In its 2021 security programs, ENCS supported the development of the network code on cybersecurity, prepared its requirements set for certification, and tested different OT security sensors in high-voltage substations. Below you will find an overview of the results from the program. ENCS is supporting its members to use and implement the recommendations and best practices from the programs.
Security policy program
In 2021, the focus of the policy program was on the network code for cybersecurity. We participated in the ENTSO-E and EU DSO drafting team that wrote the draft network code. We were leading the subgroup working on product assurance and supply chain security. And we contributed to the subgroups on risk assessments, cybersecurity controls, and certification. The drafting team submitted the network code to the EU Agency for the Cooperation of Energy Regulators (ACER) on January 14 for review. We will stay involved during the review in the 2022 program.
We also informed our members on the network code through a series of webinars:
- Network code framework guidelines – part 1
- Network code framework guidelines – part 2
- Network code on cybersecurity – public consultation
The webinars focused on what TSOs and DSOs will need to do to prepare for the network code, which is expected to go into force in 2023. Slides and recordings are available through the above links.
E.DSO, ENCS, and ENTSO-E organized once more a joint cybersecurity event on “Enhancing our grid resilience”. Due to the COVID 19 travel restrictions, the event was held as a webinar. The event had over 200 participants.
Security architecture program
In 2021, ENCS has continued the development of its security requirements sets. The 2021 program prepared the requirements to be used for certification in a European cybersecurity certification scheme. These schemes are being developed by ENISA under the Cybersecurity Act.
We followed the strategy developed in 2020, consisting of three parts:
- We started updating of the security requirements sets published in 2019 to include all the elements needed for certification. For these elements we are looking towards the upcoming profiles for IEC 62443 and the (generic) components context analysis defined in the IACS Components Cybersecurity Certification Scheme. To ensure consistent updates, we developed a requirements catalog for OT components.
- We worked on the development of an evaluation method for IEC 62443-4-2.
- We defined a role for grid operators in the governance for certification in the network code on cybersecurity. ENTSO-E and the EU DSO entity will develope harmonized security procurements requirements and guidance on European cybersecurity certification schemes. This should ensure that the certications schemes are adapted to the needs of the electricity sector.
Security operations program
In the operations program, ENCS tested five OT security sensors in its lab:
- Cisco Cyber Vision
- Forescout SilentDefense
- Nozomi Guardian
- Omicron StationGuard
- Rhebo Industrial Protector
We tested how well the sensors would detect security incidents in high-voltage substations. We injected many different incident scenarios into real substation traffic collected at our members. Then we checked if the sensors would detect the incidents.
Based on the testing, we also developed deployment options for these monitoring solutions and updated the requirements for procuring OT security sensors.