The security architecture program aims to develop and share knowledge to security architects and others responsible for technical security measures. It covers the design of secure systems and setting security requirements for procuring secure components. In 2022, ENCS will continue to develop its security requirement sets, further aligning them with European development. Discover below what ENCS will focus on during the security architecture program 2022.
Security Requirements
In 2021, we started to align our security requirements sets with European developments. The Cybersecurity Act creates a framework for European cybersecurity certification schemes. It is expected that the commission will encourage the use of such certifications in the network code and revised NIS directive. Hence, it is important to make sure that the ENCS security requirements and testing work is compatible with the certifications.
For OT systems, we are following the development of the Industrial Automation & Control Systems Components Cybersecurity Certification Scheme (ICCS) by the EU Joint Research Center, and the security profiles being developed for IEC 62443 standard. Work has started to make the ENCS requirements sets are in the format required by these schemes. The first sets were published at the end of 2021. In 2022, we will complete the update of the following requirements sets:
- Substation automation
- Distribution automation
- Smart metering
- EV charging
Each update consists of multiple documents: the security architecture, the component requirements, and the test plan.
Together with partners, we will also try to do pilot projects with the IEC 62443 certification schemes. Based on these pilots, we will publish a position paper on what certification schemes are useful for the electricity sector. This position paper can serve as input for the guidance on cybersecurity certification that ENTSO-E and the EU DSO entity will provide under the network code on cybersecurity.
Central systems
ENCS will continue the work on the security of central OT systems started in 2020. The focus will be on security systems supporting the core OT systems. The main topics for 2022 are:
- Secure IT/OT connections: we will develop requirements for machine-to-machine data exchange and remote access by human users
- Key management in OT environments: we will develop recommendations for pre-shared keys and Public Key Infrastructures (PKIs), with a focus on automating key management for large numbers of field devices
- Auditing central system security: we will develop audit plans to structurally assess central systems against the requirements that are developed
Aggregators, VPP, and storage
Aggregators, virtual power plants (VPP) and storage are emerging technologies that integrate with energy grids. They use systems such as EMS, EV charging and DER in processes and with connections that are different than what we have seen before.
To understand the security risks of these new technologies, we will investigate the current situation, assess the applicability of the existing risk assessments and requirement sets to the different processes and connections and propose a plan to deal with any realized gaps. We will approach members and market parties with experience in this topic.
Become an ENCS member
Are you interested in our cyber security programs? As an ENCS member, you can contribute to and learn from all our programs. Click below to learn more about our memberships.