The ENCS team is pleased to bring to you attention last year’s main publications of security requirements, position papers and best practices!
Operations Program
In 2024, we focused on empowering security analysts at grid operators with best practices to enhance security posture. We developed several interactive documents designed to be frequently updated based on feedback from SOC analysts’ roundtables and members input and published the results on our web portal. Moreover, as our members have shown an increasing interest in deploying OT security monitoring solutions, ENCS evaluated such sensors in the member project on security monitoring in 2024. Members can request the full 2024 test results documents through info@encs.eu.
- WP-063-2024: Tabletop exercises: Physical break-in scenario
- WP-065-2024: ENCS Security exercises planning
- WP-066-2025: Minimum set of security monitoring use cases for OT
- WP-070-2025: OT SOC charter template based on the SOC-CMM
- WP-073-2025: Dragos test results
- WP-074-2025: FortiGate test results
- WP-075-2025: Nozomi test results
- WP-076-2025: Radiflow test results
- WP-077-2025: Rhebo test results
We also hosted three webinars and a SOC Security Analysts’ Roundtable for Information and Knowledge Sharing. Recordings and take-aways are available here:
- Webinar: SOC Charter
- Webinar: SIEM & IDS – Use cases
- Webinar: IDS – Results
- Insights on the SOC Analyst Roundtable
Policy Program
In 2024 a range of European regulations on cybersecurity was launched. On May 24, 2024, the European Commission published the first ever network code for cybersecurity of the EU electricity sector. In June, CEN/CLC formally approved EN 18031: Common Security Requirements for Radio Equipment. Following the political agreement on the Cyber Resilience Act (CRA) in October, preparations for its implementation began. Correspondingly, we provided insights to help grid operators adapt to these evolving regulations.
We also examined the integration of Artificial Intelligence (AI) in Operational Technology (OT) systems, particularly in critical infrastructures like power grids, which presents both unprecedented opportunities and complex challenges. These developments were introduced to our members through whitepapers and webinars:
- WP-064-2024: AI and Cybersecurity in Power Grids
- WP-067-2024: Radio Equipment Directive cybersecurity requirements
- WP-068-2024: The Cyber Resilience Act for grid operators
- WP-069-2024: Smart metering equipment as critical products under the CRA
- Webinar: Network Code update
- Webinar: Product Regulation Update
Architecture Program
In the architecture program, our focus in 2024 was on security requirements for Electric Vehicle (EV) charging infrastructure. We conducted a detailed threat analysis and developed security requirements aligned with IEC standards. These resources support Charge Point Operators (CPOs) in designing and implementing secure EV charging systems or procuring new infrastructure. We also compared EN 18031 with EV-311 security requirements for EV charging stations and demonstrated how several IEC 62443-4-2 requirements can be implemented using OCPP 2.0.1 or OCPP 1.6. And we held a webinar on security of distributed energy resources (DER).
- EV-111: Security threat analysis for EV charging infrastructure 2024v0.4 [DRAFT]
- EV-211: Security requirements from IEC 62443 for EV charging infrastructure 2024v0.4 [DRAFT]
- EV-311: Security requirements from IEC 62443 for procuring EV charging stations 2024v0.4 [DRAFT]
- EV-312: Implementing IEC 62443-4-2 requirements in OCPP 2.0.1 2024v0.4 [DRAFT]
- EV-313: Coverage of EN 18031 requirements by EV-311 2024v0.4 [DRAFT]
- Webinar: DER Security
What’s next?
Our event calendar for the 2025 in-person events is already on our website.
