According to the European Network and Information Security Agency (ENISA) in a new report, work needs to be done to improve security around smart grids in Europe.
The study is aimed to provide useful and practical advice for the public and private sector, in preparation for a rollout of smart meters.
Out of the more than 100 findings, 10 security recommendations are made:
- Improve the regulatory and policy framework
- Foster the creation of a public-private partnership (PPP) entity to coordinate smart grid cybersecurity initiatives
- Foster awareness raising and training initiatives
- Foster dissemination and knowledge sharing initiatives
- Develop a minimum set of reference standards and guidelines
- Promote the development of security certification schemes for products and organizational security
- Foster the creation of test beds and security assessments
- Refine strategies to coordinate large scale pan-European cyber incidents affecting power grids
- Involve computer security incident response teams to play and advisory role in dealing with cyber security issues affecting power grids
- Foster research in smart grid cyber security leveraging existing research programs.
“Our study shows that the two ‘separate worlds’ of the energy sector versus the IT security sector must be aligned on security for smart grids,” commented Udo Helmbrecht, executive director of ENISA. “We estimate that without taking cybersecurity into serious consideration, smart grids may evolve in an uncoordinated manner. I would therefore suggest that smart grids’ security be made part of the EU’s forthcoming Internet Security Strategy.”
ENISA concludes that the recommendations are effective, achievable and urgent.