To protect networks and devices from cyber threats, this study focuses on the evaluation of interdependencies to determine their importance, risks, mitigation factors and possible security measures to implement. There is high exposure of smart grid devices that makes it essential to harmonize the current situation by establishing common interconnection protocols. It has also become imperative to seek aligning policies, standards and regulations across the EU to ensure the overall security of smart grids. These aspects have currently grown in importance due to the risk that cascading failures could result since smart grid communication networks are no longer limited by physical or geographical barriers, and an attack on one country could transgress physical and virtual borders.
The recommendations of this report are addressed to operators, vendors, manufacturers and security tools providers in the EU and they include the following:
- foster intercommunication protocol compatibility between devices originating from different manufacturers and vendors
- develop a set of minimum security requirements to be applied in all communication interdependencies in smart grids
- implement security measures on all devices and protocols that are part, or make use of the smart grid communication network.
ENISA’s Executive Director, Prof. Udo Helmbrecht, commented: “ENISA pursues the goal of improving the resilience of smart grid security systems against cyber threats. This report provides much needed guidance to defend the smart grid and protect networks and devices from cyber-attacks”.
In 2016 ENISA continues its efforts alongside the European Commission, as well as smart grid operators, vendors, manufacturers and security tool providers to secure the future of the smart grids. Furthermore the Agency will continue to coordinate SISEC, a reference group of security experts, representing national cyber security authorities, energy and ICT industries, that aims to support ENISA activities towards higher maturity in the EU’s smart infrastructures’ cyber security.
Please see full report