Since 2018, we organize our knowledge development in three programs: policy, architecture, and operations. Below, you can explore what we have planned in these areas for 2021.

The thread connecting the 2021 activities is the upcoming Network Code on Cybersecurity. As this legislation will have a major influence on the security program of European grid operators, we plan to support our members in preparing for it through the following activities:

  • In the policy program, we will continue to support the drafting team, prepare methods to assess security risks in the electricity sector, and support our members in implementing an ISO/IEC 27001 information security management system (ISMS) through the ISMS expert group.
  • In the architecture program, we will support the development of a product assurance scheme by further developing our test plans for smart grid components.
  • In the operations program, we will prepare for technical information sharing by setting up a community of OT Security Operations Center (SOC) analysts.

Policy program

The policy program aims to develop and share with between security officers responsible for organizational security measures. It covers security policies, regulation, and the development of information security management systems (ISMSs).

EU groups

The focus in 2021 will be on the Network Code for Cybersecurity. We expect that the final Network Code will be written during 2021. We will continue to support the drafting team in writing the final Network Code and in setting up the risk management activities that are expected to follow from it.

Risks to the electricity supply chain

In the past years, we have worked on several risks to grid operators caused by dependencies in the electricity supply chain. To keep the grid stable, it is no longer enough that grid operators keep their own system secure. Cyberattacks to other parties that control a lot of power can also disrupt electricity supply. To mitigate these, we have worked on the risks of cyberattacks to the electric vehicle charging infrastructure with ElaadNL, and on the risks of distributed energy resources (DER) with WindEurope and SolarPower Europe. With Netbeheer Nederland, we completed a study of the most critical dependencies in the Dutch electricity grid.

In 2021, we will organize a series of awareness sessions with our partners to reach the largest possible audience and you can expect to read several whitepapers published in support of these sessions. We will also continue to investigate and to fine tune our risk assessment method for the overall electricity supply chain.

ISMS expert group

Our expert group on Information Security Management Systems (ISMS) was formed in 2019 after a member project. The groups supports information sharing between members setting up or using an ISMS. The focus is on certification according to the ISO/IEC 27000 standard which many of our members are using or in the process of implementing. The expert group will be continued in 2021 with a focus on risk assessment methods, monitoring the effectiveness of measures and insider threats.

Archictecture program

The architecture program aims to develop and to share knowledge with security architects and others responsible for technical security measures. It covers the design of secure systems and setting security requirements for procuring secure components.

Product assurance scheme

In the 2019 member project on procuring secure equipment, we started to develop testing directly for equipment vendors, instead of grid operators. Doing so allows for more cost-effective testing, as the cost of testing can be shared between all users of a component. In 2020, we brought in these ideas in the product assurance scheme of the Network Code for Cybersecurity, where such a scheme will be included for different components and systems. In 2021, we will continue to support the development of the Network Code product assurance scheme. We will also continue to develop and implement the test plans for our requirements sets. We will align these test plans with the requirements from the Network Code product assurance scheme.

Secure software development

Many grid operators are developing some smart grid applications themselves. They have an in-house development team, or are hiring a development company to develop custom applications. In 2021, we will investigate how they can ensure that these applications are developed in a secure way by implementing a secure software development lifecycle and by providing guidance on application testing. Through this, we will build on work done for ENTSO-E on secure software development lifecycle and application testing and for the Linux Foundation Energy.

Field devices

In 2019 and 2020, we updated and extended our set of security requirements for smart grid field devices. The requirements now cover smart metering, distribution automation, substation automation, IoT-based sensor systems, electric vehicle charging stations, and equipment for wind and solar sites. In 2021, we will investigate the challenges and opportunities of future substation automation architectures and how barriers to patching field devices can be overcome.

Operations program

The operations program aims to develop and share knowledge to security operations analysts responsible for detecting vulnerabilities and incidents. It covers vulnerability management, technologies and use cases for detecting attacks, incident response, and organization of SOC or CSIRT teams.

The main goal for 2021 is to create an active community of security operations analysts for ENCS members who can share operational information about vulnerabilities, threats, and recommendations on how to address them. Creating the community was planned for 2020, however, because of the COVID-19 outbreak no physical meetings could be planned. This made building trust, which is the foundation of such a community, extremely challenging.