Since 2018, ENCS organises its knowledge development in 3 programs: policy, architecture, and operations. Below, you can explore what we worked on these areas in 2020.
The security programs of 2020 focused on the following activities:
- In the policy program, the focus in 2020 was on European regulation. ENCS anticipated that grid operators would be affected more and more by European laws and directives on security, such as the NIS directive, the Cybersecurity Act and the network code on cybersecurity. By being actively involved in EU groups, ENCS aimed to inform its members on these developments and, where possible, influence regulation so that it addresses topics important to grid operators in the right way.
- In the architecture program, we expanded the work on security requirements. New requirement sets were developed to cover distributed energy resources and central systems.
- In the operations program, we planned to create an active community of security operations analysts at ENCS members that can share operational information about vulnerabilities, threats, and recommendations on how to address them.
In the 2020 security programs, ENCS produced 31 new documents on its portal and organized 19 community events. Below, you can read more about what we achieved on our security architecture program for 2020.
Security architecture program 2020
In 2020, ENCS expanded the work on security requirements. New requirement sets were developed to cover distributed energy resources and central systems. The approach developed for testing and certification was improved and validated in projects. The existing requirement sets for field components were updated.
Distributed Energy Resources (DER)
In 2020, ENCS completed a comprehensive project on DER security in cooperation with WindEurope and SolarPower Europe to work jointly towards a European grid with no weakest link in the chain. The project has produced a risk assessment for DER security, a set of recommended security measures for DER operators, a set of recommended security measures for grid operators connecting to DER, a set of procurement requirements for field devices to be used by the DER operator, and a position paper on DER security providing context on the subject and the main project results.
ENCS worked on covering key central systems still missing from requirement sets. A security architecture and procurement requirements for SCADA/EMS/DMS systems were developed. In addition to the above-mentioned security architecture, ENCS analyzed what would be needed to implement a zero-trust approach for a SCADA system in a whitepaper. Their criticality means that these systems would especially benefit from better resilience against cyber-attacks.
ENCS developed a recommendation for access control in OT environments. Different technologies for centralized access control, such as LDAP, Active Directory, RADIUS and TACACS, were compared and available solutions for managing remote access were reviewed. Engineers commonly use a web interface to configure and maintain devices, as they provide easy access. But by using it they may inadvertently help to spread attacks. ENCS recommends managing field devices through other means than web interfaces and has published a whitepaper detailing the risks.
As engineers from grid operators or their vendors use engineering laptops in their daily work, these devices are exposed to a variety of threats and the impact of compromise is especially high. That is why ENCS developed a security architecture to protect engineering laptops.
ENCS also developed a recommended security architecture for sensor system, particularly those based on IoT technologies. It gives a set of technical measures that those designing and maintaining the systems can use to mitigate security risks by reducing the likelihoods. Further, ENCS provides a harmonized set of security requirements that grid operators can use directly in their procurement documents for sensors. The requirements have been reviewed by both grid operators and sensor vendors, and are designed to fit into existing processes and procedures.
In 2019, the member project on procuring secure equipment began to explore the opportunity of testing directly for equipment vendors instead of grid operators. Doing so allows more cost-effective testing, as the cost of testing can be shared between all users of a component. To be able to test against existing ENCS requirements, standardized test plans for different types of equipment were developed including Electric vehicles (EV), smart meters and data concentrators.
ENCS saw that vendors were increasingly including hardware security measures in smart grid field devices. However, some may not mitigate the real security risks. To get effective measures, grid operators should therefore include specific requirements in their procurement process. ENCS assessed the physical risks to field devices and developed recommendations for such hardware security measures. A test report of evaluating a distribution automation (DA) RTU against the recommended ENCS requirements has been made available.
Further, ENCS published strategy for grid operators to protect distribution automation systems against physical attacks on field locations. The focus is on how to harden the RTU itself as much as possible, while using the system architecture to limit the impact of determined attacks to a single location.
Become an ENCS member
Are you interested in our cyber security programs? As an ENCS member, you can contribute to and learn from all our programs. Click below to learn more about our memberships.