Best practices

This document outlines the scenario of a physical break-in in a high-voltage substation in which the intruders have tampered with digital equipment. Member organizations can use this scenario as a baseline and use their incident response processes to guide the expected answers during the exercise.

On 22 August 2023, CEN/CENELEC published an updated draft of the harmonized standard for the RED cybersecurity requirement. The harmonized standard specifies how manufacturers should

The European Union has been very active in developing new regulations to manage cybersecurity risks. In 2022, we expect that three different regulations will be

On April 12, ESET announced that it found new OT-targeted malware at a Ukrainian Energy company. Like the Industroyer malware used in the attacks on

On 14 April 2022, ACER published a first draft of their revision of the draft network code on cybersecurity. This document gives an overview of

On 14 January 2022, ENTSO-E and the EU DSO submitted the draft network code for cybersecurity to ACER. ACER will review the draft in the

Many grid operators are using specialized security sensors to monitor their central OT networks. The sensors can automatically learn what normal network communication looks like,

An increasing number of grid operators search for solutions to monitor the security of their substations from inside the internal LANs. They see passive monitoring

This document presents security requirements that grid operators can use in their procurement documents for new security monitoring solutions either for their SCADA systems or

This report presents the test results for the Rhebo Industiral Protector security sensors for a laboratory tests on substations traffic. Our members have shown an

This report presents the test results for the Omicron StationGuard security sensors for a laboratory tests on substations traffic. Our members have shown an increasing

This report presents the test results for the Nozomi Guardian security sensors for a laboratory tests on substations traffic. Our members have shown an increasing

This report presents the test results for the Forescout SilentDefense security sensors for a laboratory tests on substations traffic and two tests in members’ substations.

This report presents the test results for the Cisco Cyber Vision security sensors for a laboratory tests on substations traffic. Our members have shown an

The objective of the member project for Information Security Management was to gather and share best practices for implementing and running an Information Security Management

A catalogue of monitoring detection activities for OT systems linked to threats. This document proposes a risk-based approach to OT security monitoring. Detection activities are

The European Commission has made certification of products, services and processes one of the pillars of their cybersecurity strategy.In the 2019 Cybersecurity Act, ENISA was

This whitepaper gives an update to ENCS members on the revised NIS directive. On 16 December 2020, the European Commission adopted a proposal for a

Many grid operators are using specialized security sensors to monitor their central OT networks. The sensors can automatically learn what normal network communication looks like,

This whitepaper recommends methods to implement centralized access control for field devices. Centralized access control would allow grid operators to greatly improve the security of

This test report gives the results of testing a distribution automation remote terminal unit (RTU) against the hardware security requirements that ENCS has developed in

This report contains the results of a market survey on OT security sensors for substations. In 2017, the ENCS ran a project on security monitoring

This reports recommends security measuers for grid operators connecting to distributed energy resources (DER). As alternative energy sources, such have wind, solar or heat, have

This whitepaper analyzes what would be needed to implement zero trust for SCADA system. SCADA systems are probably the most critical systems for most grid

ENCS recommends to avoid remotely managing field devices, such as RTUs, gateways, and data concentrators, through a web interface. Engineers commonly use a web interface

This document provides a strategy for grid operators to protect distribution automation systems against physical attacks on field locations. Grid operators rely on distribution automation

This report assesses the risk of physical attacks against field devices to be able to select the right hardware security measures. Increasingly vendors are including

This document gives requirements that grid operators can use to specify hardware security measures. More vendors are including hardware security measures in smart grid field

This guide describes how to analyze risk by constructing a BowTie diagram. How the analysis can be used in a risk management process compatible with

The objective of the member project for Information Security Management was to gather and share best practices for implementing and running an Information Security Management

Whitepaper comparing different options for security certifications for products.

Many grid operators are considering new use cases for substation automation, such as direct IEC 61850 communication between the control center and IEDs, remote configuration

This document present a strategy to monitor the security of substation. The strategy makes it difficult for advanced threats to execute controlled attacks. Advanced threats

This document describes a strategy to improve the cyber security of legacy substations.Substation automation equipment is not frequently replaced because of the high cost of

There are many sensors to monitor the security of IT systems. Vulnerability scanners can findand track vulnerabilities. Anti-virus can detect malware on laptops or servers.

Grid operators need to react to security developments quickly .When new vulnerabilities arefound, they need to quickly patch, or take other measures. When they suspect

This document describes the recommended security policies for each of these roles. The policies cover:• Substation engineers configuring the equipment in the substation, including setting

In this article, we share the first impressions from the network-based monitoring sensor, Darktrace.

Setting up security monitoring for Operational Technology (OT) systems can be a daunting task. Sensors need to be placed in the OT systems to detect

ENCS informs its members about this attack and provide an interpretation. It is a new entry in the short list of publicly disclosed malwares that

In recent years, sensors have come on the market to monitor the security of Operational Technology (OT) systems. A previous market survey, identified a new

Trying to organize a security operations team raises many questions. What should the mission of the team be? What capabilities should the team have? Where

Report on CrashOverride/Industroyer threat

This document describes an architecture for monitoring process IT (PIT) environments. It was developed as part of a project started by E.ON Group to support

This document provides an overview of the software products available for monitoring process IT (PIT) systems. The market overview is meant to give DSOs insight

On December 23, 2015 a power-outage occurred in the Ukraine, which affected around half of the homes in the Ivano-Frankivsk region. After the outage, malware