Upcoming webinars
7 December 2022: Preparing for product certification
Architecture program
With the cybersecurity act in 2019, the European commission has started a lot of work on cybersecurity certification schemes for products. ENISA is working on a formal work program. Manufacturers and test labs are developing schemes that they hope will be included in this work program in the future.
Grid operators have for the most part not been involved in this work. The certification schemes may however become important to them in the future, as it may become mandatory to buy certified products in the future under the NIS 2 directive.
In this webinar, we would like to give an overview of the schemes that are under development, and then discuss the work that ENCS has been doing to investigate if these schemes can be applied to distribution automation and electric vehicle charging.
Previous webinars
9 February 2022: Update on the network code on cybersecurity
Policy program
On January 14, ENTSO-E and the EU DSO entity submitted the network code on cybersecurity to ACER for review. In this webinar, we want to reflect on the current draft with two active members of the drafting team: Olivier Clément from Enedis who worked on the information sharing and cybersecurity exercises and Bart Luijkx from Alliander who worked on the risk assessment and cybersecurity controls. What parts turned out well, and which parts could be improved?
At the same time, we want to look forward to the next steps: the review by ACER and the implementation. The current draft leaves open major points, such as the governance of the risk assessment process and the integration with the revised NIS directive. How should these points be filled in?
16 February 2022: Central systems (Part 2)
Architecture program
The central maintenance systems are covered in our series of security architecture documents. They are written in a way that leave a number of implementation options to the system or network administrators. In this webinar, we will continue to go through some of these options, such backups and logging, and try to see if the requirements can already select one of them.
The Purdue Model defines different levels for different types of systems. IEC 62443 provides guidance for defining zones and conduits based on the notion of security levels. We can use this to define that the IT systems should be separated from the OT systems, and that the OT zones and conduits need to provide capabilities to a certain level. However, is this enough to define if a SCADA server can be in the same zone with a dispatch workstation, or if the same SCADA frontend can communicate with both internal and external RTUs? In the webinar, we will analyze this question and look into a possible extended approach.
23 February 2022: Log4j in the OT domain
Operations program
In December 2021, a critical vulnerability was found in the log4j library. Practically all ENCS members were affected, as the library is widely used in both IT and OT. Identifying all affected systems however was not always easy. And updating the systems under the threat of exploits also created a lot of pressure on the security teams.
In this webinar, we would like to discuss the responses at different ENCS members. How was the patching of systems prioritized? What measures did members take to ensure that their critical systems were not exploited before they were patched?
2 March 2022: Security risk assessment for grid control systems
Policy program
Risk assessments are at the core of the security activities at all of our members. They are a key part of the information security management systems or other frameworks most members use. Performing risk assessments is mandatory under most national NIS implementations and the future network code on cybersecurity.
But performing cybersecurity risk assessments for critical grid systems is still a challenge. Information about the likelihood of incidents is scarce. Estimating the impact in a way that management understands, requires in-depth knowledge of the business processes. And the effectiveness of measures is often difficult to measure. In this webinar, we will discuss the risk assessment approaches used at different members to see what we can learn from each other.
9 March 2022: Security of engineering laptops
Architecture program
Engineering laptops are still one of the biggest challenges in OT security. Most ENCS members now have a dedicated solution for providing secure laptops to their engineers. But the laptops form a major entry point into the OT systems. And there is a trade-off between locking the laptops down for security and keeping them usable for the engineers.
In this webinar, we will discuss the updated ENCS security architecture for engineering laptops and the experiences with implementing laptops at different members.
16 March 2022: Towards an OT SOC maturity model
Operations program
Many grid operators are building up their OT security operations center (SOC). Often the SOC started small with maybe a network-based IDS and some volunteers watching it full-time. But vulnerabilities such as log4j show that there is a need for a stronger operational security capability. Regulators are also starting to require this. Under the network code for cybersecurity, every grid operator will need a SOC with log monitoring, intrusion detection, vulnerability management, and incident response capabilities.
To provide a roadmap for building the SOC, maturity models such as SOC CMM can be helpful. But models developed for IT are not always a good fit for OT. They often assume a large and independent SOC. Many OT organizations instead benefit more from a smaller SOC integrated with the OT operations departments. In this webinar, we would like to explore how SOC maturity models may be adapted to OT.
23 March 2022: Securely connecting to distributed energy resources
Policy program
Distribution system operators (DSOs) are connecting more and more distributed energy resources, such as solar and wind parks, to the distribution grid. In many cases, this leads to congestion during peaks in generation. To manage this congestion, some DSOs are looking to curtail the power from these parks if there is not enough capacity in the grid. They are connecting park controllers and inverters of the DER to their control systems, so that they can request to reduce generation.
These connections lead to new security risks. The inverters or park controllers of the DER operator are being connected to critical systems at the DSO, such as RTUs or the SCADA system. This creates new attack vectors into the core OT systems of the DSO.
In this webinar, we will analyze these risks are, and discuss what measures DSOs can take to mitigate them. This presents an update of the results from the member project on DER from 2020:
30 March 2022: Security requirements for substation automation and disctribution automation systems
Architecture program
ENCS has been working on updating the security requirement documents for distribution automation (DA) and substation automation (SA) since last year. The main goals of this new release were to make it easier to use them in tenders for multiple components and to allow the requirements to be used in the ICCS certification scheme developed under the European cybersecurity act.
During this webinar we will present a first look to the new requirement sets for distribution automation and substation automation and we will discuss the content of these new documents with our members.
13 April 2022: Update on European cybersecurity regulations
Policy program
In this webinar, we will give an update on the developments on European regulations. We will cover the preparations for the network code on cybersecurity, the current state of the revised NIS directive, and the upcoming cyber-resilience act.
20 April 2022: Distribution automation security
Architecture program
In the webinar on 30 March, we looked at the security requirements for distribution automation that we are developing. In this webinar, we will look at the development in distribution automation at different members.
11 May 2022: Securely connecting to distributed energy resources – part 2
Policy program
In this webinar, we continue the discussion on connection distributed energy resources to grid operator control systems, started in the webinar of 30 March. We look at the solutions in different members. Especially, in this webinar we will discuss the risks of connecting DER to the SCADA system.
25 May 2022: Securely connecting to distributed energy resources – part 3
Policy program
In this webinar, we continue the discussion on connection distributed energy resources to grid operator control systems, started in the webinar of 30 March. We look at the solutions in different countries and discuss the risk assessment started together with the Dutch grid operators.
1 June 2022: Smart meter security
Architecture program
With the large-scale rollout of smart meters in Europe under way, some countries are already looking at installing a second generation of smart meters. In this webinar, we discuss the lessons learned from the first generation and the challenges for the new generation.
14 June 2022: Product and system certification using IEC 62443
Policy program
The IEC 62443 standard includes security requirements for systems (part 3-3) and components (part 4-2). In the IEC standardization groups work is now ongoing to allow certification against these requirements. If done well, this would make it easier for grid operators to procure secure equipment. In this webinar we will discuss the current status of the work on certification and what we think is needed to make the certification useful for TSOs and DSOs.
22 June 2022: Zoning for OT systems
Architecture program
The Purdue Model defines different levels for different types of systems. IEC 62443 provides guidance for defining zones and conduits based on the notion of security levels. We can use this to define that the IT systems should be separated from the OT systems, and that the OT zones and conduits need to provide capabilities to a certain level. However, is this enough to define if a SCADA server can be in the same zone with a dispatch workstation, or if the same SCADA frontend can communicate with both internal and external RTUs? In the webinar, we will analyze this question and look into a possible extended approach.
29 June 2022: Preparing for the NCCS cybersecurity exercises
Operations program
The upcoming Network Code on Cybersecurity will make cybersecurity exercises mandatory for the entities that fall under it.
In this webinar we will discuss the expectations on cybersecurity exercises on the current draft of the network code. We will also assess the interest or need of having a joint trial exercise before the network code comes into place.
14 September 2022: Update on EU regulations – The NIS 2 directive, CER directive, and the network code on cybersecurity
Policy program
Since the last update on European regulations in February, a lot has happened. The European Commission, Parliament, and Council reached political agreement on a new version of the NIS directive (NIS 2), and on a directive on the resilience of critical infrastructures. And ACER submitted their version of the network code on cybersecurity to the Commission. So, in the coming years TSOs and DSOs will need to deal with three regulations on managing cybersecurity risks, and reporting incidents.
But the three regulations differ in the risks and incidents that are in scope, and the measures they require entities to take. In this webinar, we will give an overview of these regulations, so that grid operators can prepare for them.
28 September 2022: Risk assessments in information security management systems
Policy program
Risk management is at the heart of an information security management system (ISMS). But there are great differences in how grid operators approach this activity.
In this webinar, we will discuss with security officers from different members how they perform risk assessments for their OT ISMS. What threats do they consider? When do they accept risks? How do they measure the effectiveness of measures? How do they deal with insider threats and physical attacks?
2 November 2022: OT SOC maturity model
Operations program
In the webinar on 16 March, we discussed how we could apply maturity models to security operations centers (SOCs) for Operational Technology (OT). In this webinar, we would like to present a first version of a maturity model that is tailored for OT at grid operators. We will discuss this model with SOC analysts from our members.
9 November 2022: Securely connecting distributed energy resources – Part 3
Architecture program
In this third webinar on distributed energy resources (DER), we continue exploring how different members connect DER, such as solar and wind parks, to their own systems in a secure way to implement balancing or congestion management.
