ENISA S WORK ON ICS AND SMART GRID SECURITY

Similar documents
Enhancing the cyber security &

Discussion on MS contribution to the WP2018

Valérie Andrianavaly European Commission DG INFSO-A3

Cyber Security in Europe

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Securing Europe s IoT Devices and Services

ENISA EU Threat Landscape

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

European Union Agency for Network and Information Security

The NIS Directive and Cybersecurity in

ENISA Cooperation in the EU / NIS Directive

Security and resilience in Information Society: the European approach

EU policy on Network and Information Security & Critical Information Infrastructures Protection

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Improving Resilience in European e-communication networks MTP 1

Cyber Security in Europe and CEER s new PEER initiative

ENISA s Position on the NIS Directive

Securing Europe's Information Society

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Directive on Security of Network and Information Systems

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

The Network and Information Security Directive - ENISA's contribution

Call for Expressions of Interest

Package of initiatives on Cybersecurity

Work Package 2.4. (Public) Procurement Expert Group on the security and resilience of communication networks and information systems for Smart Grids

NIS Standardisation ENISA view

Directive on security of network and information systems (NIS): State of Play

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Cybersecurity & Digital Privacy in the Energy sector

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Network and Information Security Directive

Kick-off Meeting DPIA Test phase

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Joint ENISA European Commission workshop on security certification for smart grid components. Minutes of the workshop [Deliverable ]

CYBER SECURITY OF SMART GRID - CHALLENGES AND POTENTIAL SOLUTIONS FOR TRANSMISSION SYSTEM OPERATORS

Smart Grid Security. Minutes of the Workshop [Deliverable ]

EISAS Enhanced Roadmap 2012

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Regulatory challenges for the deployment of smart grids

SG-CG/SGIS SG-CG/SGIS. ETSI Cyber Security Workshop Sophia Antipolis, France, January the 16th, 2013 Jean-Pierre Mennella, Alstom Grid

13967/16 MK/mj 1 DG D 2B

GDPR Update and ENISA guidelines

Panel Session: Experiences from Installations and Pilots. Communication Technologies for Smart Grid

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

How the Board Should Take Care of Cyber Security. ICS Conference 2012, October 31 Denmark

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Security Aspects of Trust Services Providers

CEF Telecom Calls: CEF-TC : Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Future-Proof Security & Privacy in IoT

Technologies with the potential to enhance resilience - An overview on the activities of ENISA

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

EU General Data Protection Regulation (GDPR) Achieving compliance

The SPARKS Project Motivation, Objectives and Results

NIS-Directive and Smart Grids

Bradford J. Willke. 19 September 2007

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

Smart Grid Security: Current and Future Issues

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Challenges and framework for Smart Grids deployment

How can operators capitalize on outputs?

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Green IT Strategies and Practices for a Sustainable Europe

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

Update on Smart Grid Deployment in the EU. Dr.-Ing. Manuel Sánchez Jiménez Team Leader Smart Grids Directorate General for Energy European Commission

RISK MANAGEMENT IBERDROLA S CASE

Cyber Security. Activities of an national insurance association based on the example of VVO

EU policy and the way forward for smart meters and smart grids

Technical guidelines implementing eidas

IPv6 deployment, European Commission involvement. RIPE 60 Prague 4May Per Blixt

Emerging Security Challenges November 22, 2012, Baku

Status of activities Joint Working Group on standards for Smart Grids in Europe

European Cyber Security Certification: ECSO Meta-Scheme Approach

ETIP SNET (European Technology and Innovation Platform for Smart Networks for Energy Transition)

ESFRI Strategic Roadmap & RI Long-term sustainability an EC overview

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Smart Gas Grids. Manuel Sánchez, Ph.D. Team Leader Smart Grids Directorate General for Energy European Commission

EUROPEAN PLATFORMS AND INITIATIVES FOR C-ITS DEPLOYMENT

Google Cloud & the General Data Protection Regulation (GDPR)

John Snare Chair Standards Australia Committee IT/12/4

Security Challenges in Smart Distribution

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

Cyber security for digital substations. IEC Europe Conference 2017

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

The European Platform in Network and Information Security (NIS) Fabio Martinelli

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

WORK PROGRAMME 2015 INCLUDING MULTI-ANNUAL PLANNING

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Transcription:

AMSTERDAM, OCTOBER 15, 2012 ENISA S WORK ON ICS AND SMART GRID SECURITY Dr. Evangelos OUZOUNIS Head of CIIP & Resilience Unit ENISA 1

Why is it important? Industrial networks is the CI for the SCADA and the future smart grid Key components for the wealth of the society Great impact in case of attack Increased connectivity to Internet New types of attacks (i.e Aurora project, Stuxnet) Smart grids will dramatically change the electric grid as we know it today Most regulatory/legal texts do not (or not thoroughly) focus on ICS security ENISA identified the problem and launched several ICS and smart grid security activities 2

Studies Protecting Industrial Control Systems, Recommendations for Europe and Member States, (Dec 2011). Gaps identified 7 recommendations Smart Grid Security, Recommendations for Europe and Member States, (Jul 2012). 90 key findings 10 recommendations Minimum Security Requirements for Smart Grids, (to be finished by the end of this year). identify the minimum set of security measures for a more secure smart grid address the different sophistication levels for smart grid implementations 3

Key Findings (1/2) Lack of a standard reference architecture Cyber security and privacy addressed independently Security addressed more as an overlay than as part of the design phase Cyber security only a second-line issue in ICS- SCADA and smart grid pilots and is tested in massive deployments Need for a specific risk assessment methodology Lack of a unified and uniform European wide security certification process 4

Key Findings (2/2) Necessary to train and raise awareness among operators, manufacturers and consumers Security efforts should not only focus on smart meters but also on substation automation, micro grids, SCADA, telecommunication networks, etc. Security initiatives: duplicity of topics, lack of visibility, same experts in all initiatives,... Need for a coordinating entity on ICS-SCADA and smart grid cyber security and privacy initiatives Need for regulation on incident management A European entity for the coordination of large scale cyber security incidents 5

Recommendations Pan-European and National ICS and SG Security Strategies Improve the regulatory and policy framework Synergize with national and international cyber security initiatives Foster dissemination, knowledge sharing, awareness raising and training Develop a minimum set of reference standards, measures and guidelines Promote security certification schemes for products and organisational security in the field Foster the creation of test beds and security assessments Define and test response and recovery measures and capabilities at corporate and national level Foster research in ICS and SG cyber security 6

Current Work Minimum Security Measures Allying the varying levels of security of operators with a minimum national framework Providing an indication of a minimum level of security in the Member States by avoiding the creation of the weakest link Ensuring a minimum level of harmonisation Setting the basis for a minimum auditable framework Facilitating the establishment of common preparedness, recovery and response measures Contributing to achieve an adequate level of transparency in the internal market 7

An example Measures Domain Security governance & risk management SM1.1 Information security policy SM1.2 Organisation of information security SM1.3 Information security procedures SM1.4 Risk management methodology SM1.5 Risk assessment SM1.6 Risk treatment plan 8

Our Approach Risk instead of compliance based approach Three level approach Risk assessment (by operators) Appropriate measures (baseline) Three levels per each measure (implementation sophistication) 10 domains 38 measures 9

Security Measures Information security procedures Organization of information security Information security policy Sophistication levels Conceptual model Requirements 3 2 1 Requirement 1 Requirement 2 Matrix applied for the method to define Security Measures CD1 Security Governance CD2 CDN Control Domains - set of practices 10

Domains (draft) Security governance and risk management Third parties management Secure lifecycle process for smart grid Human resource security Incident response and Information sharing Audit and accountability Continuity of operations Physical and environmental security Access management Network security 11

Relevant Initiatives CEN/CENELEC/ETSI (M490) Common architecture, Security and Privacy issues EC Expert Group EG2 On the security and resilience of communication networks and information systems for Smart Grids Recommendations for data handling, data, security and data protection EuroSCSIE European SCADA and Control Systems Information Exchange ERNCIP European Reference Network for Critical Infrastructure Protection EU-US WG EU-US Working Group on Cyber Security and Cyber Crime 12

Open Issues Smart Grids Governance Model/Regulatory Framework Minimum Security Measures for Providers Incident Reporting for ICS-SCADA/Smart Grids Certification of Smart Grids Components and the role of NCAs ICS-SCADA Testing and Patching guidelines for ICS-SCADA Certification of ICS-SCADA cyber security experts ICS-CERT 13

What s Next? Minimum Security Measures workshop, November 29, Brussels validate with the stakeholders the findings of the study consult with the constituency the key areas of interest Participants: national authorities, EU officials, hardware and software manufacturers, energy service providers and standardization bodies from EU http:///activities/resilience-and-ciip/workshops- 1/2012/Validation%20Workshop 14

Thank you! Contact point: Dr. Konstantinos Moulinos http:///activities/resilience-and-ciip/critical-infrastructure-and-services 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback