EECSP Report final

Strategic challenges and specific needs of the whole energy sector regarding cyber security from four key angles: threat and risk management, cyber defence, cyber resilience and required capacity and competences needed. They further analysed to which extent existing legislation at EU and national level is sufficient to tackle the specific needs of the energy sector and proposed a roadmap of ten action lines as a way forward, such as the identification of providers of essential services in energy, definition of the rules for a regional cooperation, set up the response framework and coordination.


Interim report SGTF EG2 Cybersecurity

Recommendations for the European Commission on Implementation of a Network Code on Cybersecurity


Risk Analysis Method Security Grid

PowerPoint describing the security risk analysis method used by Liander.


Security policy for substation automation

This document describes the recommended security policies for each of these roles. The policies cover:

  • Substation engineers configuring the equipment in the substation, including setting up the internal security measures
  • Other employees working at substations, but not configuring equipment
  • WAN network administrators configuring the perimeter firewalls
  • Team managers that need to enable the administrators and engineers to do their job securely
  • Security operations analysts responsible for coordinating vulnerability management and incident response
  • Procurement staff for buying new equipment with the right security capabilities

A concrete example policy is given aimed at each group. This policy is linked to the controls in ISO 27002. Guidance is given on implementing the example policy at a particular grid operator. The policies apply both to employees and contractors or service providers in the same role.