Security architecture program 2026

ENCS organises its knowledge development in 3 programs: policy, architecture, and operations. Below, you can explore what we have planned in these areas for 2026.

The architecture program aims to develop and share knowledge with security architects and others responsible for technical security measures. It covers the design of secure systems and setting security requirements for procuring secure components. 

We will work on the security of central OT systems and substation automation. We will also participate in the drafting of harmonized standards for the Cyber Resilience Act (CRA). 

Central OT systems

Central systems are used to support, manage, and maintain the systems that support critical processes, such as SCADA, substation automation, and distribution automation processes. Because of this, protecting the central systems is also key to secure critical processes.

The question is how to effectively secure the multiple systems that make up the Central OT systems.

In this activity, we will, together with experts from the members, analyse threats, study legal requirements, identify best practices and assess risks for central OT systems. We will work to extend the coverage of available security requirements in this area.

Substation automation

In 2019, ENCS had a member project on substation automation security, in which we developed a security architecture and procurement requirements for gateways, IEDs, and HMIs. The architecture and requirements were updated to use IEC 62443 in 2022. Last year ENTSO-E and the DSO entity published a draft profile for substation automation gateway for the network code on cybersecurity. The profile has a similar purpose and structure as the 2022 ENCS procurement requirements.

This year, together with experts from the members, we will work on risk-based information on substation automation security by updating documents, analysing of standards, best practice architecture, and risk assessments, including work on virtualization and containerization for field devices performed in 2025. 
 

Participation in CRA standardization 

From December 2027, the Cyber Resilience Act (CRA) will set security requirements for all products with digital elements in the EU, including all hardware and software used by grid operators. Most manufacturers will comply with the CRA by implementing so-called harmonized standards. These standards translate the high-level essential requirement in the CRA into a more detailed specification. These standards will thus determine the security measures that manufacturers will implement in the coming years. 
 
While manufacturers are responsible for implementing the CRA, it will have an impact on DSOs through the requirements on smart metering equipment. Smart meters and data concentrators could be considered as critical products under two categories: 
 
  • Hardware Devices with Security Boxes
  • Smart meter gateways and other devices for advanced security purposes
If they are considered critical, manufacturers must perform a stricter conformity assessment. Hence, it is important that DSOs make sure that the harmonized standards are reasonable. The European Commission has set a deadline for developing almost 40 of the 41 standards on 30 October 2026 or earlier. So, these will be developed this year. 
 
In this activity, ENCS will participate in the CEN/CLC JTC 13 / WG 9 groups that will develop standards for the above categories, to keep our members informed and represent the interest of DSO. Additionally, we will also provide bi-weekly updates on the CRA standardization process, host webinars and workshops to review medium and high priority standards with the members.
 

Become an ENCS member

Are you interested in our cyber security programs? As an ENCS member, you can contribute to and learn from all our programs. Click below to learn more about our memberships.

become an ENCS member

Subscribe to our newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Toestemming*
back to news