Security Mission/Objectives Comments Public Private Partnership Dissemination and Awareness, Technical. Academia and R&D, Public bodies, Standardisation bodies The EuroSCSIE aim is from European industry, government, and research to benefit from the ability to collaborate on a range of common issues, and to focus effort and share resource where appropriate. Its main focus is Information Sharing and the expectations are to raise the level of protection adopted across Europe s SCADA and Control Systems (SCADA/CS). Among its objectives, we highlight the following ones: To define a European information exchange system for security-related information about SCADA and control systems. To share and exchange information using the Traffic Light Protocol. To cultivate a network of relevant government, industrial and research actors. To establish the basis for a pan-european system for the exchange of security-related information concerning SCADA and control systems. Some of the activities carried out by EuroSCSIE related with smart grid include: Sharing of incidents and good practices Questionnaire on Control System Cyber-Security (aimed at vendors) 2008/2009 Standards and requirements (e.g. WIB Process Control Domain Security Requirements for Vendors (39)) Self Assessment tools (like the one from CPNI UK) Smart Grids (e.g. Smart Grid Conference in Baarn ) Information exchange, technical report, reference manuals EuroSCSIE stands for European SCADA and Control Systems Information Exchange sta.jrc.ec.europa.eu/index.php/competitive-projects-/21-scni/8-escsie

36 Smart Grid Security 33 GEODE Industry association Information sharing DSO Mission/Objectives Founded in 1991, this association represents more than 600 companies in 12 countries, both privately & publicly owned. GEODE defends the interest of the local distributors in front of energy authorities on national and international level and allows the exchange of expertise, the share of data and competence. Comments The mission statement of GEODE is to establish equal opportunity access to European energy infrastrutures for all those involved in serving the customer needs on energy, with the aim to create a truly competitive European energy market. GEODE has created a questionaire where question to stakeholders on issues of energy efficiency, renewable energy sources and energy awareness, and some question about Technical report, questionaire GEODE stands for Groupment Européen des Entreprises et Organismes de Distribution d Energie (European Group of Energy Distribution Companies and Organizations). Mission/Objectives PRIME Alliance Industry association technical DSO, TSO, Manufacturers The PRIME Alliance provides a forum for the creation of an open, single specification and standard for narrowband power line for smart grid products and services. The mission of the Alliance is to accelerate the demand for products and services based on the worldwide standard and promote the broad adoption and use of the specification while promoting multi-vendor interoperability and compatibility with the global standard. The main goals are: To provide a forum for the creation (definition, establishment and support) of an open single specification and standard for

37 34 Smart Grid Security narrowband powerline for SmartGrid products and services; To accelerate the demand for products and services based on the worldwide standard through the sponsorship of the market and user education programs; To encourage and to promote broad and open industry adoption and use of such specification; and To promote PRIME as a global powerline standard and to promote multi-vendor interoperability for markets/equipment and compatibility under the PRIME standard. The PRIME (PoweRline Intelligent Metering Evolution) specification represents a new public, open and non-proprietary telecommunications architecture which will support present and future AMM functionalities and enable the building of the electricity networks of the future, or smart grids. PRIME technology uses Orthogonal Frequency Division Multiplexing (OFDM) in CENELEC A-band. The final target of PRIME is to establish a complete set of international standards which will allow for interoperability among equipment and systems from different manufacturers. Thus, competition in the metering market will benefit consumers. Unlike other commercially available solutions, the components of this new architecture (modulation and coding techniques, protocols, data formats, etc.) will not be subject to any Intellectual Property Right. Thanks to PRIME, specifications of an AMM system will be comprehensive and detailed enough so that any new entrant will be able to provide interoperable solutions to the market. PRIME defines lower OSI layers of a PLC narrowband data transmission system over the electricity grid. The whole system has been designed to be low cost and high performance. The PRIME protocol specifications includes varoius security profiles. The security functionality provides privacy, authentication and data integrity to the MAC layer through a secure connection method and a key management policy. Several security profiles are provided to manage different security needs, which can arise in different network environments. The current version of the specification enumerates two security profiles and leaves scope for adding up to two new security profiles in future versions.

38 Smart Grid Security 35 Comments Protocols, standard, technical report N/A Mission/Objectives DLMS User Association Public Private Partnership Standard DSO, Manufacturers, System provide, Utilities, Public Bodies, Standardisation Bodies The DLMS Use Association is a non-profit organisation, located in Geneva, Switzerland. Its mission is to develop, promote and maintain the DLMS/COSEM specification. It provides an information exchange forum for users, manufacturers and system providers, test houses and standardisation bodies. It also provides a conformance testing and certification scheme for metering equipment implementing the specification. The DLMS UA is formally liased with IEC TC 13 WG 14. DLMS stands for Distribution Line Message Specification. It is an application layer specification, independent of the lower layers and thus of the communication channel, designed to support messaging to and from (energy) distribution devices in a computer-integrated environment. It is an international standards established by IEC TC 57 and published as IEC COSEM stands for COmpanion Specification for Energy Metering. It is an interface model of communicating energy metering equipment, providing a view of the functionality available through the communication interfaces. The modelling uses an object-oriented approach. DLMS/COSEM is used in metering systems for electricity, gas, water and heat. Strong and growing interest from all continents provide a positive feedback on the achievement of the objectives set by the DLMS UA. Some countries have already included DLMS/COSEM in their national regulations. Others are considering it. The DLMS/COSEM specification devotes several sections to privacy, security and non-repudiation of the metering communications. Standard, technical report, protocol

39 36 Smart Grid Security Comments N/A

40 Smart Grid Security 37 3 Belgium Mission/Objectives Comments Smartgrids Flanders Public body R&D, information sharing. All stakeholders Smart Grids Flanders is the driving force behind the deployment of smart grids, not only in Flanders but also abroad. The involvement and participation of members are important, as a good relationship with the government, which determines the rules. The objective of the Smartgirds Flanders is to establish and suppor a multidisciplinary long-term collaboration across sectors between Flemish smart grid operators, in order to develop, maintain and valorize an international competitive advantage by a large group of Flemish companies (commercial breakthroughs) through differentiated support depending on the breakthrough and collaborative potential of the identified smart grid domains. Thematic Groups and seminars bring together participants around different themes, where cyber security is an incipient topic. Besides, SmartGrid Flanders organizes several (network) events every year with international speakers and, in order to increase the know-how about smart grids, they distribute a newsletter about Flemish and European projects and initiatives. Finally, SmartGrid Flanders help its members to find the appropriate test infrastructure for their projects. Projects. Theme groupes and seminars. Events. Newsletters. Blogs. Smart Grids Flanders is continuously seeking for suitable experts to speak.

41 38 Smart Grid Security 4 Denmark Mission/Objectives Second1 - Security concept for DER Project Technical, R&D Manufacturers and Integrators, academia and R&D, security tools and services providers The project objective is to analyze and implement a security concept that can be used in a power system with a high degree of decentralized production and with many actors in an unbundled market. It will also investigate various forms of role based access control (RBAC). Secure communication is becoming increasingly more relevant in an electricity system with great volumes of distributed energy resources (DER). This project aimed to analyse and implement a security concept that can be used in electricity systems with a high degree of local production and with many players. The project analysed the needs for communication between energy operators and matched these needs with a design for secure role based access control. Technical reports. Comments Mar Jul

42 Smart Grid Security 39 5 Germany Mission/Objectives DIN Regular private organisation Policy, standardization All DIN, the German Institute for Standardization, offers stakeholders a platform for the development of standards as a service to industry, the state and society as a whole. A registered non-profit association, DIN has been based in Berlin since DIN's primary task is to work closely with its stakeholders to develop consensus-based standards that meet market requirements. Some 26,000 experts contribute their skills and experience to the standardization process. By agreement with the German Federal Government, DIN is the acknowledged national standards body that represents German interests in European and international standards organizations. Ninety percent of the standards work now carried out by DIN is international in nature. Tasks and objectives of DIN: Ensuring the participation of all stakeholders regardless of their economic position and language skills. Promoting the free movement of goods through active involvement in international and European standardization. Holding the secretariats of international committees. Adopting European and international standards at national level. Maintaining the uniformity and consistency of the standards collection. Actively contributing to consensus building. Taking legal regulations into consideration. Providing an electronic infrastructure for standards development. Avoiding duplication of work. DIN represents Germany s standardization interests as a member of the European Committee for Standardization (CEN). DIN holds almost 30% of all CEN working committee secretariats. DIN has published several papers on Electromobility (40) systems dealing with the security of the managed data, potential threats and

43 40 Smart Grid Security Comments standards to be followed to avoid such problems. Another topic covered by this initiative is the roadmap recommendations for standardization, which provides a series of recommendations on IT security and data protection. Standards, reports Deutsches Institut für Normung or The German Engineering Society Mission/Objectives Comments VGB Industry association Technical, Information sharing Operators VGB was already founded as the federation of the owners of large boilers. During its course of 80 years VGB has set off a range of activities in own companies. These companies are dealing with: Training of power plant personnel. Research activities. The production and distribution of media. VGB represents the German power plant operators in the WANO (World Association of Nuclear Operators). VGB s technical committees on nuclear power plant engineering and operation and nuclear fuel cycle are actively taking part in the world-wide exchange of experience as well as in the analysis of particular events in nuclear power plants. For this purpose, VGB is operating a reporting and evaluation centre (ZMA - Zentrale Melde- und Auswertestelle) to collect, evaluate and forward the occurrences of nuclear power plants. They have made contributions to the security of smart grid by publishing guidelines and instructions sheets, organising forums and training experts. One of the most important results is the VGB R175 guideline on IT security for generating plants (41). Standard, technical reports, good practices, conferences VGB means Verband der Großkraftwerks-Betreiber. As an international technical association for power and heat generation VGB is working - on European level - in close co-operation with EURELECTRIC, the umbrella association of the European

44 Smart Grid Security 41 electricity industry. Within the framework of a memorandum of understanding association agreement between EURELECTRIC and VGB, VGB's professional competence is integrated into the political/strategic work of EURELECTRIC in all questions regarding the generation of power and heat including issues of environmental protection.

45 42 Smart Grid Security 6 Italy Mission/Objectives ASTROM Project Technical R&D ASTROM Project was funded by European Union FP6 programme. The main objectives of this project are: Identification of the boundaries of Control & Data Management Systems (C&DM) in electrical transmission networks. Determination of the properties of C&DM systems of electrical transmission networks, in particular those relevant for resilience assessment. Identification of external threats to C&DM system, such as ICT and physical attacks, and vulnerabilities. Definition of a method and a metric for AoR of C&DM system. The activity will be performed by modeling system behavior. Evaluation of the framework application to an EU context and dissemination activities. The feasibility of policies and recommendations definition will be investigated in details. This project aimed to identify, analyze and evaluate the external threats and vulnerabilities applicable to Control & Data Management System in order to define an innovative methodological framework for the quantitative assessment of the resilience (AoR) of Control & Data Management System (C&DM) in electrical transmission network (ETN) towards external threats. The need for such a methodological framework stems from the fact that, although the resilience of this critical system is becoming more important than just securing it, there are not many frameworks covering this topic in a well structured way. Definition of the architecture, properties, functionalities and Mission requirements of a complex Power System s C&DM that it is coherent with the majority of the SCADA systems built in Europe; Definition of a methodology to assess the resilience of a C&DM system for its external threats (physical and ICT threats) at any level (component, subsystem and system level); Development of a software tool to allow improving the previous topics. Technical Paper, Methodology, Software, ASTROM Final Workshop

46 Smart Grid Security 43 Comments Mar 2009-Mar 2011 ASTROM stands for Assessment of resilience to Treats of control and data Management systems of electrical transmission network

47 44 Smart Grid Security 7 The Netherlands ESNA Asociation Dissemination, technical Manufacturers, DSO, Power Plant, services providers Mission/Objectives ESNA is an association by Dutch law, established in The main objective of ESNA is to bring together and form a platform for all those who in one way or another deal with NES technology in their day to day operations. Comments This initiative promotes the application of advanced energy management systems, including AMR/AMM, based on the NES AMI architecture and its value added chain in order to build and expand the interoperability standard for utility networks. ESNA promotes the change in perspective of the current metering business. ESNA represents its members by being active in standardisation activities across Europe and the rest of the world to promote the use of open interoperable standards for the smart grid and smart metering. This initiative organizes conferences and workshops to share the technical security aspects and the Network Energy Services (NES) in the smart grid value chain, which goes far beyond metering and invoicing only. It also organices events where the international leaders of both EU and USA have a disscussion depth review of current security and landscape surrounding the Global Emergence of the smart grid initiative. ESNA also does monthly abstracts where certain items are related to cybersecurity in smart grid. ESNA represents its members in the most important European organizations such as CEN/CENELEC/ETSI or the Smart Grid Task Force. organising various conferences and workshops ESNA stands for Energy Services Network Association Working Group Privacy and Security of Smart Grids of Netbeheer Nederland Industry association Technical All stakeholders

48 Smart Grid Security 45 Mission/Objectives Comments This initiative is the point of contact for matters affecting the energy market, such as environmental issues, free market performance and security of supply. EnergieNed is the forum in which energy producers consult each other on issues such as the environment and investment conditions, traders consult each other on the functioning of the wholesale market and the integration of European markets, and retailers discuss a wide range of topics varying from stimulation of energy saving to consumer protection. This working group has written several good guides papers and use a clear example is Privacy and Security of the Advanced Metering Infrastructure(42). Information exchange, good practices, technical reports This working group is very active on this topic on a European level. N/A

49 46 Smart Grid Security 8 United Kingdom Mission/Objectives DECC Public Body Standardisation, policy public bodies Department of Energy and Climate Change is a small department of the United Kingdom government. The four key priorities of the department are: Save energy with the Green Deal and support vulnerable consumers: Reduce energy use by households, businesses and the public sector, and help to protect the fuel poor. Deliver secure energy on the way to a low carbon energy future: Reform the energy market to ensure that the UK has a diverse, safe, secure and affordable energy system and incentivise low carbon investment and deployment. Drive ambitious action on climate change at home and abroad: Work for international action to tackle climate change, and work with other government departments to ensure that we meet UK carbon budgets efficiently and effectively. Manage our energy legacy responsibly and cost-effectively: Ensure public safety and value for money in the way we manage our nuclear, coal and other energy liabilities. DECC is divided into many experts groups and task forces. Some of the most important are the following. STEG (Smart Meter Design Security Technical Experts Group): This is an advisory group of technical security specialists formed in November 2010 to provide advice and support to the programme on security issues. The STEG membership includes experts from industry and other sectors such as energy suppliers, trade associations, meter manufacturers, system integrators and telecommunications providers. Government is also represented through the Centre for Protection of National Infrastructure, CESG (National Technical Authority for Information Assurance) and technical security specialists working in the programme team. Consumer representatives were also invited to join. Smart grid policy in the UK: DECC published a vision document, Smarter Grids: the opportunity in December DECC is rolling out Smart electricty and gas meters to all GB homes by UK Smart Grid Cyber Security Report: The Energy Networks

50 Smart Grid Security 47 Comments Association (ENA) published an independent report into smart grid cyber security on 29 June The report commissioned by ENA for DECC considered how government and networks should develop a strategy to secure the future UK electricity infrastructure together. Smart Grids Forum: Identify future challenges for electricity networks and system balancing, including current and potential barriers to efficient deployment of smart grids. Guide the actions that DECC/Ofgem are taking to address future challenges, remove barriers and aid efficient deployment. Identify actions that DECC/Ofgem, the industry or other parties could be taking to facilitate the deployment of smart grids DECC realized a series of security related report, such as Smarter Grids: the opportunity (43) and UK Smart Grid Cyber Security Report (44). N/A DECC stands for Department of Energy and Climate Change

51 48 Smart Grid Security 9 USA Mission/Objectives Comments ANSI International agency Standard Standardisation Bodies ANSI was founded on 1918 by five engineering societies and three government agencies; the Institute remains a private, non-profit membership organization supported by a diverse constituency of private and public sector organizations. ANSI accredits standards that are developed by representatives of standards developing organizations, government agencies, consumer groups, companies, and others. These standards ensure that the characteristics and performance of products are consistent, that people use the same definitions and terms, and that products are tested the same way. ANSI has develop and standard series related to smart grid: Stasndards ANSI C12.18: used for two-way communications with an electricity meter, mostly used in North American markets. ANSI C12.19: This includes encryption, authentication, credential management (through the security tables in Decade4) ANSI C12.22: security and authentication services, combined with the event logger of ANSI C ANSI stands for American National Standard Institute Mission/Objectives NERC Public Private Partnership Standards, Dissemination and Awareness, Technical Manufacturers and Integrators, Security Tools and services providers, Operators, Public bodies, Standardisation bodies NERC was founded in 1968 by the electric utility industry to develop and promote rules and protocols for the reliable operation of the bulk power electric transmission systems of North America.

52 Smart Grid Security 49 The North American Electric Reliability Corporation s (NERC) mission is to ensure the reliability of the North American bulk power system. NERC is the electric reliability organization (ERO) certified by the Federal Energy Regulatory Commission to establish and enforce reliability standards for the bulk-power system. Among other activities, NERC: Works with the industry to develop reliability standards Enforces compliance with those reliability standards and assesses monetary and non-monetary penalties for noncompliance. Assesses future bulk power system reliability via annual summer, winter and 10-year forecasts. Analyzes system events. Promotes a culture of excellence by identifying areas for improvement and Examples of Excellence during regular readiness evaluations. Monitors the status of the bulk power system. Coordinates physical and cyber security needs. Identifies trends and potential reliability issues. Helps the industry train and educate system operators. Certifies system operators. NERC has developed the NERC-CIP Standards, a nine documents series about security and cyber security aspects of the Bulk Electric System in the USA. Two new documents are being developed. Based on these documents, NERC provides specific guidelines and concept papers. This is the case of the Categorization system based on Bulk Electric System Reliability Functions (45). Inside de NERC there are some working groups related to smart grid security such as: NERC SGTF (Smart Grid Task Force)(46): Their work review smart grid characteristics, identifies reliability concerns including cyber-security vulnerability, and provides recommendations to NERC and to the industry. NERC SGWG (Smart Grid Working Group) (47): NERC SGWG is tasked to review existing and new CIPC initiated security guidelines and coordinate their development with electric industry personnel and committees and to promote awareness and application of these guidelines. Technical reports, Regulatory documents

53 50 Smart Grid Security Comments North American Electric Reliability Corporation Mission/Objectives NIST Public body Organizational and Policy, Standards, Dissemination and Awareness, Economic or Financial, Technical Public bodies NIST, an agency of the U.S. Department of Commerce, was founded in 1901 as the nation's first federal physical science research laboratory Its mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST is one of the most important standardisation organizations in the USA. They have developed several standards on ICS security. We highlight the following ones: NIST SP , Guide to Industrial Control Systems (ICS) Security (48). NIST SP , Recommended Security Controls for Federal Information Systems (49). Field Device Protection Profile for SCADA Systems in Medium Robustness Environments. NIST has also defined a security smart grid workgroup to develop an overall cyber security strategy for the smart grid. This overall strategy includes a risk mitigation strategy to ensure interoperability of solutions across different domains/components of the infrastructure. This group has created the following document of interest: NIST IR 7176, System Protection Profile Industrial Control Systems (50). NIST has also defined a security smart grid workgroup to develop an overall cyber security strategy for the smart grid. This overall strategy includes a risk mitigation strategy to ensure interoperability of solutions across different domains/components of the infrastructure. This group has created the following document of interest: NISTIR 7628, Guidelines for Smart Grid Cyber Security (51).

54 Smart Grid Security 51 NIST works together other groups: NIST ASAP-SG(52): The goal of this group is to develop system-level security requirements for smart grid applications such as advanced metering, third-party access for customer usage data, distribution automation, home area networks, synchrophasors, etc. NIST ASAP-SG was responsible for developing AMI Security Profile v2.0 (53) and AMI security implementation Guide (54), documents directly related to smart grid. NIST Smart Grid Federal Advisory Commitee(55): The Committee provides input to NIST on the smart grid standards, priorities and gaps, and on the overall direction, status and health of the smart grid implementation by the smart grid industry including identification of issues and needs. Input to NIST will be used to help guide Smart Grid Interoperability Panel activities and also assist NIST in directing research and standards activities. NIST initiated in 2009 the Smart Grid Interoperability Panel (SGIP) to carry out a variety of tasks related to the development of a smart grid framework for interoperability and cybersecurity standards. It plays a leadership role in facilitating and developing the national policy for the transformation of the power system to the smart grid. The SGIP supports NIST in fulfilling its responsibilities under the 2007 Energy Independence and Security Act The SGIP has several priority-specific committees and working groups. Smart Grid Architecture Committee (SGAC) (56): Maintains a conceptual reference model for the smart grid and develops corresponding high-level architectural principles and requirements. It is responsible for creating and refining a conceptual reference model, including lists of the standards and profiles necessary to implement the vision of the smart grid. It has developed a new reference framwork for the smart grid. Smart Grid Testing and Certification Committee (SGTCC): Creates and maintains the necessary framework for compliance, interoperability and cyber security testing and certification for recommended smart grid standards. Cyber Security Working Group (CSWG) (57): Identifies and analyzes security requirements and develops a risk mitigation strategy to ensure the security and integrity of the smart grid. It was formerly known as the Cyber Security Coordination Task Group (CSCTG) (58). This group has developed the document NIST IR 7628 (51). It was formerly known as the Cyber Security Coordination Task Group

55 52 Smart Grid Security Comments (CSCTG) and was founded by NIST and SGIP organizations. The primary goal of this group is to develop an overall cyber security strategy for the smart grid that includes a risk mitigation strategy to ensure interoperability of solutions across different domains/components of the infrastructure. NIST SGIP/CSWG developed the document NIST IR 7628 (51). Priority Action Plans (PAPs) (59): Currently totaling 16, PAPs address specific standards-related gaps and issues for which resolution is most urgently needed. New PAPs are added as necessary. Domain Expert Working Groups (DEWGs)(60): DEWGs perform analyses and provide expertise in specific application domains. There are seven specific application domains. DEWG is organized by smart grid domains. The six DEWGs are: transmission and distribution, building to grid, industry to grid, home to grid, business and policy, and a cross-cutting cyber security coordination task group. Technical reports, Standards, good practices National Institute for Standards and Technology Mission/Objectives FERC- NARUC smart response collaborative Specialized event Policy and standard Public bodies (Federal and State Regulators (USA)) The mission of the FERC-NARUC Collaborative on Smart Response is to provide a forum for Federal and State Regulators to discuss Smart Grid and Demand Response policies, share best practices and technologies, and address issues that benefit from State and Federal collaboration. Educate Commissioners and staff on Smart Grid and Demand Response in order to promote better Smart Grid and Demand Response regulatory decisions and policy. Promote consistency across State policies and awareness of State and Federal policy; coordinate and harmonize policies and procedures where possible. Promote Federal and State regulatory dialogue and cooperation. Provide a forum for consumer perspective and to shape the Smart Grid and Demand Response value proposition to ensure that the policies benefit consumers.

56 Smart Grid Security 53 Create a forum for communication to and with stakeholderssignaling areas of regulatory interest. Compile research where needed and communicate best practices. Gather updates from other Federal agencies working on related issues. This initiative makes a series of reference guides, providing support for members to have key knowledge about the smart grid. Note that in addition to reference guides also make webinar where one of his themes is the security and privacy. The reference guides in a matter of security are still not published but the volume of privacy is now available. Projects under this collaborative union must explain how the project will address cyber security and must highlight cybersecurity attributes. Technical reports, webinar Comments FERC-NARUC stands for Federal Energy Regulatory Commission - National Association of Regulatory Utility Commissioners Mission/Objectives GridWise alliance Industry association Organization, standards, technical All the stakeholders. Founded in 2003, they have developed into an organization that represents a broad range of the energy supply chain from utilities to large tech companies to academia to venture capitalists to emerging tech companies. This variety of stakeholders gives the Alliance a unique diversity of perspectives which enables interactive dialogue between members. Their main mission its transform the electric grid to archive a sustainable energy future. GridWise alliance works specially on smart grid. They have been created a cyber security division to study the problems of US grid. The five key principles endorsed by the Alliance for cyber security are: 1. Involve all stakeholders and take full advantage of and be aligned with existing recognized processes and work.

57 54 Smart Grid Security Comments 2. Utilize a comprehensive risk management approach. 3. Provide clarity to all stakeholders. 4. Construct a cyber security framework that is focused specifically for electric grid applications. 5. Create and adopt uniform verification and test procedures for standards and guidelines. Technical reports N/A Mission/Objectives Comments NEMA Standards Standards, dissemination and awareness Manufacturers National Electrical Manufacturers Association (NEMA)(61) was founded on 1926 and it is the trade association of choice for the electrical manufacturing industry. NEMA promotes the competitiveness of the U.S. electrical product industry through the development of standards, advocacy in federal and state legislatures and executive agencies, and the collection and analysis of economic data. NEMA members are leading the way in smart grid technologies by encouraging investment in the national electricity grid and developing new product standards. The NEMA s objectives for Cyber Security in smart grid are twofold: the risk to business operations from security breaches the risk to product development and marketing as the federal government adopts preventive measures. The NEMA member companies agree that first and foremost, security must be part of the design consideration for any smart grid component (and its corresponding interactions with other grid elements) from its inception (62). Technical reports, Standards and policies NEMA stands for National Electrical Manufacturers Association

58 Smart Grid Security 55 Mission/Objectives NESCOR - Annual Conference & workshops Specialized event Dissemination and Awareness, training and education All stakeholders Its primary purpose is to: Bring together a broad spectrum of industry stakeholders to meet face to face with the EPRI led National Electric Sector Cyber Security Organization Resources team to discuss the critical cyber security and data privacy issues facing the electric sector Share the research results already achieved by the three technical working groups of the National Electric Sector Cyber Security Organization Resources with the industry Review the 12-month project plan for the National Electric Sector Cyber Security Organization Resources in each of the three technical working groups to make changes, modifications, and additions with input from the industry participants Accelerate the technical deliberations of the three working groups by having focused round table exercises in the breakout sessions between the National Electric Sector Cyber Security Organization Resource team and the industry participants Provide DoE a written report on the key findings from the Summit including the 12-month National Electric Sector Cyber Security Organization Resources project plan NESCOR have defined three technical working groups to do their jobs: Cyber security Requirements & Standards Assessment Group Cyber security Technologies Testing & Validation Group Threat & Vulnerability Assessment & Mitigation The three Working Groups will focus their R&D efforts in Year 1 on securing the following 6 critical grid functions end-to-end: 1. Advanced Metering Infrastructure 2. Demand Response 3. Electric Transportation 4. Distributed Energy Resources

59 56 Smart Grid Security Comments 5. Distribution Grid Management 6. Wide Area Monitoring, Protection & Control Annual conference and workshops, Advisories, Technical reports(63) National Electric Sector Cyber Security Organization Resources Mission/Objectives Comments TIA Industrial association Policy, standard, dissemination and awareness Manufacturers, security tools and services providers Telecommunications Industry Association (TIA) was formally formed in April 1988 after a merger of USTSA and the Information and Telecommunications Technologies Group of EIA The Telecommunications Industry Association is the leading trade association representing the global informationand communications technology (ICT) industries through : Standards Development Government Affairs Market Intelligence TR-51 Smart Utility Networks Standards Working Group develops and maintains air-interface, network, and conformance standards in support of Smart Utility Networks. The committee will focus on airinterface and network standards with wireless mesh network topology, optimized for Smart Utility Network applications. TR-51 liaises with other TIA committees, international and national standards bodies, and other appropriate organizations, as required, to avoid duplication of work and to foster collaboration among organizations addressing various aspects of smart device communication networks. TR45.5 has been participating in the Smart Grid Interoperability Panel s (SGIP) Priority Action 2 (Wireless Technologies for Smart Grid) since early 2010, which is in charge of doing a new standard. Standard Telecommunications Industry Association

60 Smart Grid Security 57

61 58 Smart Grid Security 10 International Mission/Objectives Comments CIGRE, Study Commitees B5 and D2 Industry association Organizational and Policy, Standards, Economic or Financial, Technical, Information sharing Manufacturer or Integrator, DSO, TSO, Academia and R&D CIGRE (International Council on Large Electric Systems) is a permanent international, non government, non-profit-making Association, founded in France, in Its aim is to develop and distribute technical knowledge in the field of the generation and transmission of high voltage electricity. CIGRE deals with all the main themes of the field of electricity, i.e. organisation of utilities, development and adaptation of grids, optimisation of maintenance and life expectancy of electrical equipment, as well as the analysis of the impact on the environment, etc. Study Committee B5 (SC B5) mission is to facilitate and promote the progress of engineering and the international exchange of information and knowledge in the field of protection and automation and also to add value to this information and knowledge by means of synthesising state-of-the-art practices and developing recommendations. Study committee B5 covers principles, design, applications, coordination, performance and asset management of system protection, substation control and automation, remote control systems and equipment and metering systems. Study Committee D2 (SC D2) covers the specification, design, engineering, performance, operation, maintenance, economic and management aspects of the Information and the Telecommunication systems in the EPI both for operational and business activities, as well as the different devices, media and networks to support all that services: speech, data, video, internet, specialised signalling for teleprotection, SCADA, EMS, DSM. It also covers security aspects of related Information Systems and Telecommunications. The results are published as technical reports and summarised in the bi-monthly CIGRE journal, ELECTRA. Some of its articles are related to security in ICS environments. i.e.: The Impact of Implementing Cyber Security Requirements using IEC (2). Technical Reports International Council on Large Electric Systems

62 Smart Grid Security 59 Mission/Objectives ITU, ITU-T FG on Smart Grid Public Private Partnership Policy, standards, technical All stakeholders ITU (International Telecommunication Union) is the United Nations specialized agency for information and communication technologies. In February 2010, the Telecommunication Standardization sector of the ITU, ITU-T, established a Focus Group on Smart Grids (FG Smart). The Focus Group aims to: Identify potential impacts on standards development. Investigate future ITU-T study items and related actions. Familiarize ITU-T and standardization communities with emerging attributes of smart grid. Encourage collaboration between ITU-T and smart grid communities. The objective of this group is to collect and document ideas that would be helpful for developing recommendations to support the smart grid from a telecommunication/ict perspective. To achieve this objective, the Focus Group: Updates living list of standards bodies, forums, and consortia dealing with smart grid. Collects visions and value propositions for the smart grid. Provide terminology and taxonomy necessary to support smart grid. Analyzes communication networking requirement functions and capabilities to support smart grid. Gathers new ideas relevant to and identify potential study areas to support smart grid. Identifies use cases of smart grid that can be used to derive communication network requirements. Suggests future itu-t study items and related actions. Identifies potential impacts on standards development. The Focus Group interacts with the various research activities in order to familiarize ITU-T and standardization communities with the emerging attributes of smart grid. FG on Smart Grid identifies security and privacy issues that might impact standards development. To this regard they have been

63 60 Smart Grid Security working on a deliverable which analyses communications networking requirement functions and capabilities to support smart grid, including security and reliability aspects. Technical Reports, standards, good practices. Comments Focus Group on Smart Grid concluded in Decemer Mission/Objectives IEC, TC 8, TC 57 and JTC1/SC27 International agency Standards, Technical Standardization bodies The International Electrotechnical Commission (IEC) is the world s leading organization that prepares and publishes International Standards for all electrical, electronic and related technologies. IEC provides a platform to companies, industries and governments for meeting, discussing and developing the International Standards they require. All IEC International Standards are fully consensus-based and represent the needs of key stakeholders of every nation participating in IEC work. Every member country, no matter how large or small, has one vote and a say in what goes into an IEC International Standard. The IEC develops a lot of standards and technical reports, alone or in collaboration with other organizations like ISO, on security and other technical aspects. IEC has several groups working for the implementation of security measures in ICS and smart grid environments. The following points highlight the most important ones: IEC TC 8 prepares and coordinates, in cooperation with other TC/SCs, the development of international standards and other deliverables with emphasis on overall system aspects of electricity supply systems and acceptable balance between cost and quality for the users of electrical energy. Electricity supply system encompasses transmission and distribution networks and connected user installations (generators and loads) with their network interfaces. IEC TC 57 develops and maintains international standards for power systems control equipment and systems including EMS (Energy Management Systems), SCADA (Supervisory Control And Data Acquisition), distribution automation,

64 Smart Grid Security 61 Comments teleprotection, and associated information exchange for realtime and non-real-time information, used in the planning, operation and maintenance of power systems. On the other hand, the Joint Technical Committee ISO/IEC JTC 1 of ISO and IEC is a standardization committee which main objective is the creation of standards for general methods and techniques in the area of information security. IEC TC 8 WG AHG 4 works in smart grid requirements including electrical system reliability (e.g. system security), as well as in communication security, metering, etc. IEC TC 57 WG 15 undertakes the development of standards for security of the communication protocols defined by the IEC TC57, specifically the IEC series, the IEC series, the IEC series, the IEC series, and the IEC series. ISO/IEC JTC1/SC27 includes the development of standards for the protection of information and ICT, including generic methods, techniques and guidelines to address both security and privacy aspects. Some of the most relevant documents on ICS security of IEC are: IEC series, Data and communication security (3),(4), (5),(6),(7),(8) and(9). IEC 62210, Power system control and associated communications. Data and communication security (10). Standards, technical reports IEC stands for International Electrotechnical Commission Mission/Objectives IEEE, WGC1, WGC6, E and other Professional association Standards All stakeholders IEEE is the world s largest professional association dedicated to advancing technological innovation and excellence for the benefit of humanity. IEEE and its members inspire a global community through IEEE's highly cited publications, conferences, technology standards, and professional and educational activities. In this way, the IEEE develops standards and technical reports on security and other technical-related aspects.

65 62 Smart Grid Security Comments The IEEE is divided into several technical committees. One of the most important is the standardization technical committee. This Committee includes several work groups that are devoted to defining security measures for ICS and smartggrid environments. Some of the most important workgroups are: IEEE WGC1 - Application of Computer-Based Systems: This group has been responsible for the document IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities Active Standard (11). IEEE WGC6 - Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links: This group has been in charge of the document IEEE Trial-Use Standards for a Cryptographic Protocol for Cyber Security of Substation Serial Links (12). IEEE E Physical Security of Electric Power Substations: Responsible for the treatment of all matters related to the secure operation of electrical substations with respect to outside intrusions into the substation. This group has developed the document IEEE Guide for Electric Power Substation Physical and Electronic Security (13). Another technical committee which makes studies on security is the IEEE Power & Energy Society (14) who is responsible for Smart Grid Forum(15). It is worth highlighting workgroup IEES PSACE CAMS (Power System Analysis, Computing, and Economics) (Computing and Analytical Methods Subcommittee). The focus of the workgroup is the cyber security of electric power infrastructures (16). Standards, technical reports, conferences, educational and training activities IEEE stands for Institute of Electrical and Electronics Engineers Mission/Objectives ISA, ISA99 and ISA67 Professional association Dissemination and awareness, standards, and education and training All Stakeholders The International Society of Automation (ISA) is a leading, global, non-profit organization that is setting the standard for automation by helping over 30,000 worldwide members and other professionals solve difficult technical problems, while enhancing their leadership

66 Smart Grid Security 63 Comments and personal career capabilities. ISA s mission is to become the standard for automation globally by certifying industry professionals; providing education and training; publishing books and technical articles; hosting conferences and exhibitions for automation professionals; and developing standards for industry. Some of the ISA objectives are to develop and establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure industrial automation and control systems and security practices and assessing electronic security performance. The ISA is involved in the development of standards and technical reports about ICS security and. The purpose of the ISA99 committee is to develop and establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure industrial automation and control systems and security practices and assessing electronic security performance, such as ISA99 standard (17) series. The ISA67 16WG5 is in charge of organizing the cyber security for the nuclear power industry (18). Standards, technical reports, good practices, events It is not necessary to be a member of ISA in order to be a member of an ISA committee. Mission/Objectives UCA International Users Group Industry association Organizational and Policy, Standards, Information sharing. Manufacturers, Integrators, Security tools and services providers, Operators. The UCA International Users Group is a not-for-profit corporation focused on assisting users and vendors in the deployment of standards for real-time applications for several industries with related requirements. The Users Group does not write standards, however works closely with those bodies that have primary responsibility for the completion of standards (notably IEC TC 57: Power Systems Management and Associated Information Exchange). The UCAIug as well as its member groups (CIMug, Open Smart Grid,

67 64 Smart Grid Security and IEC 61850) draws its membership from utility user and supplier companies. The mission of the UCA International Users Group is to enable integration through the deployment of open standards by providing a forum in which the various stakeholders in the energy and utility industry can work cooperatively together as members of a common organization to: Influence, select, and/or endorse open and public standards appropriate to the energy and utility market based upon the needs of the membership. Specify, develop and/or accredit product/system-testing programs that facilitate the field interoperability of products and systems based upon these standards. Implement educational and promotional activities that increase awareness and deployment of these standards in the energy and utility industry. Influence and promote the adoption of standards and technologies specific to the ever-increasing smart grid initiatives worldwide. UCAIug works in security and in other aspects through its member groups. For instance, the Open Smart Grid sub-technical committee is responsible for developing security guidelines, recommendations, and good practices for AMI system elements. This group fosters enhanced functionality, lower costs and speed market adoption of Advanced Metering networks and Demand Response solutions through the development of an open standards-based information/data model, reference design & interoperability guidelines. There are several task forces inside the UCA Ineternational Users Group dealing to some extent with the security of smart grid componentes and architectures. These are the following: Usability Analysis Task Force CyberSec-Interop Task Force AMI-SEC Task Force Embedded Systems Security Task Force Among them, the AMI-SEC Task Force is the most directly related to smart grid cyber security aspects. This task force was established August 2007 to develop consistent security guidelines, recommendations, and best practices for AMI system elements as well as on design specifications. Moreover it tries to support vendors to produce compliant and compatible security technologies. It also provides a focus point for industry discussions on security aspects related to AMI.

68 Smart Grid Security 65 Comments Open Smart Grid subcommittee have four Working Groups. SG Security is the charged on provide and study the security on the smart grid. Standards, guidelines. N/A Mission/Objectives Comments Zigbee Alliance Industry association Standard, Technical All stakeholders The ZigBee Alliance is a non-profit industry consortium of leading semiconductor manufacturers, technology providers, OEMs and endusers worldwide. Members aim at defining a global specification for interoperable, cost-effective, low-power wireless applications based on the IEEE standard. Current membership is about 200 and includes both heavyweights (such as Siemens and Texas Instruments) and small start-ups. The goal of the ZigBee Alliance is to create an open specification defining mesh and tree network topologies with interoperable application profiles for wireless control systems. Its focus is clearly on standards-based, low-cost, low-power, and low-data rates applications. Means to certify products are also within the scope of the ZigBee Alliance. Zigbee is envisioned as a promising technology in home automation, due to the technical characteristics that differentiate it from other technologies: Its low power consumption. Its mesh network topology. Easy integration (nodes can be manufactured with very little electronics). Zigbee Alliance is working on a communication method based on wireless technology. Low cost and low power have done Zigbee an ideal protocol in industrial automation. The Zigbee Alliance works on the definition of the security mechanism implemented in the protocol definition. Standards, technical Report N/A

69 66 Smart Grid Security

70 Smart Grid Security Other web 2.0 initiatives Mission/Objectives Comments Smart Grid Network Online resource (Social Network) Information sharing, dissemination and awareness, training and education Manufacturer or Integrator, Security tools and services Provider, DSO, TSO, Retail Energy Provider The goal of Smart Grid Network is to accelerate the pace of smart grid deployment by promoting dialog and information exchange among stakeholders and connecting interested consumers with solution providers. The site helps consumers understand how a smarter grid can empower them to better manage their energy usage and identify trusted solution providers. Solution providers, big companies and small start-ups alike, will be able to get the message out about their innovative solutions to interested customers around the globe. Smart Grid Network has two components; information from authorized content providers on smart grid initiatives in a state or country and a Facebook-style social network allowing: Consumers, solution providers and enablers to communicate on issues of interest. Individuals to develop a network of trusted advisors for identifying and selecting smart grid solutions. Countries, states, and communities to highlight smart grid projects and attract best of class solutions suitable for their local requirements. Utilities to learn about their customers needs, expectations and demands; and inform customers of new offerings. Universities and research centres to highlight ongoing smart grid research and education programs. Solutions providers to advertise their products and services. Smart Grid Network, Inc. launched this site on October 18, 2011, with a pilot test for Illinois (US) and is now expanding to other states and countries. This site provides information on security and privacy related issues affecting the smart grid. Articles and discussions Social network project

71 68 Smart Grid Security Mission/Objectives Comments Smart grid security Online Resource Technical All stakeholders The Smart Grid Security group is intended to facilitate the exchange and discussion of ideas and concepts around the implementation of smart applications and communications technology within the electric power system. All exposed in Mission/Objectives N/A N/A &trk=anet_ug_hm&goback=.gdr_ _1 Mission/Objectives Smart Grid Cyber Security (Exclusive Forum & Networking Group) Online Resource Technical DSO, TSO, Security tools and services Provider The Smart Grid Cyber Security group is an exclusive memberscommunity, that s brings together professionals from across the International Smart Grid/Utilities sector involved with Cyber and Critical Infrastructure security. This community extends to both those security professionals from within the Utilities Sector and their IT security partners and vendors. The objective of this group is to create a forum for its members to discuss, share ideas, best practices, trends, strategies and create a common community voice to further understand the dynamics surrounding the global emergence of smart grid initiative and its security risks. All exposed in Mission/Objectives Forum

72 Smart Grid Security 69 Comments N/A &trk=anet_ug_hm&goback=.gdr_ _1 Mission/Objectives Comments Energy Sector, Smart Grid, and Smart Meter Security Online Resource Technical All stakeholders The Smart Grid initiative is perhaps the single largest worldwide technological project mankind will ever witness. The design, implementation, and maintenance of a secure system will be of paramount importance in assuring success. All exposed in Mission/Objectives N/A It is mainly a discussion forum, where experts hare their opinion on trending topics regarding cyber security &trk=anet_ug_grppro Mission/Objectives European Smart-Grid Cyber-Security Forum Online Resource Technical N/A The European Smart-Grid Cyber-Security Forum aims to provide a much needed professional and open space for discussions, knowledge sharing, innovation and ideas around Cyber-Security aspects for Smart-Grids and Smart-Grid projects in Europe. It intends to attract knowledge and expertise from anyone who has an insight and experience in this exciting new industry. All credible candidates are welcome to join and participate, either individuals or organisations such as smart-energy/grid equipment manufacturers, research organisations, consultancies, systems integrators, security advisories, national regulatory bodies, telecoms

73 70 Smart Grid Security Comments providers, etc. The ultimate objective being to foster and provide a centre of excellence, collective balanced guidance and direction to all countries and projects in Europe embarking on or already on their journey towards Smart-Grids. All exposed in Mission/Objectives N/A N/A &trk=anet_ug_grppro

74 Smart Grid Security Bibliography 1. European Network and Informations Security Agency (ENISA). Protecting Industrial Control Systems - Recommendations for Europe and Member States CIGRÉ. The Impact of Implementing Cyber Security Requirements using IEC s.l. : CIGRE Publication 427, International Electrotechnical Commission (IEC). IEC TS : Power systems management and associated information exchange Data and communications security. Part 1: Communication network and system security Introduction to security issues. International Electrotechnical Commission IEC TS : Power systems management and associated information exchange Data and communications security Part 2: Glossary of terms. International Electrotechnical Commission IEC TS : Power systems management and associated information exchange Data and communications security Part 3: Communication network and system security Profiles including TCP/IP. International Electrotechnical Commission IEC TS : Power systems management and associated information exchange Data and communications security Part 4: Profiles including MMS. International Electrotechnical Commission IEC TS : Power systems management and associated information exchange Data and communications security Part 5: Security for IEC and derivatives. International Electrotechnical Commission IEC TS : Power systems management and associated information exchange Data and communications security Part 6: Security for IEC International Electrotechnical Commission IEC TS : Power systems management and associated information exchange Data and communications security. Part 7: Network and system management (NSM) data object models. International Electrotechnical Commission IEC TR 62210: Power system control and associated communications Data and communication security Institute of Electrical and Electronics Engineers (IEEE). WGC1 - Application of Computer- Based Systems. s.l. : WGC6 - Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links. s.l. : E Physical Security of Electric Power Substations. s.l. : IEEE Power & Energy Society. [Online]

75 72 Smart Grid Security 15.. IEEE-PES Smart Grid Forum. [Online] tp:// IEEE PES Computer and Analytical Methods SubCommittee. [Online] International Society of Automation (ISA). ISA99 Committee - Home. [Online] Wiki/Home.aspx LISTSERV ISA67-16WG5. [Online] Commission of the European communities. Communication from the commission to the European parliament. Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience European Commision. M/441:. : s.n., CEN/CENELEC/ETSI. CEN/CLC/ETSI/TR Functional reference architecture for communications in smart metering systems. s.l. : ftp://ftp.cen.eu/cen/sectors/list/measurement/smartmeters/cenclcetsi_tr50572.pdf, Commission of the European communities. Communication from the commission to the European parliament, the European economic and social commitee and the commitee of the regions. Achievements and next steps: towards global cyber-security. COM(2011) Communication from the commission to the european parliament, the council, the european economic and social committee and the committee of the regions. COM(2011) 202 final DG-INFSO Expert Group on the security and resilience of Communication networks and Information systems for Smart Grids. Programme of Work. s.l. : Task Force Smart Grids. Expert group 2. Regulatory recommendations for data safety, data handling and data protection. s.l. : Elvire. [Online] CORDIS Services. AFTER. [Online] = The OPEN meter Consortium. Open Meter. [Online] Aretmis. Internet of Energy. [Online]

76 Smart Grid Security O.Vermesan, R.Zafalon, K.Kriegel, R.Mock, R.John, M.Ottella, P.Perlo. Internet Of Energy pag:33. Advance Microsystems for Automotive Applications [Online] y+%e2%80%93+connecting+energy+anywhere+anytime&source=bl&ots=klfxhwqyea&sig=y DjZYgFqAevFtfWL6tuFqJxIKOo&hl=es&sa=X&ei=arVdT6mDIuem0AW9v9zWDQ&ved=0CIUBEO gbmay#v=onepage&q=int. 31. European Technology Platform SmartGrids. Strategic research agenda for Europe s electricity networks of the future. s.l. : European Commission. Directorate-General for Energy. Standardization Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deployment. M/490. s.l. : pdf. 33. Commission of the European communities. Commission staff working document definition, expected services, functionalities and benefits of smart grids SEC(2011) ENTSOE. WG European operational standards. [Online] ENTSOE Working Group System Protection. [Online] WG Electronic Highway. [Online] ESMIG. External Activities, ESMIG. [Online] EUROELECTRIC. 10 Steps to Smart Grid. [Online] International Instruments Users' Association (WIB). Process control domain - Security requirements for vendors. EWE (EI, WIB, EXERA) VGB. VGB-R.175 IT-Sicherheit für Erzeugungsanlagen. s.l. : DIN. Electromobility. [Online] eid= &projid= &level=tpl-projdetailansicht&committeeid= &languageid=en. 42. Netbeheer Nederland. Privacy and Security Advance Metering Infraestructure. Apendix A. s.l. : %20PS%20M%20StakeholderAnalysis.pdf, 2010.

77 74 Smart Grid Security 43. DECC. Smarter Grids: The Opportunity. s.l. : tricitynetworks/1_ _e_@@_smartergridsopportunity.pdf, KEMA and ENA. UK Smart Grid Cyber Security Report. [Online] Smart Grid Cyber Security Report.pdf. 45. North American Electric Reliability Corporation (NERC). Categorizing Cyber Systems. An Approach Based on BES Reliability Functions. Cyber Security Standards Drafting Team for Project Cyber Security Order SGTF. Smart Grid Task Force. [Online] SGWG. Smart Grid Working Groups. [Online] National Institute of Standards and Technology (NIST). NIST SP : Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology NIST SP : Information Security. National Institute of Standards and Technology NISTIR 7176: System Protection Profile - Industrial Control Systems. Decisive Analytics NISTIR 7628: Guidelines for Smart Grid Cyber Security. Smart Grid Interoperability Panel Cyber Security Working Group (SGIP CSWG) ASAP-SG. Advanced Security Acceleration Project for the Smart Grid. [Online] The AMI-SEC Task Force (UCAIug) and The NIST Cyber Security Coordination Task Group. SECURITY PROFILE FOR ADVANCED METERING INFRASTRUCTURE AMI-SEC-ASAP. AMI Security Implementation Guide National Institute of Standards and Technology (NIST). NIST Smart Grid Federal Advisory Commitee. [Online] Smart Grid Architecture Committee. Smart Grid Architecture Committee. [Online] Cyber Security Working Group. Cyber Security Working Group. [Online] Smart Grid Interoperability Panel (SGIP). SGIP Cyber Security Working Group (SGIP CSWG). [Online] NIST SGIP. Priority Action Plans. [Online]

78 Smart Grid Security Domain Expert Working Groups. [Online] NEMA. National Electrical Manufacturers Association. Position Statement on Cyber Security. s.l. : National Electrical Manufacturers Association (NEMA). Position Statement on Cyber Security. s.l. : EPRI. EPRI Progress Report. [Online] Zwan, Erwin van der. Security of Industrial Control Systems, What to Look For Zhang, Zhen. Smart Grid in America and Europe: Similar Desires, Different Approaches (Part 2) Smart Grid in America and Europe: Similar Desires, Different Approaches (Part 1) Yin Hong, Chang. Cyber Security of a Smart Grid: Vulnerability Assessment. s.l. : West, Andrew. SCADA Communication protocols. [Online] pdfs/scada PROTOCOLS.pdf. 69. Weiss, Joseph. Protecting Industrial Control Systems from Electronic Threats. s.l. : Momentum Press, Tsang, Rose. Cyberthreats, Vulnerabilities and Attacks on SCADA networks Theriault, Marlene and Heney, William. Oracle Security. First Edition. s.l. : O'Reilly, p Syngres, Eric Knapp. Industrial Network Security. Securing critical infrastructure Networks for Smart Grid, SCADA and other Industrial Control Systems Suter, Manuel and Brunner, Elgin M. International CIIP Handbook 2008 / Stouffer, K. A., Falco, J. A. and Scarfone, K. A. Guide to Industrial Control Systems (ICS) Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC). s.l. : National Institute of Standards and Technology, Snyder, Mike. Smart Grid Synergy. [Online] Smith, Steven S. The SCADA Security Challenge: The Race Is On

79 76 Smart Grid Security 77. Identifying, understanding, and analyzing Critical Infrastructure Interdependencies. Rinaldi, Steven M., Peerenboom, James P. and Kelly, Terrence K. 2001, IEEE Control Systems Magazine. 78. Mo, Yilin, et al. Cyber Physical Security of a Smart Grid Infrastructure. s.l. : Masica, Ken. Securing WLANs using i. Draft. Recommended Practice Recommended Practices Guide For Securing ZigBee Wireless Networks in Process Control System Environments Lewis, Adam. ERN-CIP: European reference network for critical infrastructure protection. [Online] Lenzini, G., Oostdijk, M. and Teeuw, W. Trust, Security, and Privacy for the Advanced Metering Infrastructure. s.l. : Kwasinski, A. Implication of Smart-Grids development for communication systems in normal operation and during disasters Jeff Trandahl, Clerk. USA Patriot Act (H.R. 3162). [Online] International Organization for Standardization (ISO), International Electrotechnical Commission (IEC). Information technology Security techniques Code of practice for information security management. International Organization for Standardization, International Electrotechnical Commission Huntington, Guy. NERC CIP s and identity management. Huntington Ventures Ltd Holstein, Dennis Cease, Li, Haiyu L and Meneses, Albertin,. The Impact of Implementing Cyber Security Requirements using IEC Holstein, Dennis K. P1711 The state of closure. s.l. : PES/PSSC Working Group C6, Hayden, Ernie. There is No SMART in Smart Grid Without Secure and Reliable Communications. s.l. : Hart, D.G. Using AMI torealize the Smart Grid. En Powerand energy society general meeting -Conversion and delivery of electrical energy in the 21st Century. s.l. : IEEE 2008, Green, Brian D., Cote, J. R. and Simmins, John. Smartgridinformation.info. [Online] [Cited: ] Gorman, Siobhan. Electricity Grid in U.S. Penetrated By Spies. 93. Goméz, J. Antonio. III Curso de verano AMETIC-UPM 2011 hacia un mundo digital: las e- TIC motor de los cambios sociales, económicos y culturales Glöckler, Oszvald. IAEA Coordinated Research Project (CRP) on Cybersecurity of Digital I&C Systems in NPPs. [Online] 2011.

80 Smart Grid Security 77 NPPIC/Day-3.Thursday/TWG-CyberSec-O.Glockler-2011.pdf. 95. Giordano, Vincenzo, et al. Smart Grid projects in Europe: lessons learned and current developments Ginter, Andrew. An Analysis of Whitelisting Security Solutions and Their Applicability in Control Systems Flick, Tony and Morehouse, Justin. Securing the Smart Grid. Next Generation Power Grid Security Fan, Jiyuan and Zhang, Xiaoling. Feeder Automation within the Scope of Substation Automation. [Online] 10 31, [Cited: 12 29, 2011.] Fan, Jiyuan, du Toit, Willem and Backschneider, Paul. Distribution Substation Automation in Smart Grid Falliere, Nicolas, Murchu, Liam O and Chien, Eric. W32.Stuxnet Dossier. Symantec Ericsson, Göran. Managing Information Security in an Electric Utility. Cigré Joint Working Group (JWG) D2/B3/C Ebinger, Charles and Massy, Kevin. Software and hard targets: enhancing Smart Grid cyber security in the age of information warfare. s.l. : grid_ebinger.pdf, Díaz Andrade, Carlos Andrés and Hernandez, Juan Carlos. Smart grid: Las TICs y la modernización de las redes de energía eléctrica Estado del arte Davis, Mike. SmartGrid Device Security. Adventures in a new medium. s.l. : SLIDES.pdf, Conant, Rob. Toward a Global Smart Grid - The U.S. vs. Europe. [Online] engineering-td/volume-15/issue_5/features/toward_a_global_smart_grid_- _The_US_vs_Europe.html Toward a Global Smart Grid - The U.S. vs. Europe. [Online] engineering-td/volume-15/issue_5/features/toward_a_global_smart_grid_- _The_US_vs_Europe.html Coll-Mayor, Debora. Overview of strategies and goals. [Online] & Goals of Smartgrid in Europe.pdf.

81 78 Smart Grid Security 108. Cleveland, Frances. White Paper: Cyber Security Issues for the Smart Grid. s.l. : Clemente, Jude. The Security Vulnerabilities of Smart Grid. s.l. : Chebbo, Maher. Recommendations of the SmartGrid ICT consultation Group to the European Commision Carpenter, Matthew and Wright, Joshua. Advanced metering infrastructure attack methodology Brodsy, Jacob and McConnell, Anthony. Jamming and Interference Induced Denial-of- Service Attacks on IEEE Based Wireless Networks Boyer, Stuart A. SCADA: Supervisory Control and Data Acquisition. Iliad Development Inc., ISA SCADA Supervisory and Data Acquisition Berkeley III, Alfred R. and Wallace, Mike. A Framework for Establishing Critical Infrastructure Resilience Goals. Final Report and Recommendations by the Council. s.l. : National Infrastructure Advisory Council, Bartels, Guido. Combating Smart Grid Vulnerabilities. s.l. : Bailey, David and Wright, Edwin. Practical SCADA for Industry. s.l. : Newnes, Asad, Mohammad. Challenges of SCADA. [Online] Anderson, Roger N., et al. Computer-Aided Lean Management for the Energy Industry Amin, Saurabh, Sastry, Shankar and Cárdenas, Alvaro A. Research Challenges for the Security of Control Systems Amin, S. Massoud. Smart Grid: Overview, Issues and Opportunities. Advances and Challenges in Sensing, Modeling, Simulation, Optimization and Control. s.l. : Abbott, Ralph E. The Successful AMI Marriage: When Water AMR and Electric AMI Converge. [Online]

82 Smart Grid Security ZigBee. ZigBee Home Automation Overview. [Online] International Federation of Automatic Control (IFAC). Working Group 3: Intelligent Monitoring, Control and Security of Critical Infrastructure Systems IFAC TC Websites. [Online] decentralized-control-of-large-scale-systems WirelessHART. WirelessHART. [Online] Web application Security Consortium. Web Application Firewall Evaluation Criteria. [Online] Application Firewall Evaluation Criteria VIKING Project. Vital Infrastructure, Networks, Information and Control Systems Management. [Online] VDI/VDE. VDI/VDE 2182: IT security for industrial automation United States Computer Emergency Readiness Team (US-CERT). US-CERT: United States Compueter Emergency readiness Team. [Online] Institute of Electrical and Electronics Engineers (IEEE). Transmission & Distribution Exposition & Conference 2008 IEEE PES : powering toward the future. Institute of Electrical and Electronics Engineers Pacific Northwest National Labortory, U.S. Department of Energy. The Role of Synchronized Wide Area Measurements for Electric Power Grid Operations EURELECTRIC Networks Committee. The Role of Distribution System. Operators (DSOs) as Information Hubs The 451 Group. The adversary: APTs and adaptive persistent adversaries SANS. The 2011 Asia Pacific SCADA and Process Control Summit - Event-At-A-Glance. [Online] International Energy Agency (IEA). Technology Roadmap. Smart Grids. France : OCDE/IEA, EPRI. Technical and System Requirements for Advanced Distribution Automation International Federation of Automatic Control (IFAC). TC 6.3. Power Plants and Power Systems IFAC TC Websites. [Online] TC 3.1. Computers for Control IFAC TC Websites. [Online] ESCoRTS Project. Survey on existing methods, guidelines and procedures CEN/CENELEC/ETSI Joint Working Group. Standards for Smart Grids

83 80 Smart Grid Security 141. Smart Substations. Smart Substations:Desing, Operations and Maintenance. [Online] EnergieNed. Smart Meter Requirements. Dutch Smart Meter specification and tender dossier. s.l. : %20%20v2.1%20final%20Main.pdf, European Commision. Energy. Smart Grids Task force. [Online] U.S. Department of Energy. Smart Grid System Report Industrial Defender. Smart Grid Safety vs Confidentiality. s.l. : Enerweb. Smart grid Information Report. s.l. : IEEE Smart grid. Smart Grid Conceptual Model. [Online] Sonoma innovation. Smart Grid Communications Architectural Framework EU Commission Task Force for Smart Grids. Expert Group 4. Smart Grid aspects related to Gas European Commision. Smart electricity Systems. European CommisionJoint Research Centre. [Online] Siemens. Smart Distribution. Distribution Automation and Protection. [Online] [Cited: ] The Climate Group. smart 2020: enabling the low carbon economy in the information age. [Online] Treehugger. SMART 2020 Report: Smart Grids Can Cut CO2 Emissions by 15 Percent. [Online] smart Smart [Online] ESCoRTS Project. Security of Control and Real Time Systems. [Online] ABB. Security in the smart grid. s.l. : $file/paper_security+in+the+smart+grid+%28sept+09%29_docnum.pdf, American Petroleum Institute (API) energy. Security Guidelines for the Petroleum Industry. American Petroleum Institute

84 Smart Grid Security Technical Support Working Group (TSWG). Securing Your SCADA and Industrial Control Systems. Departmet of Homeland Security Rijksoverheid. Scenario's Nationale Risicobeoordeling 2008/2009. [Online] SANS. SCADA Security Advanced Training. [Online] Water Sector Coordinating Council Cyber Security Working Group. Roadmap to Secure Control Systems in the Water Sector RISI. Repository of Industrial Security Incidents. [Online] United States Nuclear Regulatory Commission. Regulatory Guide 5.71: Cyber security programs for nuclear facilities Department of Homeland Security (DHS). Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies Wikipedia. Recloser. [Online] [Cited: 12 26, 2011.] Iberdrola. Proyecto tipo para Centro de Transformación intemperie compacto. [En línea] Abril de [Citado el: 29 de Diciembre de 2011.] 05.htm Centre for the Protection of National Infrastructure (CPNI). Process control and SCADA security. Guide 7. Establish ongoing governance. Centre for the Protection of National Infrastructure Process control and SCADA security. Guide 6. Engage projects. Centre for the Protection of National Infrastructure Process control and SCADA security. Guide 5. Manage third party risk. Centre for the Protection of National Infrastructure Process control and SCADA security. Guide 4. Improve awareness and skills. Centre for the Protection of National Infrastructure Process control and SCADA security. Guide 3. Establish response capabilities. Centre for the Protection of National Infrastructure Process control and SCADA security. Guide 2. Implement secure architecture. Centre for the Protection of National Infrastructure Process control and SCADA security. Guide 1. Understand the business risk. Centre for the Protection of National Infrastructure.

85 82 Smart Grid Security Process control and SCADA security. Centre for the Protection of National Infrastructure Institute of Electrical and Electronics Engineers (IEEE). P2030: IEEE Guide for Smart Grid Interoperability of Energy Technology and Information Technology Operation with the Electric Power System (EPS), End-Use Applications, and Loads Wikipedia. Outage management system. [Online] Open Smart Grid. Open Smart Grid. [Online] OpenSG. Open Smart Grid. [Online] 179. Norwegian Oil Industry Association (OLF). OLF Guideline No.110: Implementation of information security in PCSS/ICT systems during the engineering, procurement and commissioning phases. Norwegian Oil Industry Association OLF Guideline No. 104: Information Security Baseline Requirements for Process. Norwegian Oil Industry Association National Institute of Standards and Technology (NIST). NIST SP 1108: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release The White House. National Strategy for Information Sharing. [Online] Department of Homeland Security (DHS). National Infrastructure Protection Plan: Partnering to enhance protection and resiliency. Department of Homeland Security NAMUR. NAMUR NA 115 IT-Security for Industrial Automation Systems: Constraints for measures applied in process industries Centre for the Protection of Critial Infrastructure (CPNI). Meridian Process Control Security Information Exchange (MPCSIE). [Online] Meridian. Meridian. [Online] International Electrotechnical Commission (IEC). ISO/IEC 15408: Information technology. Security techniques. Evaluation criteria for IT security International Society of Automation (ISA). ISA100, Wireless Systems for Automation. [Online] INTERSECTION Project. INfrastructure for heterogeneous, Resilient, SEcure, Complex, Tightly Inter-Operating Networks (INTERSECTION). [Online] Norwegian Oil Industry Association (OLF). Information Security Baseline Requirements for Process Control, Safety, and Support ICT Systems. Norwegian Oil Industry Association

86 Smart Grid Security INSPIRE Project. INcreasing Security and Protection through Infrastructure REsilience. [Online] International Federation for Information Processing (IFIP). IFIP WG 1.7 Home Page. [Online] IFIP Technical Committees. [Online] IFIP TC 8 International Workshop on Information Systems Security Research. [Online] Institute of Electrical and Electronics Engineers (IEEE). IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities IEEE Standard C : Definition, Specification, and Analysis of Systems Used for Supervisory Control, Data Acquisition, and Automatic Control. Institute of Electrical and Electronics Engineers International Electrotechnical Commission (IEC). IEC 62443: Security for Industrial Process Measurement and Control: Network and System Security IEC 61970: Common Information Model (CIM) / Energy Management IEC 61968: Common Information Model (CIM) / Distribution Management IEC : Communication networks and systems for power utility automation Part 7-2: Basic information and communication structure Abstract communication service interface (ACSI). International Electrotechnical Commission IEC 61850: Communication networks and systems in substations IEC : Telecontrol equipment and systems IEC : Telecontrol equipment and system ICT4SMARTDG. ICT Solutions to enable Smart Distributed Generation International Atomic Energy Agency (IAEA). IAEA Technical Meeting on Newly Arising Threats in Cybersecurity of Nuclear Facilities. [Online] CybersecurityTM-May-2011.pdf Energie Vortex. [Online] brownout brown_power rolli ng_blackout.html IRRIIS Project. Homepage of the IRRIIS project. [Online] Department of Homeland Security (DHS). Homeland Security Presidential Directive-7. [Online]

87 84 Smart Grid Security 209. Department of Energy (DoE). Hands-on Control Systems Cyber Security Training of National SCADA Test Bed. [Online] BBC news. Hackers 'hit' US water treatment systems. s.l. : Swedish Civil Contingencies Agency (MSB). Guide to Increased Security in Industrial Control Systems. Swedish Civil Contingencies Agency Commission of the European communities. Green paper. On a European programme for critical infrastructure protection COM(2005) 576 final National Infrastructure Security Coordination Centre (NISCC). Good Practice Guide Process Control and SCADA Security. PA Consulting Group Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks. British Columbia Institute of Technology (BCIT) McAfee. Global Energy Cyberattacks: Night Dragon. [Online] National Infrastructure Security Coordination Centre (NISCC). Firewall deployment for scada and process control networks. good practice guide. National Infrastructure Security Coordination Centre Centre for the Protection of National Infrastructure (CPNI). Firewall deployment for scada and process control networks. Centre for the Protection of National Infrastructure National Institute of Standards and Technology (NIST). FIPS PUB 199. Standards for Security Categorization of Federal Information and Information Systems. [Online] Field Device Protection Profile for SCADA Systems in Medium Robustness Environments EU Commission Task Force for Smart Grids. Expert Group 1: Functionalities of smart grids and smart meters The White House. Executive Order [Online] European Commission. Europ Europe 2020 targets. [Online] Eur Lex. [Online] European Network and Informations Security Agency (ENISA). EU Agency analysis of Stuxnet malware: a paradigm shift in threats and Critical Information Infrastructure

88 Smart Grid Security 85 Protection. [Online] Instituto de Investigaciones Eléctricas de México. Estado del arte en Redes Inteligentes "Smart Grids". Automatización de la Distribución en las Redes Inteligentes. México : s.n esec. esec. Plataforma Tecnológica Española de Tecnologías para Seguridad y Confianza. [Online] Energie.gov. Energy Storage. [Online] Department of Energy (DoE). Energy Infrastructure Risk Management Checklists for Small and Medium Sized Energy Facilities. Department of Energy Energy Independence and Security Act of s.l. : Energiened. Energiened Documentation. [Online] U.S. Department of Energy. Electricity sector cyber-security risk management process guideline Government Accountability Office (GAO). Electricity grid modernization. Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed. s.l. : Smarter Grid Solutions. Dynamic Line Rating - managing capacity. [Online] National Institute of Standards and Technology (NIST). Draft NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release DLMS User Association. DLMS/COSEM: Conformance Testing Process DLMS/COSEM: Architecture and Protocols Wikipedia. Distribution mangagement system. [Online] Commission of the European communities. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data DigitalBond. DigitalBond. ICS Security Tool Mail List. [Online] Department of Homeland Security (DHS). DHS officials: Stuxnet can morph into new threat. [Online]

89 86 Smart Grid Security 241. Department of Energy (DoE). Cybersecurity for Energy Delivery Systems Peer Review. [Online] Department of Homeland Security (DHS). Cyber storm III Final Report. Department of Homeland Security Office of Cybersecurity and Communications National Cyber Security Division Centre for the Protection of National Infrastructure (CPNI). Cyber security assessments of industrial control systems. Centre for the Protection of National Infrastructure CRUTIAL Project. CRitical Utility InfrastructurAL resilience. [Online] Thales. Critical Infrastructure Security. A Holistic Security Risk Management Approach. s.l. : e2a8c1afeeda016804c85, United States General Accounting Office (GAO). Critical infrastructure protection. Challenges and Efforts to Secure Control Systems. United States General Accounting Office CI2RCO Project. Critical information infrastructure research coordination. [Online] SINTEF. CRIOP: A scenario method for Crisis Intervention and Operability analysis Centre for the Protection of Critical Infrastructure (CPNI). CPNI. [Online] Commission of the European communities. Council directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection Council decision on a Critical Infrastructure Warning Information Network (CIWIN) COM(2008) 676». Commission of the European communities DLMS User Association. COSEM: Identification System and Interface Classes COSEM: Glossary of Terms Department of Energy (DoE). Control Systems Security Publications Library. [Online] United States Computer Emergency Readiness Team (US-CERT). Control Systems Security Program: Industrial Control Systems Joint Working Group. [Online] Control Systems Security Program: Industrial Control Systems Cyber Emergency Response Team. [Online]

90 Smart Grid Security Interstate Natural Gas Association of America (INGAA). Control Systems Cyber Security Guidelines for the Natural Gas Pipeline Industry. Interstate Natural Gas Association of America ICT4SMARTDG. Consensus on ICT solutions for a Smart Distribution at Domestic Level Centre for the Protection of National Infrastructure (CPNI). Configuring & managing remote access for industrial control systems. Centre for the Protection of National Infrastructure Commission of the European communities. Communication from the commission. Energy infrastructure priorities for 2020 and beyond A Blueprint for an integrated European energy network. COM(2010) Communication from the commission to the european parliament, the council, the european economic and social committee and the committee of the regions: A Digital Agenda for Europe. COM(2010)245 final Communication from the commission to the european parliament, the council, the european economic and social committee and the committee of the regions. Energy 2020: A strategy for competitive, sustainable and secure energy. COM(2010) 639 final Communication from the commission to the european parliament, the council, the european economic and social committee and the committee of the regions. Digital Agenda for Europe. COM(2010) Communication from the commission to the council, the European parliament, the European economic and social commitee and the commitee of the regions. A strategy for a Secure Information Society 'Dialogue, partnership and empowerment' COM(2006) Communication from the commission to the council and the European parliament. Prevention, preparedness and response to terrorist attacks COM(2004) 698 final Communication from the commission to the council and the European parliament. Critical Infrastructure Protection in the fight against terrorism COM(2004) 702 final Communication from the commission on a European Programme for Critical Infrastructure Protection COM(2006) North American Electric Reliability Corporation (NERC). CIP-009-4: Cyber Security Recovery Plans for Critical Cyber Assets. North American Electric Reliability Corporation (NERC) CIP-008-4: Cyber Security Incident Reporting and Response Planning. North American Electric Reliability Corporation CIP-007-4: Cyber Security Systems Security Management. North American Electric Reliability Corporation

91 88 Smart Grid Security CIP-006-4: Cyber Security Physical Security. North American Electric Reliability Corporation CIP-005-4: Cyber Security Electronic Security Perimeter(s). North American Electric Reliability Corporation CIP-004-4: Cyber Security Personnel and Training. North American Electric Reliability Corporation CIP-003-4: Cyber Security Security Management Controls. North American Electric Reliability Corporation CIP-002-4: Cyber Security Critical Cyber Asset Identification. North American Electric Reliability Corporation CIP-001-1a: Sabotage Reporting. North American Electric Reliability Corporation Department of Homeland Security (DHS). Catalog of Control Systems Security: Recommendations for Standards Developers Council of the European Union. Brussels European Council 8/9 march Presidency conclusions Power Systems Engineering Research Center. Automated Circuit Breaker Monitoring Gartner. Assessing the Security Risks of Cloud Computing. Gartner. [Online] American Petroleum Institute (API) energy. API Standard Pipeline SCADA Security. American Petroleum Institute American National Standard (ANSI). ANSI/ISA-TR Security Technologies for Industrial Automation and Control Systems. International Society of Automation (ISA) ANSI/ISA Security for Industrial Automation and Control Systems. Part 2: Establishing an Industrial Automation and Control Systems Security Program. International Society of Automation (ISA) ANSI/ISA Security for Industrial Automation and Control Systems. Part 1: Terminology, Concepts, and Models. International Society of Automation (ISA) ANSI C12.21: American National Standard for Protocol Specification for Telephone Modem Communication ANSI C12.19: American National Standard for Utility Industry End Device Data Tables ANSI C12.18: American National Standard for Protocol Specification for ANSI 2 Optical Port AMI-SEC-ASAP. AMI System Security Requirements

92 Smart Grid Security American Gas Association (AGA). AGA Report No. 12, Cryptographic Protection of SCADA Communications. Part 2 Performance Test Plan. American Gas Association AGA Report No. 12, Cryptographic Protection of SCADA Communications. Part 1 Background, policies and test plan. American Gas Association Wikipedia. Advanced Distribution Automation. [Online] [Cited: ] IBM Global Services. A Strategic Approach to Protecting SCADA and Process Control Systems Europe A resource-efficient Europe Flagship initiative of the Europe 2020 Strategy. [Online] EOS Energy Infrastructure Protection & Resilience Working Group. A global european approach for energy infrastructure protection & resilience. s.l. : Department of Energy (DoE). 21 Steps to Improve Cyber Security of SCADA Networks. Department of Energy Security of Industrial Control Systems, What to Look For. Zwan, Erwin van der. 2010, ISACA Journal Online IEC. IEC TS : Power systems management and associated information exchange Data and En. [Online] 299. Taylor, Dr. Gary. DEVELOPING NOVEL ICT BASED SOLUTIONS FOR SMART DISTRIBUTION NETWORK OPERATION. [Online] on.pdf NIST -SGIP. SGIP Catalog of Standards. [Online]

93 90 Smart Grid Security 13 Abbreviations ACER Agency for the Cooperation of Energy Regulators ADA Advanced Distribution Automation AMI Advanced Metering Infrastructure AMR/AMM Advanced Metering Reading/Measures ANSI American National Standards Institute AoR Assessment of the Resilience BAN Building Area Networks BPL Broadband over power line C&DM Control & Data Management CC Common Criteria CEN European Committee for Standardization CENELEC European Committee for Electrotechnical Standardization CEO chief executive officer CERT centre emergency response team CIA Confidentially, Integrity and Availability CIWIN Critical Infrastructure Warning Information Network C-level Chief level (CEO, CIO,...) CO 2 Carbon dioxide COTS Commercial of the Self CS Control Systems CZ Czech Republic DAE Digital Agenda for Europe DCA Distribution Contingency Analysis DE Germany DER Distributed Energy Resources DG ENER Directorate-General for Energy DK Denmark DLF/DLE Distribution Load Forecasting and Estimation Device Language Message specification/companion Specification for Energy DLMS/COSEM Metering DLR Dynamic Line Ratings DMS Distribution Management System DoS Denial of Service DPF Distribution Power Flow DSE Distribution State Estimation DSM Demand Side Management DSO Distribution System Operators EACI European Association for Creativity and Innovation

94 Smart Grid Security 91 EC European Commission ECI European Critical Infrastructures EG Expert Group EII European Industrial Initiatives EISAS European Information Sharing and Alert System EL Greek EMS Energy Management System ENISA European Network and Information Security Agency ENTSO European Network of Transmission System Operators for Electricity EP3R European Public Private Partnership for Resilience EPCIP European Programme for Critical Infrastructure Protection ES Spain ESI Energy service interface ETN Electrical Transmission Network ETP Executive Training Programme ETP European Technology Platform ETSI European Telecommunications Standards Institute EU European Union EV Electric Vehicle FAN Field Area Network FDIR Fault Detection Isolation and Restoration FP7 Framework Programme 7 FTP File Transfer Protocol GDP Gross domestic product GHG Greenhouse Gas GIS geographic Information system GPRS General Packet Radio Service HAN Home Area Network HMI Human Machine Interface HPC High Performance Computing HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure HVDC High-Voltage Direct Current HW Hardware IAC Integrity, Availability, Confidentiality IAN Industrial Area Networks ICS Industrial Control Systems ICT Information and communications technology IE Information Exchange IEC International Electrotechnical Commission

95 92 Smart Grid Security IED Intelligent Electronic Devices IEEE Institute of Electrical and Electronics Engineers IoE Internet of Energy IPS/IDS Intrusion Protection/Detection System IP-Sec Internet Protocol Secure ISA International Society of Automation ISM Information Security Management ISMS Information Security Management System ISO International Organization for Standardization IST Information Society Technologies IT Information Technology IT Italy IVVC Integrated Voltage/Var Control JHA Justice and Home Affairs JRC Joint Research Center JWG Joint Working Group KF Key Finding LAN Local Area Network LV Low Voltage MAN Metropolitan Area Network MDMS Meter data management system MID Measuring Instruments Directive MPLS Multiprotocol Label Switching MS Member State MV Medium Voltage NAN Neighbourhood Area Network NCA National Certification Authorities NCI National Critical Infrastructures NERC North American Electric Reliability Corporation NIS Network and Information Security NIST National Institute of Standards and Technology NL Nederland NO Norway NRA National Regulatory Authorities OFC Optimal Feeder Configuration OFDM Orthogonal Frequency Division Multiplexing OMS Outage Management System OWASP Open Web Application Security Project PCD Process Control Domain PLC Power Line Communications

96 Smart Grid Security 93 PMU Phasor Measurement Units PP Protection Profiles QoS quality of service R&D Research and Development RBAC Role Based Access Control RF Radio Frequency RISI Repository of Industrial Security Incidents RMP Risk Management Process RTD Research and Technology Development RTP Real-Time Pricing RTU Remote Terminal Units SCADA Supervisory Control and Data Acquisition SES Smart Electricity System SFTP Secure File Transfer Protocol SG Smart Grid SGIS Smart Grid Information Security SIEM Security information and event management SL Slovenia SMART Standardization, Monitoring, Accounting, Rethink, Transformation SOC Security Operations Centre SSH Secure Shell ST Security Targets SW Software TCP/IP Transmission Control Protocol/Internet Protocol Telnet Telecommunications Network TF Task Force TOE Target of Evaluation TP Topology Processor TSO Transmission System Operators UK United Kingdom USA/US United States of America USB Universal Serial Bus VPN Virtual Private Network WAAPCA wide-area adaptive protection, control and automation WAMS Wide Area Monitoring System WAN Wide Area Networks WASA Wide-Area Situational Awareness WG Working Group WMD Weapon of Mass Destruction

97 94 Smart Grid Security P.O. Box 1309, Heraklion, Greece

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER COUNCIL OF THE EUROPEAN UNION Brussels, 19 May 2011 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66 NOTE From : COREPER To: COUNCIL No Cion. prop.: 8548/11 TELECOM 40 DATAPROTECT 27 JAI 213 PROCIV38

More information

EU policy on Network and Information Security & Critical Information Infrastructures Protection

EU policy on Network and Information Security & Critical Information Infrastructures Protection EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and

More information

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 Andrea.Servida@ec.europa.eu What is at stake with CIIs The World Economic Forum

More information

EISAS Enhanced Roadmap 2012

EISAS Enhanced Roadmap 2012 [Deliverable November 2012] I About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its Member States, the private

More information

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3 Information sharing in the EU policy on NIS & CIIP Andrea Servida European Commission DG INFSO-A3 Andrea.Servida@ec.europa.eu COM(2006) 251 - Towards a secure Information Society DIALOGUE structured and

More information

Securing Europe's Information Society

Securing Europe's Information Society Securing Europe's Information Society Dr. Udo Helmbrecht Executive Director European Network and Information Security Agency 16 June 2010 FIRST AGM Miami 16/6/2010 1 Agenda ENISA overview Challenges EU

More information

Security and resilience in Information Society: the European approach

Security and resilience in Information Society: the European approach Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments

More information

ENISA s Position on the NIS Directive

ENISA s Position on the NIS Directive ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides

More information

The NIS Directive and Cybersecurity in

The NIS Directive and Cybersecurity in The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security

More information

ENISA EU Threat Landscape

ENISA EU Threat Landscape ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key

More information

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act'' CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

More information

Directive on security of network and information systems (NIS): State of Play

Directive on security of network and information systems (NIS): State of Play Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission

More information

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

A Strategy for a secure Information Society Dialogue, Partnership and empowerment A Strategy for a secure Information Society Dialogue, Partnership and empowerment Gerard.Galler@ec.europa.eu European Commission DG Information Society & Media Unit INFSO/A3: Internet; Network & Information

More information

Discussion on MS contribution to the WP2018

Discussion on MS contribution to the WP2018 Discussion on MS contribution to the WP2018, 30 January 2018 European Union Agency for Network and Information Security Possibilities for MS contribution to the WP2018 Expert Groups ENISA coordinates several

More information

NIS Standardisation ENISA view

NIS Standardisation ENISA view NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number

More information

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 - NATIONAL CYBER SECURITY STRATEGY - Version 2.0 - CONTENTS SUMMARY... 3 1 INTRODUCTION... 4 2 GENERAL PRINCIPLES AND OBJECTIVES... 5 3 ACTION FRAMEWORK STRATEGIC OBJECTIVES... 6 3.1 Determining the stakeholders

More information

Status of activities Joint Working Group on standards for Smart Grids in Europe

Status of activities Joint Working Group on standards for Smart Grids in Europe Status of activities Joint Working Group on standards for Smart Grids in Europe Ralph Sporer Chairman JWG on standards for Smart Grids ETSI - Smart Grids Workshop 5-6 April 2011 Sophia-Antipolis Page 1

More information

13967/16 MK/mj 1 DG D 2B

13967/16 MK/mj 1 DG D 2B Council of the European Union Brussels, 4 November 2016 (OR. en) 13967/16 'I/A' ITEM NOTE From: To: General Secretariat of the Council No. prev. doc.: 11911/3/16 REV 3 No. Cion doc.: 11013/16 Subject:

More information

Cyber Security in Europe

Cyber Security in Europe Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing

More information

Cybersecurity & Digital Privacy in the Energy sector

Cybersecurity & Digital Privacy in the Energy sector ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European

More information

Valérie Andrianavaly European Commission DG INFSO-A3

Valérie Andrianavaly European Commission DG INFSO-A3 Security and resilience in the Information Society: towards a CIIP policy in the EU Valérie Andrianavaly European Commission DG INFSO-A3 valerie.andrianavaly@ec.europa.eu Network and information security:

More information

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity EUROPEAN COMMISSION JOINT RESEARCH CENTRE Information Note JRC activities in the field of Cybersecurity Date: 28 January, 2016 JRC activities in the field of Cybersecurity 1. Societal and political context

More information

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18 The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18 European Union Agency for Network and Information Security

More information

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)] United Nations A/RES/64/211 General Assembly Distr.: General 17 March 2010 Sixty-fourth session Agenda item 55 (c) Resolution adopted by the General Assembly on 21 December 2009 [on the report of the Second

More information

European Union Agency for Network and Information Security

European Union Agency for Network and Information Security Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency

More information

H2020 & THE FRENCH SECURITY RESEARCH

H2020 & THE FRENCH SECURITY RESEARCH H2020 & THE FRENCH SECURITY RESEARCH JANUARY 22, 2013 WISG 2013 / TROYES LUIGI REBUFFI CEO EUROPEAN ORGANISATION FOR SECURITY WWW.EOS EU.COM PRESIDENT CSOSG STEERING COMMITTEE European Organisation for

More information

ENCS The European Network for Cyber Security

ENCS The European Network for Cyber Security ENCS The European Network for Cyber Security A not-for-profit European Public Private Partnership on cyber security for critical infrastructures Initial focus: smart grids and process control, to be extended

More information

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2

More information

Commonwealth Cyber Declaration

Commonwealth Cyber Declaration Commonwealth Cyber Declaration Recognising that the development of cyberspace has made a powerful contribution to the economic, social, cultural and political life of the Commonwealth; Underlining that

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD) COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion

More information

RESOLUTION 130 (REV. BUSAN, 2014)

RESOLUTION 130 (REV. BUSAN, 2014) RESOLUTION 130 (REV. BUSAN, 2014) Strengthening the role of ITU in building confidence and security in the use of information and communication technologies The Plenipotentiary Conference of the International

More information

Package of initiatives on Cybersecurity

Package of initiatives on Cybersecurity Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating

More information

Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda

Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda 2016 PARTNERSHIP FORUM Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda 31 March 2016 Dialogue Two (3:00 p.m. 5:45 p.m.) ECOSOC CHAMBER,

More information

Research Infrastructures and Horizon 2020

Research Infrastructures and Horizon 2020 Research Infrastructures and Horizon 2020 Christos VASILAKOS DG Research & 1 st CoPoRI Workshop on EoE 11-12 June 2012 Hamburg, DE The EU Framework Programme for Research and 2014-2020 Research and Europe

More information

Call for Expressions of Interest

Call for Expressions of Interest Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...

More information

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford Cybersecurity is a EU strategic priority DG CONNECT* > The Digital Single Market strategy aims to open up digital opportunities for people and business and enhance Europe's position as a world leader in

More information

ehealth Ministerial Conference 2013 Dublin May 2013 Irish Presidency Declaration

ehealth Ministerial Conference 2013 Dublin May 2013 Irish Presidency Declaration ehealth Ministerial Conference 2013 Dublin 13 15 May 2013 Irish Presidency Declaration Irish Presidency Declaration Ministers of Health of the Member States of the European Union and delegates met on 13

More information

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy Andrea Glorioso European Commission DG INFSO-A3 Andrea.Glorioso@ec.europa.eu Network and

More information

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017 Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017 Title: Facilitating Investment in Cybersecurity as a means of achieving the Sustainable Development Goals Description: Information

More information

RESOLUTION 47 (Rev. Buenos Aires, 2017)

RESOLUTION 47 (Rev. Buenos Aires, 2017) Res. 47 425 RESOLUTION 47 (Rev. Buenos Aires, 2017) Enhancement of knowledge and effective application of ITU Recommendations in developing countries 1, including conformance and interoperability testing

More information

Directive on Security of Network and Information Systems

Directive on Security of Network and Information Systems European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security

More information

Towards a European Cloud Computing Strategy

Towards a European Cloud Computing Strategy Towards a European Cloud Computing Strategy Jorge Gasós European Commission Information Society and Media Directorate General Trust and Security Unit Security, privacy, and trust in the information society

More information

ENISA Cooperation in the EU / NIS Directive

ENISA Cooperation in the EU / NIS Directive ENISA Cooperation in the EU / NIS Directive Paulo Empadinhas Head of Administration & Stakeholders Relations IT STAR Milan, Italy 28 th October 2016 European Union Agency for Network and Information Security

More information

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a

More information

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2

More information

GREEN DEFENCE FRAMEWORK

GREEN DEFENCE FRAMEWORK GREEN DEFENCE FRAMEWORK Approved by the North Atlantic Council in February 2014 GREEN DEFENCE FRAMEWORK OVERVIEW 1. Green Defence could, at this stage, be defined as a multifaceted endeavour cutting across

More information

Smart Metering and Smart Grids: the Enel

Smart Metering and Smart Grids: the Enel Smart Metering and Smart Grids: the Enel experience Brussels, 8 March 2010 Dario Garofalo Regulatory and Environment, Enel SpA Agenda Smart grids potential Enel achievements and strategy Smart grids regulation

More information

Recommendations for Small and Medium Enterprises. Event Date Location

Recommendations for Small and Medium Enterprises. Event Date Location Recommendations for Small and Medium Enterprises Event Date Location B20 Structure B20 Members worldwide B20 Cross-thematic Group Small and Medium Enterprises CTG SMEs: Composition Coordination Group 129

More information

ETP SmartGrids and European SmartGrid Initiatives

ETP SmartGrids and European SmartGrid Initiatives ETP SmartGrids and European SmartGrid Initiatives Workshop for Preparation of Croatian Technology Platform for Cooperative Renewable Energy Systems and Smart Grids 1 st of July 2013 Nikos Hatziargyriou,

More information

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/64/417)]

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/64/417)] United Nations General Assembly Distr.: General 9 February 2010 Sixty-fourth session Agenda item 50 Resolution adopted by the General Assembly [on the report of the Second Committee (A/64/417)] 64/187.

More information

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012 ENISA & Cybersecurity Steve Purser Head of Technical Competence Department December 2012 Agenda Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational

More information

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 18-19 APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 At the Trieste Western Balkans Summit, we stressed the importance of the

More information

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document EUROPEAN COMMISSION Strasbourg, 7.2.2013 SWD(2013) 31 final COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the document Proposal for a Directive of the European

More information

IPv6 Task Force - Phase II. Welcome

IPv6 Task Force - Phase II. Welcome IPv6 Task Force - Phase II Welcome Joao da Silva European Commission Brussels 12 September 2002 Erkki Liikanen - Date 2002-1 Latest EU action on IPv6 IPv6 Task Force (Phase I) launched April 2001 Recommendations

More information

RESOLUTION 45 (Rev. Hyderabad, 2010)

RESOLUTION 45 (Rev. Hyderabad, 2010) 212 RESOLUTION 45 (Rev. Hyderabad, 2010) The World Telecommunication Development Conference (Hyderabad, 2010), recalling a) Resolution 45 (Doha, 2006) of the World Telecommunication Development Conference

More information

Cybersecurity for ALL

Cybersecurity for ALL Cybersecurity for ALL An Overview of ITU s Cybersecurity Activities OAS Hemispheric Workshop on the Development of a National Framework for Cyber Security 16 in Rio de Janeiro, Brazil Souheil Marine Head,

More information

Policy drivers and regulatory framework to roll out the Smart Grid deployment. Dr. Manuel Sánchez European Commission, DG ENERGY

Policy drivers and regulatory framework to roll out the Smart Grid deployment. Dr. Manuel Sánchez European Commission, DG ENERGY Policy drivers and regulatory framework to roll out the Smart Grid deployment Dr. Manuel Sánchez European Commission, DG ENERGY The electricity grid Generation Transmission Distribution Customers Net Generation

More information

An Energy Community for the Future Key Findings of the Report of the High Level Reflection Group. Barbora Jaksova, Energy Community Secretariat

An Energy Community for the Future Key Findings of the Report of the High Level Reflection Group. Barbora Jaksova, Energy Community Secretariat An Energy Community for the Future Key Findings of the Report of the High Level Reflection Group Barbora Jaksova, Energy Community Secretariat Energy Community Secretariat 8 th Energy SEEED, Community

More information

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING

More information

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 European Union Agency for Network and Information Security Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM

More information

RESOLUTION 130 (Rev. Antalya, 2006)

RESOLUTION 130 (Rev. Antalya, 2006) Res. 130 430 RESOLUTION 130 (Rev. Antalya, 2006) Strengthening the role of ITU in building confidence and security in the use of information and communication technologies The Plenipotentiary Conference

More information

ENISA S WORK ON ICS AND SMART GRID SECURITY

ENISA S WORK ON ICS AND SMART GRID SECURITY AMSTERDAM, OCTOBER 15, 2012 ENISA S WORK ON ICS AND SMART GRID SECURITY Dr. Evangelos OUZOUNIS Head of CIIP & Resilience Unit ENISA 1 Why is it important? Industrial networks is the CI for the SCADA and

More information

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit

More information

NIS-Directive and Smart Grids

NIS-Directive and Smart Grids NIS-Directive and Smart Grids Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Marie Holzleitner Table of Content Aims & Objectives Affected Parties Selected Requirements

More information

Principles for a National Space Industry Policy

Principles for a National Space Industry Policy Principles for a National Space Industry Policy Commonwealth of Australia 2011 DIISR 11/144 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced

More information

DIGITIZING INDUSTRY, ICT STANDARDS TO

DIGITIZING INDUSTRY, ICT STANDARDS TO DIGITIZING INDUSTRY, ICT STANDARDS TO DELIVER ON DIGITAL SINGLE MARKET OBJECTIVES ETSI When Standards Support Policy 14 November 2016 Emilio Davila Gonzalez Unit Start ups & Innovation, EC DG Connect 72%

More information

Cyber Security Strategy

Cyber Security Strategy Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from

More information

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert European Union Agency For Network And Information Security Securing Europe s Information

More information

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2018/0328(COD)

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2018/0328(COD) European Parliament 2014-2019 Committee on Industry, Research and Energy 2018/0328(COD) 7.12.2018 ***I DRAFT REPORT on the proposal for a regulation of the European Parliament and of the Council establishing

More information

ICB Industry Consultation Body

ICB Industry Consultation Body ICB Industry Consultation Body Evolution of network management 17/11/2016 Issue Position Paper Long-term evolution of Network Management This position paper is intended to form the basis of advice to the

More information

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud Cybersecurity Policy in the EU: The Network and Information Security Directive - Security for the data in the cloud Microsoft Commitment to Cybersecurity Security at the heart of our products and services

More information

ESFRI Strategic Roadmap & RI Long-term sustainability an EC overview

ESFRI Strategic Roadmap & RI Long-term sustainability an EC overview ESFRI Strategic Roadmap & RI Long-term sustainability an EC overview Margarida Ribeiro European Commission DG Research & B.4 - Research Infrastructure Research and What is ESFRI? An informal body composed

More information

Bradford J. Willke. 19 September 2007

Bradford J. Willke. 19 September 2007 A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure

More information

European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards

European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards European Standards- preparation, approval and role of CEN Deputy Director - Standards 1 European Standarization why?, 2010-10-14 CEN-CENELEC 2010 2 What standards do enhance the safety of products allow

More information

Donor Countries Security. Date

Donor Countries Security. Date PERU Last updated date: 8/10/2017 OAS Pillar Name of Activity Target Beneficiaries Security Inter-American Network for the Prevention of Violence and Crime OAS 34 Member States Guatemala Additional Information

More information

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment 14 February 2017 Amsterdam Gerhard Menzel European Commission - DG MOVE EU Policy Tools Large-scale deployment

More information

Global Infrastructure Connectivity Alliance Initiative

Global Infrastructure Connectivity Alliance Initiative Global Infrastructure Connectivity Alliance Initiative 1. Background on Global Infrastructure Connectivity Global Infrastructure Connectivity refers to the linkages of communities, economies and nations

More information

Cyber Security in Europe and CEER s new PEER initiative

Cyber Security in Europe and CEER s new PEER initiative NARUC-CEER International Forum, 27 April 2017, Arlington, Virginia Cyber Security in Europe and CEER s new PEER initiative Lord Mogg, CEER President Outline New EU legislativedevelopments: NIS Directive

More information

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM 21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM Increasing stability and security: Improving the environmental footprint of energy-related activities in the OSCE region CONCLUDING MEETING Prague, 11 13 September

More information

Poland: Initiative for Polish Industry 4.0 The Future Industry Platform

Poland: Initiative for Polish Industry 4.0 The Future Industry Platform Digital Transformation Monitor Poland: Initiative for Polish Industry 4.0 The Future Industry Platform February 2018 Internal Market, Industry, Entrepreneurshi p and SMEs Skitterphoto/Pexels.com Country:

More information

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus Cybersecurity governance in Europe Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus ska@unipi.gr Elements of a national cybersecurity strategy Set the vision,

More information

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents

More information

Joint Declaration by G7 ICT Ministers

Joint Declaration by G7 ICT Ministers Joint Declaration by G7 ICT Ministers (Action Plan on implementing the Charter) G7 ICT Ministers Meeting in Takamatsu, Kagawa - 29-30 April 2016 [Preamble] 1. We, the Information and Communication Technology

More information

INSPIRE status report

INSPIRE status report INSPIRE Team INSPIRE Status report 29/10/2010 Page 1 of 7 INSPIRE status report Table of contents 1 INTRODUCTION... 1 2 INSPIRE STATUS... 2 2.1 BACKGROUND AND RATIONAL... 2 2.2 STAKEHOLDER PARTICIPATION...

More information

The PICTURE project, ICT R&I priorities in EaP, areas of cooperation

The PICTURE project, ICT R&I priorities in EaP, areas of cooperation The PICTURE project, ICT R&I priorities in EaP, areas of cooperation With the EU PICTURE project participants Yerevan, September 26,2013 THEME 1 : PICTURE PROJECT Svetlana Klessova, project coordinator

More information

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface Meeting the Challenge of the Safety- Security Interface Rhonda Evans Senior Nuclear Security Officer, Division of Nuclear Security Department of Nuclear Safety and Security Outline Introduction Understanding

More information

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce Contact: Yoann Viaouet Position Paper of the ASD Civil Aviation Cybersecurity Taskforce April 2017 Content Executive Summary... 2 The need for a global cybersecurity framework: the role of ICAO... 3 The

More information

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association page 1 Cybersecurity Strategy Essential Points The norms, principles and values that the City of Vienna and the

More information

Information Sharing and Cooperation

Information Sharing and Cooperation Information Sharing and Cooperation Building Partnerships Between Private and Public Actors SANS 2008 European Community SCADA and Process Control Summit, 8-11 September, Amsterdam Dr. Åke J. Holmgren

More information

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises EUROPEAN COMMISSION Brussels, 13.9.2017 C(2017) 6100 final COMMISSION RECOMMENDATION of 13.9.2017 on Coordinated Response to Large Scale Cybersecurity Incidents and Crises EN EN COMMISSION RECOMMENDATION

More information

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht Introductory Speech to the Ramboll Event on the future of ENISA Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht BRUSSELS 22 ND MARCH 2017 www.enisa.europa.eu European Union Agency For Network

More information

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) July 2013 Executive Summary ETNO supports the European Commission s global approach to cyber-security

More information

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders

More information

The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction

The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction 29 February 2016 The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction 2015-2030 The Sendai Framework for Disaster Risk Reduction 2015-2030

More information

Cybersecurity Strategy of the Republic of Cyprus

Cybersecurity Strategy of the Republic of Cyprus Cybersecurity Strategy of the Republic of Cyprus George Michaelides Commissioner of Electronic Communications and Postal Regulation http://www.ocecpr.org.cy 12 th February 2016 Cybersecurity Strategy of

More information

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory UAE National Space Policy Agenda Item 11; LSC 2017 06 April 2017 By: Space Policy and Regulations Directory 1 Federal Decree Law No.1 of 2014 establishes the UAE Space Agency UAE Space Agency Objectives

More information

RESOLUTION 67 (Rev. Buenos Aires, 2017)

RESOLUTION 67 (Rev. Buenos Aires, 2017) 524 Res. 67 RESOLUTION 67 (Rev. Buenos Aires, 2017) The role of the ITU Telecommunication Development Sector in child online protection The World Telecommunication Development Conference (Buenos Aires,

More information

Forum. Ningbo, China 25 February

Forum. Ningbo, China 25 February 2014/SOM1/SCE-COW/014 Agenda Item: 4 Telecommunications and Inform ation Working Group Strategic Plan Purpose: Consideration Submitted by: TEL Chair Forum Doc. No.: 2013/SOM3/SCE/017 SOM Steering Committee

More information

National Policy and Guiding Principles

National Policy and Guiding Principles National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework

More information

Cyber Security Beyond 2020

Cyber Security Beyond 2020 Paulo Empadinhas Steve Purser NLO meeting ENISA Athens 26/04/2017 European Union Agency for Network and Information Security Main findings ENISA s current tasks and product portfolio shall be retained.

More information