The European Network for Cyber Security (ENCS) has launched a new training course that aims to give security architects the knowledge to design secure smart grid systems. Today, ENCS concludes the first course with participants from a variety of members.
Anjos Nijk, Managing Director, ENCS, comments: “As the smart grid grows in scope and sophistication, we see increasing integration between IT and OT [operational technology]. Following the 2016 and 2017 blackouts in Ukraine, we also see a growing need to withstand advanced, dedicated cyber attacks on energy infrastructure. Grid operators are addressing this need by hiring security professionals to design a secure architecture that crosses both IT and OT. With this training, we hope to improve the skills of these professionals.”
The programme runs over three days and includes modules on risk-based-architecture design and the IT/OT interface design as well as practical use cases such as substation design and smart metering.
Mr Nijk continues: “One of the challenges of designing an effective smart grid risk architecture is getting the balance right. There are many measures from the IT world that are applicable to OT systems: networks segregation, VPNs, jump-servers and so on. But using too many measures will cause high investment costs and may make the system hard to use. Too few though, and the system is vulnerable. Assessing that balance requires thorough understanding of the systems and risks involved.”
The new training is based on practical cases to give students directly applicable knowledge for their role. In groups of three or four, participants are given an OT security challenge and tasked with designing a solution.
The course has been developed based on the ENCS’s extensive experience working with members to design risk-based security architectures. The sum of this expertise is a reusable approach based on ISO 27005 and IEC 62443 standards which has already been successfully deployed to design security requirement sets for smart grid components.
The architecture security training expands ENCS’s role-based training program for grid operators. Last year November, ENCS launched its security operations training aimed at SOC and CSIRT analysts for OT. Earlier this year, ENCS developed tailored management awareness sessions. Next year, ENCS plans to expand the program with a secure configuration training for engineers, and crisis response exercises.