PARIS – The European Network and Information Security Agency (ENISA) has published a report that makes ten recommendations to the public sector involved in the definition and implementation of smart grids.
Smart grids offer benefits to the society at large but their dependency on computer networks and applications, as well as on the Internet, increases exposure to malicious cyber attacks. Vulnerabilities of communication networks and information systems could indeed be exploited for financial or political motivation to shut off power to large areas or directing cyber-attacks against power generation plants.
However, the communication infrastructures are not the only source of vulnerabilities, the report indicated. Software and hardware used for building the smart grid infrastructure are at risk of being tampered with even before they are linked together. Rogue code, including the so-called logic bombs which cause sudden malfunctions, can be inserted into software while it is being developed. As for hardware, remotely operated “kill switches” and hidden “backdoors” can be written into the computer chips used by the smart grid and allowing outside actors to manipulate the systems.
“Our study shows that the two ‘separate worlds’ of the energy sector versus the IT security sector must be aligned on security for smart grids," stated Professor Udo Helmbrecht, executive director of ENISA. "We estimate that without taking cyber security into serious consideration, smart grids may evolve in an uncoordinated manner. I would therefore suggest that smart grids’ security be made part of the EU’s forthcoming Internet Security Strategy.”
In its latest report, ENISA said it has identified risks and challenges linked to cyber security aspects of smart grids. It also outlines European initiatives on standardization, knowledge sharing, certification, training, pilots, and other activities addressing cyber security in the smart grids.
The study then assesses the role of Information and Communication Technologies (ICTs) as the underpinning platform of the future grid, and investigates related threats and risks. The study suggests good practices and recommendations for all stakeholders that are engaged in the security, reliability and resilience of future smart grid deployments.
Among the ten security recommendations, the report indicates that the European Commission (EC) and the competent authorities of the Member States (MS) need to provide a clear, regulatory and policy framework on smart grid cyber security at the national and EU level, as this presently is missing.
The EC, in collaboration with ENISA, the MS, and the private sector, should also develop a minimum set of security measures based on existing standards and guidelines.
And, both the EC and the MS authorities should promote security certification schemes for the entire value chain of smart grids components, including organizational security.
The full report, which lists the ten recommendations, is available for download here