ENCS is starting a member project on information security management. The project will run in the first half of 2019. The goal is to share knowledge between ENCS members on setting up an information security management system (ISMS) and to make best practice available for members.

Many ENCS members have already set up an ISMS and others are setting it up now. The NIS directive requires operators of essential services to take appropriate measures to manage cyber-security risks. Many national regulators check this by asking for an ISMS.

Most grid operators are basing their ISMS on the ISO 27001 standard.  But, grid operators run into challenges when applying it to their operational technology (OT) systems. Controls are available that are designed for OT systems, such as ISO 27019 and IEC 62443. But even with these, securing a system as complex as the grid remains challenging, especially with the rapid digitalization at most grid operators.

The ENCS member project aims to collect best practices for challenges such as:

  • ISMS scoping
  • Organizational roles
  • Risk assessments
  • Organizational change
  • Security policies

The first workshop of the member projects is planned on 28 March. For more information contact info@encs.eu