Since 2018, ENCS organises its knowledge development in 3 programs: policy, architecture, and operations. Below, you can explore what we have planned in these areas for 2021.
The thread connecting the 2021 activities is the upcoming Network Code on Cybersecurity. Since this legislation will have a major influence on the security programs of European grid operators, we plan to support our members in preparing for this change. The security programs of 2021 will therefore focus on the following activities:
- In the policy program, we will continue to support the drafting team, prepare methods to assess security risks in the electricity sector, and support our members in implementing an ISO/IEC 27001 Information Security Management System (ISMS) through the ISMS expert group.
- In the architecture program, we will support the development of a product assurance scheme by further developing our test plans for smart grid components.
- In the operations program, we will prepare for technical information sharing by setting up a community of OT Security Operations Center (SOC) analysts.
Below, you can read a summary of our security architecture program for 2021. To learn more, you can download the ENCS security program 2021.
Security Architecture program 2021
The architecture program 2021 aims to develop and share knowledge to security architects and others responsible for technical security measures. It covers the design of secure systems and setting security requirements for procuring secure components.
Product assurance scheme
As part of the network code, it is planned to prepare a vendor equipment testing scheme for components and systems. In 2021, we will continue to support the development of the network code product assurance scheme. We will continue to develop and implement the test plans for its requirements sets. We will align these test plans with the requirements from the network code assurance scheme.
Secure software development
Many grid operators are developing some smart grid applications themselves. They have an in-house development team, or are hiring a development company to develop custom applications. In 2021, we will investigate how they can ensure that these applications are developed in a secure way. The investigation will continue work done for ENTSO-E on secure software development lifecycle and application testing, and on work with the Linux Foundation Energy. It will focus on two activities: implementing a secure software development lifecycle and application testing recommendations.
Central systems
We will continue the work on the security of central OT systems started in 2020. The focus will be on security systems supporting the core OT systems. The topics planned for 2021 are secure IT/OT connections, key management in OT environments, and Auditing central system security.
Field devices
In 2019 and 2020, we updated and extended our set of security requirements for smart grid field devices. The requirements now cover smart metering, distribution automation, substation automation, IoT-based sensor systems, electric vehicle charging stations, and equipment for wind and solar sites. No major updates for these requirements documents are planned for 2021. But we will investigate future substation automation architectures and patching of field devices.
Become an ENCS member
Are you interested in our cyber security programs? As an ENCS member, you can contribute to and learn from all our programs. Click below to learn more about our memberships.