ENISA_Annex v - Smart Grid Security Related Initiatives
Content
Smart grid security
Annex V. Related initiatives
[Deliverable – 2012-03-31]
Smart Grid Security
I
Annex V. Related initiatives
This document is Annex 5 (of 5) to the ENISA study ‘Smart grid security: Recommendations for
Europe and Member States, June 2012’.
Contributors to this report
ENISA would like to recognise the contribution of the S21sec1 team members that prepared
this report in collaboration with and on behalf of ENISA:
Elyoenai Egozcue,
Daniel Herreras Rodríguez,
Jairo Alonso Ortiz,
Victor Fidalgo Villar,
Luis Tarrafeta.
Agreements or Acknowledgements
ENISA would like to acknowledge the contribution of Mr. Wouter Vlegels and Mr. Rafał
Leszczyna to this study.
1
S21sec, the contractor of ENISA for this study is an international security services company with offices in several countries.
Smart Grid Security
II
Annex V. Related initiatives
About ENISA
The European Network and Information Security Agency (ENISA) is a centre of network and
information security expertise for the EU, its member states, the private sector and Europe’s
citizens. ENISA works with these groups to develop advice and recommendations on good
practice in information security. It assists EU member states in implementing relevant EU
legislation and works to improve the resilience of Europe’s critical information infrastructure
and networks. ENISA seeks to enhance existing expertise in EU member states by supporting
the development of cross-border communities committed to improving network and
information security throughout the EU. More information about ENISA and its work can be
found at www.enisa.europa.eu.
Contact details
For contacting ENISA or for general enquiries on CIIP & Resilience, please use the following
details:
E-mail: [email protected]
Internet: http://www.enisa.europa.eu
For questions related to ‘’Smart grid security: Recommendations for Europe and Member
States’’, please use the following details:
E-mail: [email protected]
Legal notice
Notice must be taken that this publication represents the views and interpretations of the
authors and editors, unless stated otherwise. This publication should not be construed to be a
legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC)
No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not
necessarily represent state-of the-art and ENISA may update it from time to time.
Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the
external sources including external websites referenced in this publication.
This publication is intended for information purposes only. It must be accessible free of charge.
Neither ENISA nor any person acting on its behalf is responsible for the use that might be made
of the information contained in this publication.
Reproduction is authorised provided the source is acknowledged.
© European Network and Information Security Agency (ENISA), 2012
Smart Grid Security
III
Annex V. Related initiatives
Contents
1
Introduction .......................................................................................................................... 2
2
Europe ................................................................................................................................... 6
3
Belgium ............................................................................................................................... 37
4
Denmark .............................................................................................................................. 38
5
Germany.............................................................................................................................. 39
6
Italy...................................................................................................................................... 42
7
The Netherlands.................................................................................................................. 44
8
United Kingdom .................................................................................................................. 46
9
USA ...................................................................................................................................... 48
10 International ....................................................................................................................... 58
11 Other web 2.0 initiatives ..................................................................................................... 67
12 Bibliography ........................................................................................................................ 71
13 Abbreviations ...................................................................................................................... 90
Smart Grid Security
2
Annex V. Related initiatives
1
Introduction
The aim of this section is to highlight a number of security initiatives and organisations that
are important for the cyber security of smart grids. These initiatives have been classified
according to their geographical origin and type. Furthermore, their mission/objectives and
primary activities related to smart grid cyber security are also described.
There are two groups of initiatives that have been excluded in this annex. On one side, all
those initiatives which addressed safety and security aspects of power generation and the
electricity grid, but not directly addressing cyber security are not included. Only those major
initiatives at the EU-level, which in the near term might also address cyber security, are
included. In the following lines we provide a list of these initiatives:
ETPIS
E-Energy
BDEW
Smart Grid Network
Electricity Regulatory Forum
ESIA Smart Grid Task Force
EUTC - ICT4SDG ICT for Smart Distributed Generation
More Microgrids
ELECPOR
Slovenian Technology Platform SmartGrids
FUTURED
e-CIP
HiperDNO
On the other hand, there is another group of initiatives which address cyber security issues of
general Industrial Control Systems (ICS). However, these documents could be an important
source of information for any stakeholder of the smart grid which needs to deal with
industrial automation or control systems security. For a detailed outlook on all these
documents we refer the reader to annex IV of ENISA’s report “Protecting Industrial Control
Systems - Recommendations for Europe and Member States” (1). What follows is a list of
these initiatives:
IFAC
IFIP
ISACA
MERIDIAN Conference
SANS
Smart Grid Security
3
Annex V. Related initiatives
TCG
EPCIP
IMG-S
Sixth Framework Programme
NAMUR
VDI
CPNI
Byres Security Blog
WIB
National Risk Assessment
CPNI.NL
OLF
AMETIC
CNPIC
GIPIC
Protect-IC
Test bed Framework for Critical Infrastructure Protection Exercise (Cloud CERT)
PESI
SEMA
The MSB Industrial Control System Security Program
ACC
AGA
API
DoE
DHS
Digital Bond- S4 workshop
TISP
SCADA hacker
SCADAsec
SCADA/Control System Security Professionals
Water Security
Cyber Security in Real-Time Systems
MPCSIE
Finally, the following lines provide a brief explanation of some of the key fields that will be
used for the classification of the initiatives/organisations which are presented in this chapter:
Smart Grid Security
4
Annex V. Related initiatives
Name: Name of the initiative/organisation.
Type: Type of organisation/initiative (see below).
Line of action: The activities the group is related to (i.e. policy, standards, information
sharing, dissemination and awareness, economic or financial, technical, training and
education, R&D).
Participants: Stakeholder types which participate in the organisation/initiative (i.e.
manufacturer or integrator, security tools and services provider, DSO, TSO, power
generation, smart grid services provider (e.g. marketer), academia and R&D, public
bodies, standardisation bodies).
Mission/Objectives: Purpose of the group.
Activities related to smart grid security: Describes all those activities that the
initiative or the organisation being described has undertaken or is currently
undertaken on the field of smart grid (cyber) security and resilience.
Results: Standards, Good Practices, Regulations, Technical Reports, Technical
Solutions, etc.
Comments: Additional information about the organisation/initiative.
URL: The reference URL for the initiative being described.
The values of the “Type” field can be one of the following:
International agency: An association of public bodies from different countries, which
support its members, seeks to achieve common goals and collaborates with other
similar agencies and even non-member countries.
Industry association: An association that supports and protects the rights of a
particular industry and the people who work in that industry, and which seeks to
achieve the common goals of its members. There may be a public entity within these
associations, but it does not have a leading role.
Public Private Partnership: A government service or private business venture which is
funded and operated through a partnership of government and one or more private
sector companies.
Public body: An organization whose work is part of the process of government, but is
not a government department. 2
Regular private organisation: An organisation which is privately run and does not rely
on money from the government and funds from charities. They get make their own
money by providing a service at a cost.
Professional association: Also called a professional body, professional organization, or
professional society. A professional association is usually a non-profit organization
seeking to represent a particular profession, the interests of individuals engaged in
that profession, and the public interest.
European Technology Platform (ETP): are industry-led stakeholder for a charged with
defining research priorities in a broad range of technological areas where achieving EU
Smart Grid Security
5
Annex V. Related initiatives
growth, competitiveness and sustainability requires major research and technological
advances in the medium to long term.
Specialized event: Workshops, forums, conferences or summits focusing on ICS
security and CIP.
Online resource: A specialised website, blog, e-forum, online group, and similar
resources.
Project: Projects made by European Union countries and related to the security of
smart grids.
Other: When an initiative or an organisation does not match with any of the previously
defined types, it will be classified with this value.
Smart Grid Security
6
Annex V. Related initiatives
2
Europe
Name
Action plan on CIIP
Type
Other
Line of action
Organisational and Policy, Dissemination and awareness, Information
sharing, Technical, Economic or financial.
Participants
Public bodies, Manufacturers, Integrators, Operators, Security tools
and services providers.
Mission/Objectives
In order to enhance the security and resilience of CIIs, this integrated
EU action plan was devised by the European Commission to
complement and add value to existing national programmes as well as
to the existing bilateral and multilateral cooperation schemes
between Member States.This action plan was firstly introduced in
COM(2009)149 (19) and consisted of five main pillars:
Preparedness and prevention:
Baseline of capabilities and services for pan-European cooperation.
The Commission invites Member States and concerned stakeholders
to: define, with the support of ENISA, a minimum level of capabilities
and services for National/Governmental CERTs and incident response
operations in support to pan-European cooperation; make sure
National/Governmental CERTs act as the key component of national
capability for preparedness, information sharing, coordination and
response.
European Public Private Partnership for Resilience (EP3R). The
Commission will foster the cooperation between the public and the
private sector on security and resilience objectives, baseline
requirements, good policy practices and measures.
European Forum for information sharing between Member States
(EFMS). The Commission will establish a European Forum for Member
States to share information and good policy practices on security and
resilience of CIIs.
Detection and response:
European Information Sharing and Alert System (EISAS). The
Commission supports the development and deployment of EISAS,
reaching out to citizens and SMEs and being based on national and
private sector information and alert sharing systems.
Mitigation and recovery:
National contingency planning and exercises. The Commission invites
Smart Grid Security
7
Annex V. Related initiatives
Member States to develop national contingency plans and organise
regular exercises for large scale networks security incident response
and disaster recovery, as a step towards closer pan-European
coordination.
Pan-European exercises on large-scale network security incidents. The
Commission will financially support the development of pan-European
exercises on Internet security incidents, which may also constitute the
operational platform for pan-European participation in international
network security incidents exercises, like the US Cyber Storm.
Reinforced cooperation between National/Governmental CERTs. The
Commission invites Member States to strengthen the cooperation
between National/Governmental CERTs, also by leveraging and
expanding existing cooperation mechanisms like the EGC.29.
International cooperation:
Internet resilience and stability. Three complementary activities are
envisaged: A Europe-wide debate, involving all relevant public and
private stakeholders, to define EU priorities for the long term
resilience and stability of the Internet; the definition of guidelines for
the resilience and stability of the Internet, focusing inter alia on
regional remedial actions, mutual assistance agreements, coordinated
recovery and continuity strategies, geographical distribution of critical
Internet resources, technological safeguards in the architecture and
protocols of the Internet, replication and diversity of services and
data; work o na roadmap to promote principles and guidelines at the
global level.
Global exercises on recovery and mitigation of large scale Internet
incidents. The Commission invites European stakeholders to reflect on
a practical way to extend at the global level the exercises being
conducted under the mitigation and recovery pillar, building upon
regional contingency plans and capabilities.
Criteria for European Critical Infrastructures in the ICT sector:
ICT sector specific criteria. By building on the initial activity carried out
in 2008, the Commission will continue to develop, in cooperation with
Member States and all relevant stakeholders, the criteria for
identifying European critical infrastructures for the ICT sector.
The EP3R, the EFMS and EISAS can be interesting platforms for any
future action plan on ICS security at the European level.
Activities related to
smart grid security
Future activities of EP3R will also address cyber security challenges of
smart grids, building on the preparatory work being carried out by the
Commission and ENISA.
Smart Grid Security
8
Annex V. Related initiatives
Results
Policies
Comments
N/A
URL
http://ec.europa.eu/information_society/policy/nis/strategy/activities
/ciip/index_en.htm
Name
CEN/CENELEC/ETSI JWG and SG-CG
Type
International agency
Line of action
Standards
Participants
public bodies, standardization bodies
Mission/Objectives
The Smart Grids Task Force highlighted the importance of new
standards for a successful deployment of smart grids together with a
need for change and improvement of the existing standards. In
addition, this group of experts identified the risk of too many
standardization bodies providing an inconsistent set of standards. As
a result, the Expert Group 1 of the EC Smart Grid Task Force
concluded there was a need for a joint CEN/CENELEC/ETSI group on
standards for smart grids, to deal more intensively with establishing
detailed recommendations to selected standardization bodies. For
this reason the CEN/CENELEC/ETSI Joint Working Group (JWG) on
standards for the smart grid was established. It worked between June
2010 and March 2011 on the production of a report addressing
standards for smart grids. This document was called ‘final report of
CEN/CENELEC/ETSI JWG on standards for smart grids’.
In M/490 the European Commission requested ESOs to develop a
framework to enable ESOs to perform continuous standard
enhancement and development in the field of smart grids, while
maintaining transverse consistency and promote continuous
innovation. The focal point addressing the ESO's response to M/490 is
the CEN/CENELEC/ETSI Smart Grids Coordination Group (SG-CG)
which was built around the membership of the previous JWG.
Besides, M/490 requires the work to build on already existing
material delivered through other mandates such as the M/441 and
M/468. The SG-CG is the main and visible body of a larger structure
which includes four Working Groups (WG) which are coordinated by
the SG-CG. These working groups include:
Reference architecture WG.
First set of standards WG.
Sustainable processes WG.
Security WG (also referred sometimes as Smart Grid
Information Security Working Group - SGIS WG).
Smart Grid Security
9
Annex V. Related initiatives
Activities related to
smart grid security
In addition to other standardisation aspects (e.g. reference
architecture, communication interfaces, generation, transmission,
distribution, smart metering, etc.), the CEN/CELEC/ETSI JWG final
report on standards for smart grids includes a number of
recommendations for smart grid standarisation on the field of
information security.
On the other hand, the SGIS WG of the SG-CG is defining a number of
essential security requirements for smart grids based on
confidentiality, integrity, availability, reliability/resiliency, privacy and
interoperability criteria. Moreover, this WG is working on the
establishment of different security levels to classify the
infrastructures that the smart grid will comprise. Besides, it is also
revising international standars onsmart grid security, identifying gaps
and differences in current European regulations and standards.
Finally, the working group is also defining a set of tools and
methodologies to help clasiffying assets, assessing risks and filling the
aforementioned gaps and other requirements.
Results
Standard recommendations, Standards, Policies.
Comments
SG-CG is built upon the previous JWG
URL
http://www.cen.eu/cen/Sectors/Sectors/UtilitiesAndEnergy
/SmartGrids/Pages/default.aspx
Name
CEN/CENELEC/ETSI SM-CG
Type
International agency
Line of action
Standards
Participants
All stakeholders
Mission/Objectives
The European Commission and EFTA addressed Mandate M/441 to
CEN, CENELEC and ETSI and a Smart Meters Coordination Group (SMCG) was set up to answer this request. This group provides a focal
point concerning smart metering standardization issues in respect to
Mandate M/441 (20).
Mandate M/441 has two phases. The first requests the European
Standards Organizations to develop a European standard comprising
a software and hardware open architecture for utility meters that
supports secure bidirectional communication and allows advanced
information, management, and control systems for consumers and
service suppliers. In this context, the SM-CG identified the main
possible functional communication implementations relevant for
smart metering systems and the standards relevant to meeting the
requirements of mandate M/441, in particular to assist the active
participation of consumers in the energy markets.
Smart Grid Security
10
Annex V. Related initiatives
The second phase of Mandate M/441 requests the European
Standards Organizations to develop European Standards containing
harmonized solutions for additional meter functionalities within an
interoperable framework, using where needed the open architecture
developed under the first phase of Mandate M/441. To clarify
standardization requirements and to ensure consistency in the smart
meter dataflow, it is helpful to consider functionalities in details
through Use Cases.
Activities related to
smart grid security
The SM-CG produced a technical report, CEN-CLC-ETSI TR 50572:2011
'Functional reference architecture for communications in smart
metering systems'(21). This technical report identifies a functional
reference architecture for communications relevant for smart
metering systems and the standards relevant to meeting the
technical/data communications requirements of Mandate M/441, in
particular to assist the active participation of consumers in the energy
markets. Particularly, it addresses privacy and data security aspects
for the definition of the functional reference architecture,
emphasising also general security principles for smart meters.
Results
Technical Report
Comments
CENELEC Smart Meter Coordination Group
URL
http://www.cenelec.eu
Name
DG CONNECT’s Ad-hoc Expert Group on the Security and Resilience of
Communication Networks and Information Systems for Smart Grids
Type
Public Private Platform
Line of action
Policy, standards, technical, dissemination and awareness
Participants
All stakeholders
Mission/Objectives
The European Commission created the Ad-hoc Expert Group to better
understand the views and objectives of the private and public sectors
on the ICT security and resilience challenges for the smart grids as
well as to identify and discuss about the related policies at EU level.
COM(2011) 163(22) on Critical Information Infrastructure Protection
as well as COM(2011) 202 (23) on smart grids were presented are the
two main pillars backin up this initiative. Specifically, COM (2011) 202
declares that the Commission should continue bringing together the
energy and ICT communities within an expert group to assess the
network and information security and resilience of smart grids.
The two main objectives of the Expert Group are:
The identification of European priority areas for which action
should be undertaken to address the security and resilience of
Smart Grid Security
11
Annex V. Related initiatives
communication networks and information systems for smart
grids, as well as the definition of recommendations on how to
progress on each of these areas at the European level.
Activities related to
smart grid security
The identification of which elements of the smart grid should
be addressed by the EG (e.g. smart appliances, smart
metering, smart distribution, smart (local) generation, smart
transmission) as well as the identification of key strategic and
high level security requirements, good practices based on
learned lessons and the proposition of mechanisms to raise
awareness among decision makers.
Based on the aforementioned two main objectives, a ‘Programme of
Work’(24) was defined with the mission of contributing to a coherent
and increased effort to improve the cyber security of the smart grids
and which focuses on the security and resilience of communication
and information systems that are critical for the performance of the
physical electricity infrastructure. This programme of work includes
four main areas, divided into twelve work packages. The areas and
WPs are the following:
I. Area 1. Risks, threats and vulnerabilities
a. WP 1.1 Identify and categorize all relevant smart grid
assets
b. WP 1.2 Develop an attach/threat taxonomy for
relevant assets
c. WP 1.3 Develop a countermeasure taxonomy for
relevant assets
d. WP 1.4 Develop a high-level security risk assessment
methodology for relevant assets
II. Area 2. Requirements and technology
a. WP 2.1 Security requirements
b. WP 2.2 Extend smart grid requirements to include
effective security measures
c. WP 2.3 Research smart grid communication protocols
and infrastructures to incorporate data security
measures
d. WP 2.4 (Public) procurement
III. Area 3. Information and knowledge sharing
a. WP 3.1 Develop a cross-border alliance between
Member States (MS) and relevant competent bodies
IV. Area 4. Awareness, education and training
a. WP 4.1 High level conference for strategic leaders
Smart Grid Security
12
Annex V. Related initiatives
b. WP 4.2 Propose initiatives to increase stakeholder
awareness on data security
c. WP 4.3 Skilled personnel on cyber security in energy
industry
Results
Technical reports, Recommendations
Comments
The first conclusions of the group will be made public in the second
quarter of 2012
URL
http://ec.europa.eu/dgs/information_society/index_en.htm
Name
Smart Grid Task Force
Type
Public Body
Line of action
Policy, Regulation
Participants
public bodies, standardization bodies
Mission/Objectives
To facilitate and support the process of an European Union-wide
smart grid implementation, the European Commission decided to set
up a Task Force on Smart Grids. The Task Force Smart Grids was
designed to provide a joint regulatory, technological and commercial
vision on smart grids taking into account accumulated experiences
worldwide and the technological challenges to be faced mainly during
next decade/s, so as to coordinate the first steps towards the
implementation of smart grids under the provision of the Third
Energy Package.
The Task Force aims to jointly agree among the regulatory
authorities, regulated companies and end users on key issues such as
the estimated cost/benefits, the associated risks and the incentives
needed. The ultimate goal of the initial work programme of the task
force is to identify and produce a set of regulatory recommendations
to ensure European Union -wide consistent, cost-effective, efficient
and fair implementation of smart grids, while achieving the expected
Smart Grids' services and benefits for the network users. The planned
efforts of this Work Programme are focussed on:
Functionalities of smart grid and smart meters: The key
deliverable is to provide an agreement among all actors
involved on a set of minimum functionalities for smart grids
and smart meters.
Regulatory recommendations for data safety, data handling
and data protection: The key deliverable is to identify the
appropriate regulatory scenario and recommendations for
data handling, safety and consumer protection.
Roles and responsibilities of actors involved in the smart
Smart Grid Security
13
Annex V. Related initiatives
grids deployment: The key deliverable is the development of
recommendations on the roles and responsibilities of all
involved actors in the implementation of the smart grids as
well as the definition of criteria and recommendations for
funding of smart grid deployment.
In the beginnning the Smart Grid Task Force comprised three Expert
Groups (EG) to which a fourth one was added afterwards. These EGs
are the following:
Activities related to
smart grid security
Expert Group 1: Functionalities of smart grids and smart
meters.
Expert Group 2: Regulatory recommendations for data safety,
data handling and data protection.
Expert Group 3: Roles and Responsibilities of Actors involved
in the smart grids deployment.
Expert Group 4: Smart grid aspects related to gas.
The EG2 is involved directly insmart grid security. This group aims to:
Identify the benefits and concerns of customers with regard to
smart grids.
Provide an overview of European legislation on data
protection, privacy and its enforcement.
Recommend whether further protective measures should be
put in place.
Identify possible risks in the handling of data, safety and data
protection.
Identify ownership of data and access rights.
Identify responsible parties for data protection
enforcement mechanisms.
Develop a framework in which way data can be used.
Provide recommendations on the Communication of Smart
Grid benefits to consumers, citizens and politicians.
and
The EG2 issued in February 2011 a report titled ‘Regulatory
recommendations for data safety, data handling and data
protection’(25) which focuses on identifying the appropriate
regulatory scenario and recommendations for data handling, security
and data protection.
Results
Regulations, policies, and policy recommendations.
Comments
The initial duration of the task force was 20 months, till May 2011
Smart Grid Security
14
Annex V. Related initiatives
URL
http://ec.europa.eu/energy/gas_electricity/smartgrids/
taskforce_en.htm
Name
Seventh Framework Programme (FP7)
Type
Other (Research and development programme)
Line of action
information sharing, dissemination and awareness.
Participants
All stakeholders
Mission/Objectives
The FP7 is the main Euroepan research programme with a 7 year
duration (2007-2013). The programme has a total budget of over € 50
billion and its main objectives are to strengthen the scientific and
technological base of European industry, encouraging its international
competitiveness, while promoting research that supports EU policies.
The five main Specific Programmes that constitute FP7 are:
Cooperation, Ideas, People, Capacities and Nuclear Research.
The ‘Funding schemes’ are the types of projects, by which FP7 is
implemented. They are the following:
Collaborative projects: collaborative projects are focused on
research projects with clearly defined scientific and
technological objectives and specific expected results (such as
developing new knowledge or technology to improve
European competitiveness). They are carried out by consortia
made up of participants from different countries, and from
industry and academia.
Networks of excellence: the Networks of Excellence are
designed for research institutions willing to combine and
functionally integrate a substantial part of their activities and
capacities in a given field, in order to create a European ‘virtual
research centre’ in this field. This is achieved through a ‘Joint
Programme of Activities’ based on the integrated and
complementary use of resources from entire research units,
departments, laboratories or large teams. The implementation
of this Joint Programme of Activities will require a formal
commitment from the organisations integrating part of their
resources and their activities.
Coordination and support actions: these are actions that
Smart Grid Security
15
Annex V. Related initiatives
cover not the research itself, but the coordination and
networking of projects, programmes and policies. This
includes, for example:
o Coordination and networking activities, dissemination
and use of knowledge
o Studies or expert groups assisting the implementation
of the FP.
o Support for transnational access to major research
infrastructures.
o Actions to stimulate the participation of SMEs, civil
society and their networks.
o Support for cooperation with other European research
schemes (e.g. ‘frontier research’).
Activities related to
smart grid security
There are some projects under the scope of the FP7 which are related
to smart grid security. The following sets out a number of them:
ELVIRE(26): It is an Information and Communication
Technologies (ICT) research project. Its purpose is to develop
an effective system which is able to neutralize the driver’s
’range anxiety’. In order to ease and optimize energy
management of Electric Vehicles (EV) and to cope with the
sparse distribution of electrical supply points during the rampup phase, innovative Information and Communications
Technologies and service concepts are being developed. The
participants of this project are working on procedures to
secure data transmission between vehicles and external
services, sending the information in real time.
AFTER (27): This project addresses vulnerability evaluation and
contingency planning of the energy grids and energy plants,
considering also the ICT systems used in protection and
control. It aims to develop a methodology and a tool for
vulnerability analysis and risk assessment of interconnected
electrical power systems considering their interdependencies.
Moreover, it also aims at developing develop algorithms and
tools supporting contingency planning in a two-fold approach:
preventing or limiting system disruption, by means of physical
security techniques and defence plans; and re-establishing the
Smart Grid Security
16
Annex V. Related initiatives
system after a major disruption, by means of restoration plans.
Open Meter (28): The main objective of the OPEN meter
project is to specify a comprehensive set of open and public
standards for Advanced Metering Infrastructure
(AMI)
supporting multi commodities (Electricity, Gas, Water and
Heat), based on the agreement of the most relevant
stakeholders in the area. The general requirements include
aspects such as security, interoperability, robustness,
scalability, maintenance, performance and management. Part
of its work focuses on the identification and specification of
security requirements and on the determination of security
clauses. The project includes specific tasks devoted to cyber
security in smart grid environments. Besides, a series of
deliverables providing an overview on the steps to be
implemented to achieve a secure smart grid.
Internet of Energy (29) (30): The objective of this project is to
develop hardware, software and middleware for seamless,
secure connectivity and interoperability achieved by
connecting the Internet with the energy grids. The project will
evaluate and develop the needed ICT for the efficient
implementation in future smart grid structures, including
security capabilities.
DLC+VIT4IP: this project will develop, verify and test a highspeed narrow-band power line communications infrastructure
using the Internet Protocol (IP) which is capable of supporting
existing and extending new and multiple communication
applications. These shall include the existing power
distribution network for novel services in smart electricity
distribution networks such as demand side management,
control of distributed generation and customer integration.
This projects develops, among other things, reference designs
and embedded systems architectures for the high efficiency
and secure smart network systems addressing requirements
on compatibility, networking, security, robustness, diagnosis,
maintenance, integrated resource management and selforganization.
Results
Technical reports, good practices.
Comments
FP7 is the short version for Seventh Framework Programme
Smart Grid Security
17
Annex V. Related initiatives
URL
http://cordis.europa.eu/fp7/home_en.html
Name
Smartgrids ETP
Type
European Technology Platform
Line of action
Dissemination and awareness, Policy, R&D
Participants
All smart grid stakeholders
Mission/Objectives
The Smartgrids ETP is the European Technology Platform for
Electricity Networks of the Future. It is the key European forum for
the crystallisation of policy and technology research and the
development of pathways for the smart grids sector, as well as the
linking glue between EU-Level related initiatives.
The mission of the Smartgrids ETP includes:
To foster and support the deployment of SmartGrids in
Europe by advising and coordinating the stakeholders:
European Commission, TSO, DSO, Energy System and
Component vendors, Energy Research Centres, Smart
Metering Industry, Energy Consumers, Utilities Telecom
Providers and Grid Regulators.
To ensure the strategic relevance of the Platform and its
consistency with EU policy.
To link with relevant technology platforms dealing with
energy matters that have an impact both at the generation
and the demand side, on the future of the grid.
To provide relevant input to the EU initiatives such as the SETplan and its European Industrial Initiatives.
The Smartgrids ETP main objectives are:
To ensure that the vision and its implementation remain
focused on responding to the needs of customers and the
delivery of European policy.
To maintain a high level strategic overview of sector
developments, opportunities and threats, bringing forward
issues of priority for attention.
To be a facilitator, working with the grain of sustainable
energy policy for a competitive Europe.
To
promote
SmartGrids
research,
demonstration and deployment projects.
To build and maintain a shared vision for the future of
Europe’s electricity networks and to be a catalyst for its
development,
Smart Grid Security
18
Annex V. Related initiatives
implementation.
The European Technology Platform for Electricity Networks of the
Future actively engages with smart grids stakeholders (researchers,
academia, civil societies, industry), European Commission-funded
research projects and initiatives, related European Technology
Platforms and global grids organisations in a wide range of activities
relevant to the R&D&I of electricity networks in Europe:
Activities related to
smart grid security
Publishing the following documents: vision paper, strategic
research agenda, strategic deployment document
Formulating proposals and recommendations for the
European Electricity Grid Initiative under the framework of
the SET-Plan
Monitoring Research, Studies, Pilot Plants and Demonstration
Responding and disseminating relevant public consultations
Organising Workshops of stakeholders to engage them in its
activities
Taking awareness and communication actions, including the
organisation general assemblies, and development of a
website. A video to disseminate the concept of the ETP vision
for the future was also released in 2007.
In the Smartgrid ETP’s document ‘Strategic research agenda for
Europe’s electricity networks of the future’(31), the security
dimenssion, in its broadest sense, is considered one of the strategic
pillars. Besides, it defines several research areas which acknowledge
the importance of ICT in the new smart grid and the reliability and
security factors. Other research areas consider security from the
point of view of performance expectations, including topics such as
graceful degradation to maximize reliability, availability and resilience
of the grid. In any case cyber security or privacy aspects related to
Information and communication technology are not directly
addressed.
The strategic deployment document of 2010 describes the priorities
for the deployment of innovation in the electricity networks and the
benefits that such innovations will deliver for all takeholders. As it
happens with the strategic research agenda, security is at the
fundamentals of the document. However it is mainly focused on
operational security, relience, reliability and availability, leaving out
cyber security or privacy issues.
Results
Research plans, Recommendations on future strategies
Comments
N/A
URL
http://www.smartgrids.eu
Smart Grid Security
19
Annex V. Related initiatives
Name
EU-US Working Group on Cyber-security and Cybercrime
Type
Other
Line of action
Information sharing, dissemination and awareness, training and
education, organisational and policy.
Participants
Public Bodies
Mission/Objectives
The EU-US Working Group (EU-US WG) on Cyber-security and
Cybercrime was established in the context of the EU-US summit of
20th of November 2010 held in Lisbon. Its main objective is to tackle
new threats to the global networks upon which the security and
prosperity of our free societies increasingly depend. The EU-US WG
addresses a number of specific priority areas and was planned to
report progress within a year time after its establishment. The efforts
include:
Activities related to
smart grid security
Expanding incident management response capabilities jointly
and globally, through a cooperation programme culminating
in a joint EU-US cyber-incident exercise by 2012.
A broad commitment to engage the private sector, sharing of
good practices on collaboration with industry, and pursuing
specific engagement on key issue areas such as fighting
botnets, securing industrial control systems and smart grid
(such as water treatment and power generation), and
enhancing the resilience and stability of the Internet.
A programme of immediate joint awareness raising activities,
sharing messages and models across the Atlantic, as well as a
roadmap towards synchronised annual awareness efforts and
a conference on child protection online in Silicon Valley by
end 2011.
Continuing EU/US cooperation to remove child pornography
from the Internet, including through work with domain-name
registrars and registries.
Advancing the Council of Europe Convention on Cybercrime,
including a programme to expand accession by all EU Member
States, and collaboration to assist states outside the region in
meeting its standards and become parties.
With respect to ICS andsmart grid security the proposed tasks include
the stock taking and comparative analysis of existing initiatives,
pilots, good practices and methods addressing ICT risks, privacy and
security. The input from the EU side includes:
Activities at national level (NL, DE, UK, SE…) as well as at
European level (Euro-SCSIE, possibly via Member States
Smart Grid Security
20
Annex V. Related initiatives
experts in the WG and during the stock taking of the ENISA
studies on ICS and smart grids security)
Ongoing ENISA studies on industrial control systems and
interdependencies of ICT sector to energy
Activities of the Expert Group on the Security and Resilience
of Communication Networks and Information Systems for
Smart Grids, composed of European public and private
stakeholders and coordinated by DG CONNECT.
The input from the US side includes:
Experiences in international public-private coordination to
mature acceptance of voluntary security standards.
Specific methodology and mechanisms to engage with the
private sector to achieve cooperation and mutual engagement
in public-private control system security coordination.
The deliverables expected from this cooperation include:
Strategy for EU and US engagement on the control
system/smart grid priority area;
Plan of Action for EU and US public private engagement on
cyber security of industrial control systems and smart grids;
this will also draw on an analysis of existing coordination
bodies for security of industrial control systems and
highlighting best practices for voluntary participation
developed within them.
Results
Good practices
Comments
N/A
URL
http://europa.eu/rapid/pressReleasesAction.do?reference=
MEMO/10/658&type=HTML
Name
JRC, Smart Electricity Systems Group (SES)
Type
Public Platform
Line of action
Policy and standards
Participants
All stakeholders
Mission/Objectives
The Smart Electricity Systems (SES) group of the JRC provides
scientific support to Directorates-General of the European
Commission on policies and initiatives on smart electricity grids. SES
supports the policy-making process on the developments of the
trans-European and power distribution networks, focusing also on
advances towards super and smart grids architectures. The SES Action
Smart Grid Security
21
Annex V. Related initiatives
concentrates on the following activities:
Design, set up and run the first JRC experimental activities on
smart grids to assess the adequacy and reliability of micro grid
systems embedding renewables and Distributed Energy
Resources, including storage.
Provide technical and policy support to customer DGs on
initiatives related to the development and the operation of
the current and future transmission and distribution
networks, taking into account advances in smart and super
grids concepts; this will be done particularly with relation to
the Strategic Energy Technology Plan (SET-Plan) and the
Energy Infrastructure Package.
Further develop and improve dedicated models and tools to
assess the vulnerability, reliability and security of supply
challenges of the EU electricity transmission and distribution
systems, during both normal and special operational
conditions. The models will be combined with an energy
security Geographic Information System (GIS) framework and
database, especially designed to communicate results in a
user-friendly and geo-referenced manner.
Strengthen cooperation on research and demonstration on
smart transmission and distribution grids with key
stakeholders at the EU, Member State and international level.
Contribute assessing the interdependencies of the ICT and
power systems and to implement the work plan of the new
FP7 AFTER competitive project on power systems vulnerability
identification, defence and restoration.
Activities related to
smart grid security
As it has already been mentioned in the mission/objectives section,
the SES group of the JRC aims to further develop and improve
dedicated models and tools to assess the vulnerability, reliability and
security of supply challenges of the EU electricity transmission and
distribution systems, during both normal and special operational
conditions. The models are envisioned to be combined with an
energy security Geographic Information System (GIS) framework and
database, especially designed to communicate results in a userfriendly and geo-referenced manner.
Results
Good Practices, Technical Reports.
Comments
Following a request from DG ENER, the JRC Smart Electricity Systems
Action carried out an independent assessment of smart grid projects
throughout Europe. They launched a survey to collect smart grid
experiences in Europe and support analysis on trends and
developments in smart grids implementation.
URL
http://ses.jrc.ec.europa.eu
Smart Grid Security
22
Annex V. Related initiatives
Name
CEER
Type
International Agency
Line of action
Policy, standards
Participants
Europe's national regulators of electricity and gas at EU and
international level.
Mission/Objectives
The Council of European Energy Regulators (CEER) is the voice of
Europe's national regulators of electricity and gas at EU and
international level. Through CEER, a non-for-profit association, the
national regulators cooperate and exchange best practice. A key
objective of the CEER is to facilitate the creation of a single,
competitive, efficient and sustainable EU internal energy market that
works in the public interest. Besides, CEER works closely with and
supports the work of the Agency for the Cooperation of Energy
Regulators (ACER).
The Electricity Working Group (EWG) of
related to the European electricity grids
market. According to them, in 2012, the
following areas of work: quality of supply,
development, security of supply.
Activities related to
smart grid security
CEER deals with issues
and the EU electricity
EWG will focus on the
smart grids, sustainable
During 2012 CEER will see the continuation of the previous efforts to
address the challenges of security of supply from the viewpoint of
generation adequacy, elaborating guidelines of good practices.
Three task forces have been defined, from which two of them are
directly related to security aspects of the smart grid. These task
forces are:
Electricity Quality of Supply and Smart Grids (EQS) Task Force, which
is working on quality issues and the regulatory aspects of ’smart
grids’.
Electricity Security of Supply (ESS) Task Force which is addressing the
challenges of security of supply from the viewpoint of generation
adequacy.
Even though security and reliability of the grid are the focus of many
of the efforts of this agency, cyber security issues are not still being
considered as a key aspect.
Results
Annual overview and future work programme documents; Annual
national reports for each EU country; Regulatory guidelines and good
practices; Newsletter
Comments
Council of European Energy Regulators
Smart Grid Security
23
Annex V. Related initiatives
URL
http://www.energy-regulators.eu
Name
ANEC
Type
Other
Line of action
Standardisation
Participants
Represents the European consumer
Mission/Objectives
ANEC is the European consumer voice in standardisation. This
association represents the European consumer interest in the
creation of technical standards, especially those developed to
support the implementation of European laws and public policies.
ANEC participates principally through its voluntary experts in the
standards development work of the three European Standards
Organisations (ESOs) recognised by the European Union and EFTA:
CEN, CENELEC, and ETSI.
ANEC is governed by a general assembly which comprises one one
individual from each of the 30 countries of the European Union and
EFTA. The individual is nominated through a collective decision of the
national consumer organisations in each country and acts as the
interlocutor between them and ANEC.
Activities related to
smart grid security
ANEC was invited by ESOs to participate in both, Smart Meter Coordination Group (SM-CG) established to execute Mandate
M/441(20) on Measuring Instruments and Smart Grid Coordination
Group (SG-CG) established to execute M/490(32) to support
European smart grid deployment.
Additionally, and in order to defend the consumer interests in the
policy and standardisation activities related to the implementation of
the third EU Energy Package, ANEC has joined the European
Commission Smart Grid Task Force where it helps identifying
regulatory recommendations for implementing Smart Grids.
As a result of the participation of ANEC in such initiatives, several
documents were developed. These documents include a number of
aspects considered key by consumers on data privacy and security,
mostly referring to keep data confidential and secure both during
their transmission and storage. Besides, some of these documents
have been a basis for developing COM (2011) 202(23) and SEC (2011)
463(33).
Results
Papers and annual technical reports
Comments
N/A
URL
www.anec.eu
Smart Grid Security
24
Annex V. Related initiatives
Name
DIGITALEUROPE
Type
Industry Association
Line of action
Policy, information sharing, dissemination and awareness
Participants
Integrators and services providers
Mission/Objectives
DIGITALEUROPE represents the digital technology industry in Europe.
This initiative has more than 100 members and include some of the
world's largest IT, telecoms and consumer electronics companies and
national associations from every part of Europe. Digital Europe wants
European businesses and citizens to benefit fully from digital
technologies and for Europe to grow, attract and sustain the world's
best digital technology companies.
DIGITALEUROPE aims to facilitate non-commercial collaboration and
coordination between member companies and national trade
associations across the European Union, and assist them in sharing
best-practices in many business operations and facilitating the
agreement of international standards in close collaboration with
international standards bodies. DIGITALEUROPE provides a full range
of services to its membership and generally to stakeholders in the
digital economy. Including:
Promoting the development of best practices and
benchmarking within the DIGITALEOPE membership
Providing up-to-date, high-value industry data and
information to members on all aspects of the Digital Economy
in Europe and around the world
Delivering a forum for knowledge exchange and information
sharing between members through industry programmes and
pan European events.
Monitoring all relevant initiatives to industring, informing
members through regular mailings, emails, newsletters and
information transfer, as well as the hosting and and
organisation of meetings and events.
The organisation is dedicated to improving business environment for
the European digital technology industry and to promoting their
sector’s contribution to economic growth and social progress in the
European Union. It represents the interests of both, national
associations and corporate organisations, operating in the
Smart Grid Security
25
Annex V. Related initiatives
information technology and consumer electronics sector in European
towards.The European parliament and the European Commission.
Activities related to
smart grid security
DIGITALEUROPE is one of 25 European Associations representing all
European Stakeholders that are assumed to play a role in the
implementation of smart grids. It participates actively in the Smart
Grids Task Force through the participation in the 3 working groups
that have been setup, the Steering Committee and the issue of the
present position paper representing the position of DIGITALEUROPE
members.
DIGITALEUROPE have grouped some experts on smart grids to create
a technical and regulatory group on privacy and security.
DIGITALEUROPE‘s Privacy & Security group is focusing on three key
areas:
Data protection: the group is actively engaged in developing
common industry agreements on how to balance the
opportunities and challenges to harmonisation to enable
businesses take a Europe-wide and global view of data
protection compliance.
Online advertising: the group is contributing to discussions on
the benefits and potential risks of monitoring consumer
behaviour for commercial purposes, as well as the
technologies used for such purposes.
Network Information and Security (NIS): the Privacy &
Security group is contributing its expertise to initiatives and
consultations lead by the Commission and the European
Network Information Security Agency (ENISA).
Results
Technical reports
Comments
N/A
URL
http://www.digitaleurope.org
Name
EDSO-SG
Type
Industry Association
Line of action
Awareness and dissemination, training and education
Participants
DSOs
Mission/Objectives
EDSO for smart grids aims to be the key reference point in the
coordination of all European DSOs efforts.
The purpose of the Association is to structure, lead and enhance, not
for profit cooperation between European distribution system
Smart Grid Security
26
Annex V. Related initiatives
operators for electricity as well as assure, manage, represent and
promote their common interests, specifically on smart grids
development and implementation.
Together with ENTSO-E and European Technology Platform
SmartGrids (ETP Smart Grids), they play an important role in the
planning, monitoring and dissemination of the European Electricity
Grid Initiative.
Activities related to
smart grid security
EDSO for smart grids plays an active role in the European regulatory
process on smart grids development and implementation.
Some of its goals include the security of supply and the promotion of
the reliability of electricity distribution grids.
Results
Technical reports
Comments
EDSO-SG stands for European Distribution System Operators for
Smart Grids
URL
http://edsoforsmartgrids.eu
Name
ENTSO-E
Type
International Agency
Line of action
Standards, policy, dissemination and awareness,
economical/financial, technical.
Participants
TSO
Mission/Objectives
The European Network of Transmission System Operators for
Electricity represents all electric TSOs in the EU and others connected
to their networks, with one voice for all regions, and for all their
technical and market issues.
ENTSO-E's mission is to promote important aspects of energy policy
in the face of significant challenges:
Security: it pursues coordinated, reliable and secure
operations of the electricity transmission network.
Adequacy: it promotes the development of the
interconnected European grid and investments for a
sustainable power system.
Market: it offers a platform for the market by proposing and
implementing standardized market integration and
transparency frameworks that facilitate competitive and truly
integrated continental-scale wholesale and retail markets.
Sustainability: it facilitates secure integration of new
generation sources, particularly growing amounts of
Smart Grid Security
27
Annex V. Related initiatives
renewable energy and thus the achievement of the EU's
greenhouse gases reduction goals.
Activities related to
smart grid security
WG European operational standards (WG EOS) (34): The WG EOS
provides proposals for the harmonization of operational standards on
the pan-European level and for the promotion of operational
coherence among regions, thus facilitating the market processes. It
contributes to ensure compatibility between system operation,
market solutions and system development issues. The WG EOS
analyses proposals for definitions and updating of technical and
operational standards for implementation by regions and individual
TSOs.
WG Critical System Protection (WG CSP) (35): The WG CSP copes
with the development of critical system and infrastructure protection
on European level. The WG CSP is responsible for coordinating critical
system protection issues regarding electricity transmission. The main
function of the WG CSP is to follow the development of the critical
infrastructure protection at European level, and to contribute to the
dialog with the European Commission on critical infrastructure
protection.
WG Electronic Highway (WG EH) (36): The WG EH coordinates the
usage and extension of the electronic highway in order to provide a
secure and reliable information exchange for system operations
throughout Europe.
Results
Technical reports, recommendations.
Comments
ENTSO-E stands for European network of transmission system
operators for electricity
URL
https://www.entsoe.eu/
Name
EEGI
Type
Other
Line of action
R&D
Participants
TSOs and DSOs
Mission/Objectives
The EEGI is one of the European Industrial Initiatives under the
Strategic Energy Technologies Plan (SET Plan) and proposes a 9 years
European research, development and demonstration (RD&D)
programme initiated by electricity transmission and distribution
network operators (ENTSO) to accelerate innovation and the
development of the electricity networks of the future in EU.
Both ENTSO-E and EDSO-SG are the main two organisations behind
Smart Grid Security
28
Annex V. Related initiatives
the EEGI.
The programme focuses on system innovation rather than on
technology innovation, and addresses the challenge of integrating
new technologies under real life working conditions and validating
the results.
The strategic objectives of the EEGI are:
Activities related to
smart grid security
To transmit and distribute up to 35% of electricity from
dispersed and concentrated renewable sources by 2020 and a
completely decarbonized electricity production by 2050.
To integrate national networks into a market-based, truly panEuropean network, to guarantee a high-quality of electricity
supply to all customers and to engage them as active
participants in energy efficiency.
To anticipate new developments such as the electrification of
transport.
To substantially reduce capital and operational expenditure
for the operation of the networks while fulfilling the
objectives of a high-quality, low-carbon, pan-European,
market based electricity system.
The EEGI’s Research, Development and Demonstration (RD&D)
programme defines 4 barriers: Technology barriers,
RD&D
organisation barriers, Market failures and distortions, Public
barriers. Technology barrier includes aspects such as cyber security
and data privacy on smart grid.
All project inside EEGi need to include a cyber secutiry policy besides
other policies or strategies.
Results
N/A
Comments
EEGI stands for European Electricity Grid Initiative
URL
https://www.entsoe.eu/rd/eegi/
Name
ENCS
Type
Public Private Partnership
Line of action
Technical, information sharing, dissemination and awareness
Participants
DSO, Academia and R&D, public bodies, standardization bodies
Mission/Objectives
The ENCS aims to be the partner for organisations working on the
security and protection of critical digital infrastructures, to help them
to make accurate risk assessments and to take the appropriate
measures to safeguard these infrastructures and guaranteeing the
Smart Grid Security
29
Annex V. Related initiatives
continuity and smooth running of the systems. ENCS is the evolution
of CyberTECH group.
ENCS is an independent European public-private collaboration. Their
Founding members are Alliander (Dutch DSO), City of The Hague,
CPNI.NL, KEMA, KPN (Biggest Dutch Telecom provider), Radboud
University Nijmegen and TNO. The idea of ENCS is that it contributes
to the resilience of CI by connecting people and organizations, being
an information and knowledge sharing catalyst and educating people
to the highest management levels. The ENCS will not only focus on
the technical, but also on physical and personnel security.
Activities related to
smart grid security
The ENCS focuses primarily on the protection of smart grids and
critical infrastructures’ Process Control Domains, which still present
substantial cyber security issues and challenges. To address them, the
ENCS connects existing organisations. The ENCS is planned to
constantly scan the international arena for relevant developments,
innovating and creating new initiatives to enable others. Besides the
public-private network of experts and organizations, the ENCS will
focus on four main areas:
Research & Development
Test Bed
Information & Knowledge Sharing
Education & Training
All four focus areas are interconnected, providing collaborative input
and optimal synergy. The ENCS will start primarily on the protection
of smart grids and CI’s Process Control Domains. These still present
substantial cyber security issues and challenges. To address them, the
ENCS will connect existing organisations as the European
Commission, ENISA, Joint Research Centre and national public and
private initiatives across Europe and beyond – collaboration with the
DHS Control Systems’ Security Program and Idaho National Labs are
prime examples.
Results
Research & development reports, Test beds, Information &
Knowledge Sharing platform, Education & training courses
Comments
ENCS stands for European Network for Cyber Security
ENCS was formerly known as Cyber-TECH
URL
N/A
Smart Grid Security
30
Annex V. Related initiatives
Name
ESMIG
Type
Public Body
Line of action
policy, standards, information sharing, technical…
Participants
All stakeholders
Mission/Objectives
The European Smart Metering Industry Group (ESMIG) has the
objective to deliver the benefits of Smart Metering across Europe.
The association and membership, through their internal working
groups and involvement in several stakeholder groups, are providing
expertise and advice to European institutions and organisations on
the key issues for a European-wide implementation and roll-out of
Smart Metering technologies.
There are four working groups:
Activities related to
smart grid security
ESMIG - European Business Systems Integration and
Interoperability Group (EBSII)
ESMIG - Communications Technology Group (CTG)
ESMIG - Regulation And Policy Group (RPG)
ESMIG - Multi Utility Metering Group (MUM)
External activities of ESMIG supports the SM-CG (Smart Meter
Coordination Group) with the definition of a functional reference
architecture of the Advanced Metering Infrastructure (AMI), the
definition of a glossary of commonly used terms and finally, with the
definition of functional requirements by Use Cases.
ESMIG is represented in the steering committee and in the various
working Groups of the SG-CG (Smart Grid Coordination Group).
ESMIG ensures that the work of the Smart Grid Expert Groups and
the SM-CG is taken into consideration and finds its way in the work
packages and the results of the SG-CG. ESMIG is one of the industry
associations represented in this group. Proposals for changes in the
MID are reviewed by the MUM group of ESMIG while its comments
are taken into account and discussed by the WGMI (Working Group
Measuring Instruments).
ESMIG is represented in the European Electricity Grid Initiative (EEGI),
which is one of the six European Industrial Initiatives (EII) laid down in
the Strategic Energy Technology Plan (SET).
ESMIG's RPG group formulates responses to the public consultations
of
the
EEGI(37).http://www.esmig.eu/about-us/smart-metercoordination-group-sm-cg-new
Since its foundation in July 2008, ESMIG has achieved in a short time
a very high level of recognition and visibility at EU-level and is
recognised as an honest broker of industry’s interest in the energy
area with a specific focus on smart metering and smart grid.
Smart Grid Security
31
Annex V. Related initiatives
Results
Technical reports
Comments
ESMIG stands for European Smart Metering Industry Group
URL
http://www.esmig.eu/
Name
EURELECTRIC
Type
Electricity Industry
Line of action
policy making level
Participants
Operators, DSO, TSO, Public Bodies
Mission/Objectives
The Union of the Electricity Industry - EURELECTRIC is also the
association of the electricity industry within the European Union,
representing it in public affairs, in particular in relation to the
institutions of the EU and other international organisations.
Its mission is to contribute to the development and competitiveness
of the electricity industry and to promote the role of electricity in the
advancement of society. As a centre of strategic expertise, The Union
of the Electricity Industry - EURELECTRIC identifies and represents the
common interests of its members and assists them in formulating
common solutions to be implemented and in coordinating and
carrying out the necessary actions. To that end it also acts in liaison
with other international associations and organisations, respecting
the specific missions and responsibilities of these organisations.
EURELECTRIC identifies and represents the common interests of its
members and assists them in formulating common solutions to be
implemented and in coordinating and carrying out the necessary
actions. To that end it also acts in liaison with other international
associations and organisations, respecting the specific missions and
responsibilities of these organisations.
Activities related to
smart grid security
This initiative develops many projects and one of them is a project
about smart grids, ‘10StepsTosmartGrids’(38). One of this project
steps is focused on DSO Ensuring security and reliability of supply for
good practices on a regulation environment.
Results
White Paper, Events
Comments
N/A
URL
http://www2.eurelectric.org/
Name
EuroSCSIE
Smart Grid Security
32
Annex V. Related initiatives
Type
Public Private Partnership
Line of action
Dissemination and Awareness, Technical.
Participants
Academia and R&D, Public bodies, Standardisation bodies
Mission/Objectives
The EuroSCSIE aim is from European industry, government, and
research to benefit from the ability to collaborate on a range of
common issues, and to focus effort and share resource where
appropriate. Its main focus is Information Sharing and the
expectations are to raise the level of protection adopted across
Europe’s SCADA and Control Systems (SCADA/CS).
Among its objectives, we highlight the following ones:
Activities related to
smart grid security
To define a European information exchange system for
security-related information about SCADA and control
systems.
To share and exchange information using the Traffic Light
Protocol.
To cultivate a network of relevant government, industrial and
research actors.
To establish the basis for a pan-European system for the
exchange of security-related information concerning SCADA
and control systems.
Some of the activities carried out by EuroSCSIE related with smart
grid include:
Sharing of incidents and good practices
Questionnaire on Control System Cyber-Security (aimed at
vendors) 2008/2009
Standards and requirements (e.g. ‘WIB Process Control
Domain Security Requirements for Vendors’ (39))
Self Assessment tools (like the one from CPNI UK)
Smart Grids (e.g. Smart Grid Conference in Baarn - 2010)
Results
Information exchange, technical report, reference manuals
Comments
EuroSCSIE stands for European SCADA and Control Systems
Information Exchange
URL
sta.jrc.ec.europa.eu/index.php/competitive-projects-/21-scni/8-escsie
http://www.cpni.nl/informatieknooppunt/internationaal/euroscsie
Smart Grid Security
33
Annex V. Related initiatives
Name
GEODE
Type
Industry association
Line of action
Information sharing
Participants
DSO
Mission/Objectives
Founded in 1991, this association represents more than 600
companies in 12 countries, both privately & publicly owned. GEODE
defends the interest of the local distributors in front of energy
authorities on national and international level and allows the
exchange of expertise, the share of data and competence.
The mission statement of GEODE is to establish equal opportunity
access to European energy infrastrutures for all those involved in
serving the customer needs on energy, with the aim to create a truly
competitive European energy market.
Activities related to
smart grid security
GEODE has created a questionaire where question to stakeholders on
issues of energy efficiency, renewable energy sources and energy
awareness, and some question about smart grid security
Results
Technical report, questionaire
Comments
GEODE stands for Groupment Européen des Entreprises et
Organismes de Distribution d’Energie (European Group of Energy
Distribution Companies and Organizations).
URL
http://www.geode-eu.org/
Name
PRIME Alliance
Type
Industry association
Line of action
technical
Participants
DSO, TSO, Manufacturers
Mission/Objectives
The PRIME Alliance provides a forum for the creation of an open,
single specification and standard for narrowband power line for
smart grid products and services. The mission of the Alliance is to
accelerate the demand for products and services based on the
worldwide standard and promote the broad adoption and use of the
specification while promoting multi-vendor interoperability and
compatibility with the global standard.
The main goals are:
To provide a forum for the creation (definition, establishment
and support) of an open single specification and standard for
Smart Grid Security
34
Annex V. Related initiatives
narrowband powerline for SmartGrid products and services;
To accelerate the demand for products and services based on
the worldwide standard through the sponsorship of the
market and user education programs;
To encourage and to promote broad and open industry
adoption and use of such specification; and
To promote PRIME as a global powerline standard and to
promote multi-vendor interoperability for markets/equipment
and compatibility under the PRIME standard.
The PRIME (PoweRline Intelligent Metering Evolution) specification
represents a
new
public,
open
and
non-proprietary
telecommunications architecture which will support present and
future AMM functionalities and enable the building of the electricity
networks of the future, or smart grids.
PRIME technology uses Orthogonal Frequency Division Multiplexing
(OFDM) in CENELEC A-band. The final target of PRIME is to establish a
complete set of international standards which will allow for
interoperability among equipment and systems from different
manufacturers. Thus, competition in the metering market will benefit
consumers.
Unlike other commercially available solutions, the components of this
new architecture (modulation and coding techniques, protocols, data
formats, etc.) will not be subject to any Intellectual Property Right.
Thanks to PRIME, specifications of an AMM system will be
comprehensive and detailed enough so that any new entrant will be
able to provide interoperable solutions to the market.
Activities related to
smart grid security
PRIME defines lower OSI layers of a PLC narrowband data
transmission system over the electricity grid. The whole system has
been designed to be low cost and high performance.
The PRIME protocol specifications includes varoius security profiles.
The security functionality provides privacy, authentication and data
integrity to the MAC layer through a secure connection method and a
key management policy. Several security profiles are provided to
manage different security needs, which can arise in different network
environments. The current version of the specification enumerates
two security profiles and leaves scope for adding up to two new
security profiles in future versions.
Smart Grid Security
35
Annex V. Related initiatives
Results
Protocols , standard, technical report
Comments
N/A
URL
http://www.prime-alliance.org/
Name
DLMS User Association
Type
Public Private Partnership
Line of action
Standard
Participants
DSO, Manufacturers, System provide, Utilities, Public Bodies,
Standardisation Bodies
Mission/Objectives
The DLMS Use Association is a non-profit organisation, located in
Geneva, Switzerland. Its mission is to develop, promote and maintain
the DLMS/COSEM specification. It provides an information exchange
forum for users, manufacturers and system providers, test houses
and standardisation bodies. It also provides a conformance testing
and certification scheme for metering equipment implementing the
specification. The DLMS UA is formally liased with IEC TC 13 WG 14.
DLMS stands for Distribution Line Message Specification. It is an
application layer specification, independent of the lower layers and
thus of the communication channel, designed to support messaging
to and from (energy) distribution devices in a computer-integrated
environment. It is an international standards established by IEC TC 57
and published as IEC 61334-4-41.
COSEM stands for COmpanion Specification for Energy Metering. It is
an interface model of communicating energy metering equipment,
providing a view of the functionality available through the
communication interfaces. The modelling uses an object-oriented
approach.
Activities related to
smart grid security
DLMS/COSEM is used in metering systems for electricity, gas, water
and heat. Strong and growing interest from all continents provide a
positive feedback on the achievement of the objectives set by the
DLMS UA. Some countries have already included DLMS/COSEM in
their national regulations. Others are considering it.
The DLMS/COSEM specification devotes several sections to privacy,
security and non-repudiation of the metering communications.
Results
Standard, technical report, protocol
Smart Grid Security
36
Annex V. Related initiatives
Comments
N/A
URL
http://www.dlms.com/organization/index.html
Smart Grid Security
37
Annex V. Related initiatives
3
Belgium
Name
Smartgrids Flanders
Type
Public body
Line of action
R&D, information sharing.
Participants
All stakeholders
Mission/Objectives
Smart Grids Flanders is the driving force behind the deployment of
smart grids, not only in Flanders but also abroad. The involvement
and participation of members are important, as a good relationship
with the government, which determines the rules.
The objective of the Smartgirds Flanders is to establish and suppor a
multidisciplinary long-term collaboration across sectors between
Flemish smart grid operators, in order to develop, maintain and
valorize an international competitive advantage by a large group of
Flemish
companies
(commercial
breakthroughs)
through
differentiated support depending on the breakthrough and
collaborative potential of the identified smart grid domains.
Activities related to
smart grid security
Thematic Groups and seminars bring together participants around
different themes, where cyber security is an incipient topic. Besides,
SmartGrid Flanders organizes several (network) events every year
with international speakers and, in order to increase the know-how
about smart grids, they distribute a newsletter about Flemish and
European projects and initiatives. Finally, SmartGrid Flanders help its
members to find the appropriate test infrastructure for their projects.
Results
Projects. Theme groupes and seminars. Events. Newsletters. Blogs.
Comments
Smart Grids Flanders is continuously seeking for suitable experts to
speak.
URL
www.smartgridsflanders.be
Smart Grid Security
38
Annex V. Related initiatives
4
Denmark
Name
Second1 - Security concept for DER
Type
Project
Line of action
Technical, R&D
Participants
Manufacturers and Integrators, academia and R&D, security tools and
services providers
Mission/Objectives
The project objective is to analyze and implement a security concept
that can be used in a power system with a high degree of
decentralized production and with many actors in an unbundled
market. It will also investigate various forms of role based access
control (RBAC).
Activities related to
smart grid security
Secure communication is becoming increasingly more relevant in an
electricity system with great volumes of distributed energy resources
(DER). This project aimed to analyse and implement a security
concept that can be used in electricity systems with a high degree of
local production and with many players.
The project analysed the needs for communication between energy
operators and matched these needs with a design for secure role
based access control.
Results
Technical reports.
Comments
Mar 2010 - Jul 2011
URL
http://www.second1.dk/
Smart Grid Security
39
Annex V. Related initiatives
5
Germany
Name
DIN
Type
Regular private organisation
Line of action
Policy, standardization
Participants
All
Mission/Objectives
DIN, the German Institute for Standardization, offers stakeholders a
platform for the development of standards as a service to industry,
the state and society as a whole. A registered non-profit association,
DIN has been based in Berlin since 1917.
DIN's primary task is to work closely with its stakeholders to develop
consensus-based standards that meet market requirements. Some
26,000 experts contribute their skills and experience to the
standardization process. By agreement with the German Federal
Government, DIN is the acknowledged national standards body that
represents German interests in European and international standards
organizations. Ninety percent of the standards work now carried out
by DIN is international in nature.
Tasks and objectives of DIN:
Ensuring the participation of all stakeholders regardless of
their economic position and language skills.
Promoting the free movement of goods through active
involvement in international and European standardization.
Holding the secretariats of international committees.
Adopting European and international standards at national
level.
Maintaining the uniformity and consistency of the standards
collection.
Actively contributing to consensus building.
Taking legal regulations into consideration.
Providing an
development.
Avoiding duplication of work.
electronic
infrastructure
for
standards
DIN represents Germany’s standardization interests as a member of
the European Committee for Standardization (CEN). DIN holds
almost 30% of all CEN working committee secretariats.
Activities related to
smart grid security
DIN has published several papers on ‘Electromobility’(40) systems
dealing with the security of the managed data, potential threats and
Smart Grid Security
40
Annex V. Related initiatives
standards to be followed to avoid such problems.
Another topic covered by this initiative is the roadmap
recommendations for standardization, which provides a series of
recommendations on IT security and data protection.
Results
Standards, reports
Comments
Deutsches Institut für Normung or The German Engineering Society
URL
http://www.din.de
Name
VGB
Type
Industry association
Line of action
Technical, Information sharing
Participants
Operators
Mission/Objectives
VGB was already founded as the federation of the owners of large
boilers. During its course of 80 years VGB has set off a range of
activities in own companies. These companies are dealing with:
Training of power plant personnel.
Research activities.
The production and distribution of media.
VGB represents the German power plant operators in the WANO
(World Association of Nuclear Operators). VGB’s technical
committees on nuclear power plant engineering and operation and
nuclear fuel cycle are actively taking part in the world-wide exchange
of experience as well as in the analysis of particular events in nuclear
power plants. For this purpose, VGB is operating a reporting and
evaluation centre (ZMA - Zentrale Melde- und Auswertestelle) to
collect, evaluate and forward the occurrences of nuclear power
plants.
Activities related to
smart grid security
They have made contributions to the security of smart grid by
publishing guidelines and instructions sheets, organising forums and
training experts.
One of the most important results is the ‘VGB R175 guideline on IT
security for generating plants’(41).
Results
Standard, technical reports, good practices, conferences
Comments
VGB means Verband der Großkraftwerks-Betreiber.
As an international technical association for power and heat
generation VGB is working - on European level - in close co-operation
with EURELECTRIC, the umbrella association of the European
Smart Grid Security
41
Annex V. Related initiatives
electricity industry. Within the framework of a memorandum of
understanding association agreement between EURELECTRIC and
VGB, VGB's professional competence is integrated into the
political/strategic work of EURELECTRIC in all questions regarding the
generation of power and heat including issues of environmental
protection.
URL
http://www.vgb.org
Smart Grid Security
42
Annex V. Related initiatives
6
Italy
Name
ASTROM
Type
Project
Line of action
Technical
Participants
R&D
Mission/Objectives
ASTROM Project was funded by European Union FP6 programme.
The main objectives of this project are:
Activities related to
smart grid security
Identification of the boundaries of
Control & Data
Management Systems (C&DM) in electrical transmission
networks.
Determination of the properties of C&DM systems of
electrical transmission networks, in particular those relevant
for resilience assessment.
Identification of external threats to C&DM system, such as ICT
and physical attacks, and vulnerabilities.
Definition of a method and a metric for AoR of C&DM system.
The activity will be performed by modeling system behavior.
Evaluation of the framework application to an EU context and
dissemination activities. The feasibility of policies and
recommendations definition will be investigated in details.
This project aimed to identify, analyze and evaluate the external
threats and vulnerabilities applicable to Control & Data Management
System in order to define an innovative methodological framework
for the quantitative assessment of the resilience (AoR) of Control &
Data Management System (C&DM) in electrical transmission network
(ETN) towards external threats. The need for such a methodological
framework stems from the fact that, although the resilience of this
critical system is becoming more important than just securing it,
there are not many frameworks covering this topic in a well
structured way.
Definition of the architecture, properties, functionalities and Mission
requirements of a complex Power System’s C&DM that it is coherent
with the majority of the SCADA systems built in Europe;
Definition of a methodology to assess the resilience of a C&DM
system for its external threats (physical and ICT threats) at any level
(component, subsystem and system level); Development of a
software tool to allow improving the previous topics.
Results
Technical Paper, Methodology, Software, ASTROM Final Workshop
Smart Grid Security
43
Annex V. Related initiatives
Comments
Mar 2009-Mar 2011
ASTROM stands for Assessment of resilience to Treats of cOntrol and
data Management systems of electrical transmission network
URL
http://utmea.enea.it/projects/int/#astrom
Smart Grid Security
44
Annex V. Related initiatives
7
The Netherlands
Name
ESNA
Type
Asociation
Line of action
Dissemination, technical
Participants
Manufacturers, DSO, Power Plant, services providers
Mission/Objectives
ESNA is an association by Dutch law, established in 2006.
The main objective of ESNA is to bring together and form a
platform for all those who in one way or another deal with
NES technology in their day to day operations.
This initiative promotes the application of advanced energy
management systems, including AMR/AMM, based on the NES AMI
architecture and its value added chain in order to build and expand
the interoperability standard for utility networks. ESNA promotes the
change in perspective of the current metering business.
Activities related to
smart grid security
ESNA represents its members by being active in standardisation
activities across Europe and the rest of the world to promote the use
of open interoperable standards for the smart grid and smart
metering. This initiative organizes conferences and workshops to
share the technical security aspects and the Network Energy Services
(NES) in the smart grid value chain, which goes far beyond metering
and invoicing only. It also organices events where the international
leaders of both EU and USA have a disscussion depth review of
current security and landscape surrounding the Global Emergence of
the smart grid initiative. ESNA also does monthly abstracts where
certain items are related to cybersecurity in smart grid.
ESNA represents its members in the most important European
organizations such as CEN/CENELEC/ETSI or the Smart Grid Task
Force.
Results
organising various conferences and workshops
Comments
ESNA stands for Energy Services Network Association
URL
http://www.esna.org
Name
Working Group Privacy and Security of Smart Grids of Netbeheer
Nederland
Type
Industry association
Line of action
Technical
Participants
All stakeholders
Smart Grid Security
45
Annex V. Related initiatives
Mission/Objectives
This initiative is the point of contact for matters affecting the energy
market, such as environmental issues, free market performance and
security of supply. EnergieNed is the forum in which energy
producers consult each other on issues such as the environment and
investment conditions, traders consult each other on the functioning
of the wholesale market and the integration of European markets,
and retailers discuss a wide range of topics varying from stimulation
of energy saving to consumer protection.
Activities related to
smart grid security
This working group has written several good guides papers and use a
clear example is ‘Privacy and Security of the Advanced Metering
Infrastructure(42)’.
Results
Information exchange, good practices, technical reports
Comments
This working group is very active on this topic on a European level.
URL
N/A
Smart Grid Security
46
Annex V. Related initiatives
8
United Kingdom
Name
DECC
Type
Public Body
Line of action
Standardisation, policy
Participants
public bodies
Mission/Objectives
Department of Energy and Climate Change is a small department of
the United Kingdom government.
The four key priorities of the department are:
Activities related to
smart grid security
Save energy with the Green Deal and support vulnerable
consumers: Reduce energy use by households, businesses and
the public sector, and help to protect the fuel poor.
Deliver secure energy on the way to a low carbon energy
future: Reform the energy market to ensure that the UK has a
diverse, safe, secure and affordable energy system and
incentivise low carbon investment and deployment.
Drive ambitious action on climate change at home and abroad:
Work for international action to tackle climate change, and
work with other government departments to ensure that we
meet UK carbon budgets efficiently and effectively.
Manage our energy legacy responsibly and cost-effectively:
Ensure public safety and value for money in the way we
manage our nuclear, coal and other energy liabilities.
DECC is divided into many experts groups and task forces. Some of the
most important are the following.
STEG (Smart Meter Design Security Technical Experts Group): This is
an advisory group of technical security specialists formed in
November 2010 to provide advice and support to the programme on
security issues. The STEG membership includes experts from industry
and other sectors such as energy suppliers, trade associations, meter
manufacturers, system integrators and telecommunications
providers. Government is also represented through the Centre for
Protection of National Infrastructure, CESG (National Technical
Authority for Information Assurance) and technical security specialists
working in the programme team. Consumer representatives were also
invited to join.
Smart grid policy in the UK: DECC published a vision document,
‘Smarter Grids: the opportunity’ in December 2010. DECC is rolling out
Smart electricty and gas meters to all GB homes by 2020.
UK Smart Grid Cyber Security Report: The Energy Networks
Smart Grid Security
47
Annex V. Related initiatives
Association (ENA) published an independent report into smart grid
cyber security on 29 June 2011. The report commissioned by ENA for
DECC considered how government and networks should develop a
strategy to secure the future UK electricity infrastructure together.
Smart Grids Forum: Identify future challenges for electricity networks
and system balancing, including current and potential barriers to
efficient deployment of smart grids. Guide the actions that
DECC/Ofgem are taking to address future challenges, remove barriers
and aid efficient deployment. Identify actions that DECC/Ofgem, the
industry or other parties could be taking to facilitate the deployment
of smart grids
DECC realized a series of security related report, such as ‘Smarter
Grids: the opportunity’(43) and ‘UK Smart Grid Cyber Security
Report’(44).
Results
N/A
Comments
DECC stands for Department of Energy and Climate Change
URL
http://www.decc.gov.uk/
Smart Grid Security
48
Annex V. Related initiatives
9
USA
Name
ANSI
Type
International agency
Line of action
Standard
Participants
Standardisation Bodies
Mission/Objectives
ANSI was founded on 1918 by five engineering societies and three
government agencies; the Institute remains a private, non-profit
membership organization supported by a diverse constituency of
private and public sector organizations.
ANSI accredits standards that are developed by representatives of
standards developing organizations, government agencies, consumer
groups, companies, and others. These standards ensure that the
characteristics and performance of products are consistent, that
people use the same definitions and terms, and that products are
tested the same way.
Activities related to
smart grid security
ANSI has develop and standard series related to smart grid:
ANSI C12.18: used for two-way communications with an
electricity meter, mostly used in North American markets.
ANSI C12.19: This includes encryption, authentication,
credential management (through the security tables in
Decade4)
ANSI C12.22: security and authentication services, combined
with the event logger of ANSI C12.19.
Results
Stasndards
Comments
ANSI stands for American National Standard Institute
URL
http://www.ansi.org/
Name
NERC
Type
Public Private Partnership
Line of action
Standards, Dissemination and Awareness, Technical
Participants
Manufacturers and Integrators, Security Tools and services providers,
Operators, Public bodies, Standardisation bodies
Mission/Objectives
NERC was founded in 1968 by the electric utility industry to develop
and promote rules and protocols for the reliable operation of the
bulk power electric transmission systems of North America.
Smart Grid Security
49
Annex V. Related initiatives
The North American Electric Reliability Corporation’s (NERC) mission
is to ensure the reliability of the North American bulk power system.
NERC is the electric reliability organization (ERO) certified by the
Federal Energy Regulatory Commission to establish and enforce
reliability standards for the bulk-power system.
Among other activities, NERC:
Activities related to
smart grid security
Works with the industry to develop reliability standards
Enforces compliance with those reliability standards and
assesses monetary and non-monetary penalties for
noncompliance.
Assesses future bulk power system reliability via annual
summer, winter and 10-year forecasts.
Analyzes system events.
Promotes a culture of excellence by identifying areas for
improvement and Examples of Excellence during regular
‘readiness’ evaluations.
Monitors the status of the bulk power system.
Coordinates physical and cyber security needs.
Identifies trends and potential reliability issues.
Helps the industry train and educate system operators.
Certifies system operators.
NERC has developed the NERC-CIP Standards, a nine documents
series about security and cyber security aspects of the Bulk Electric
System in the USA. Two new documents are being developed.
Based on these documents, NERC provides specific guidelines and
concept papers. This is the case of the ‘Categorization system based
on Bulk Electric System Reliability Functions’ (45).
Inside de NERC there are some working groups related to smart grid
security such as:
NERC SGTF (Smart Grid Task Force)(46): Their work review smart grid
characteristics, identifies reliability concerns including cyber-security
vulnerability, and provides recommendations to NERC and to the
industry.
NERC SGWG (Smart Grid Working Group) (47): NERC SGWG is tasked
to review existing and new CIPC initiated security guidelines and
coordinate their development with electric industry personnel and
committees and to promote awareness and application of these
guidelines.
Results
Technical reports, Regulatory documents
Smart Grid Security
50
Annex V. Related initiatives
Comments
North American Electric Reliability Corporation
URL
http://www.nerc.com
Name
NIST
Type
Public body
Line of action
Organizational and Policy, Standards, Dissemination and Awareness,
Economic or Financial, Technical
Participants
Public bodies
Mission/Objectives
NIST, an agency of the U.S. Department of Commerce, was founded
in 1901 as the nation's first federal physical science research
laboratory
Its mission is to promote U.S. innovation and industrial
competitiveness by advancing measurement science, standards, and
technology in ways that enhance economic security and improve our
quality of life.
NIST is one of the most important standardisation organizations in
the USA. They have developed several standards on ICS security. We
highlight the following ones:
NIST SP 800-82, Guide to Industrial Control Systems (ICS)
Security (48).
NIST SP 800-53, Recommended Security Controls for Federal
Information Systems (49).
Field Device Protection Profile for SCADA Systems in Medium
Robustness Environments.
NIST has also defined a security smart grid workgroup to develop an
overall cyber security strategy for the smart grid. This overall strategy
includes a risk mitigation strategy to ensure interoperability of
solutions across different domains/components of the infrastructure.
This group has created the following document of interest:
Activities related to
smart grid security
NIST IR 7176, System Protection Profile – Industrial Control
Systems (50).
NIST has also defined a security smart grid workgroup to develop an
overall cyber security strategy for the smart grid. This overall strategy
includes a risk mitigation strategy to ensure interoperability of
solutions across different domains/components of the infrastructure.
This group has created the following document of interest:
NISTIR 7628, Guidelines for Smart Grid Cyber Security (51).
Smart Grid Security
51
Annex V. Related initiatives
NIST works together other groups:
NIST ASAP-SG(52): The goal of this group is to develop system-level
security requirements for smart grid applications such as advanced
metering, third-party access for customer usage data, distribution
automation, home area networks, synchrophasors, etc. NIST ASAP-SG
was responsible for developing ‘AMI Security Profile v2.0’ (53) and
‘AMI security implementation Guide’ (54), documents directly related
to smart grid.
NIST Smart Grid Federal Advisory Commitee(55): The Committee
provides input to NIST on the smart grid standards, priorities and
gaps, and on the overall direction, status and health of the smart grid
implementation by the smart grid industry including identification of
issues and needs. Input to NIST will be used to help guide Smart Grid
Interoperability Panel activities and also assist NIST in directing
research and standards activities.
NIST initiated in 2009 the Smart Grid Interoperability Panel (SGIP) to
carry out a variety of tasks related to the development of a smart grid
framework for interoperability and cybersecurity standards. It plays a
leadership role in facilitating and developing the national policy for
the transformation of the power system to the smart grid. The SGIP
supports NIST in fulfilling its responsibilities under the 2007 Energy
Independence and Security Act
The SGIP has several priority-specific committees and working
groups.
Smart Grid Architecture Committee (SGAC) (56): Maintains a
conceptual reference model for the smart grid and develops
corresponding high-level architectural principles and requirements. It
is responsible for creating and refining a conceptual reference model,
including lists of the standards and profiles necessary to implement
the vision of the smart grid. It has developed a new reference
framwork for the smart grid.
Smart Grid Testing and Certification Committee (SGTCC): Creates
and maintains the necessary framework for compliance,
interoperability and cyber security testing and certification for
recommended smart grid standards.
Cyber Security Working Group (CSWG) (57): Identifies and analyzes
security requirements and develops a risk mitigation strategy to
ensure the security and integrity of the smart grid. It was formerly
known as the Cyber Security Coordination Task Group (CSCTG) (58).
This group has developed the document ‘NIST IR 7628’ (51).
It was formerly known as the Cyber Security Coordination Task Group
Smart Grid Security
52
Annex V. Related initiatives
(CSCTG) and was founded by NIST and SGIP organizations. The
primary goal of this group is to develop an overall cyber security
strategy for the smart grid that includes a risk mitigation strategy to
ensure
interoperability
of
solutions
across
different
domains/components of the infrastructure. NIST SGIP/CSWG
developed the document ‘NIST IR 7628’ (51).
Priority Action Plans (PAPs) (59): Currently totaling 16, PAPs address
specific standards-related gaps and issues for which resolution is
most urgently needed. New PAPs are added as necessary.
Domain Expert Working Groups (DEWGs)(60): DEWGs perform
analyses and provide expertise in specific application domains. There
are seven specific application domains. DEWG is organized by smart
grid domains. The six DEWGs are: transmission and distribution,
building to grid, industry to grid, home to grid, business and policy,
and a cross-cutting cyber security coordination task group.
Results
Technical reports, Standards, good practices
Comments
National Institute for Standards and Technology
URL
http://www.nist.gov
Name
FERC- NARUC smart response collaborative
Type
Specialized event
Line of action
Policy and standard
Participants
Public bodies (Federal and State Regulators (USA))
Mission/Objectives
The mission of the FERC-NARUC Collaborative on Smart Response is
to provide a forum for Federal and State Regulators to discuss Smart
Grid and Demand Response policies, share best practices and
technologies, and address issues that benefit from State and Federal
collaboration.
Educate Commissioners and staff on Smart Grid and Demand
Response in order to promote better Smart Grid and Demand
Response regulatory decisions and policy.
Promote consistency across State policies and awareness of
State and Federal policy; coordinate and harmonize policies
and procedures where possible.
Promote Federal
cooperation.
Provide a forum for consumer perspective and to shape the
Smart Grid and Demand Response value proposition to ensure
that the policies benefit consumers.
and State
regulatory dialogue and
Smart Grid Security
53
Annex V. Related initiatives
Activities related to
smart grid security
Create a forum for communication to and with stakeholderssignaling areas of regulatory interest.
Compile research where needed and communicate best
practices.
Gather updates from other Federal agencies working on
related issues.
This initiative makes a series of reference guides, providing support
for members to have key knowledge about the smart grid. Note that
in addition to reference guides also make webinar where one of his
themes is the security and privacy. The reference guides in a matter
of security are still not published but the volume of privacy is now
available.
Projects under this collaborative union must explain how the project
will address cyber security and must highlight cybersecurity
attributes.
Results
Technical reports, webinar
Comments
FERC-NARUC stands for Federal Energy Regulatory Commission National Association of Regulatory Utility Commissioners
URL
http://www.naruc.org/Ferc/default.cfm?c=3
Name
GridWise alliance
Type
Industry association
Line of action
Organization, standards, technical
Participants
All the stakeholders.
Mission/Objectives
Founded in 2003, they have developed into an organization that
represents a broad range of the energy supply chain from utilities to
large tech companies to academia to venture capitalists to emerging
tech companies. This variety of stakeholders gives the Alliance a
unique diversity of perspectives which enables interactive dialogue
between members.
Their main mission its transform the electric grid to archive a
sustainable energy future.
Activities related to
smart grid security
GridWise alliance works specially on smart grid. They have been
created a cyber security division to study the problems of US’ grid.
The five key principles endorsed by the Alliance for cyber security are:
1. Involve all stakeholders and take full advantage of and be
aligned with existing recognized processes and work.
Smart Grid Security
54
Annex V. Related initiatives
2. Utilize a comprehensive risk management approach.
3. Provide clarity to all stakeholders.
4. Construct a cyber security framework that is focused
specifically for electric grid applications.
5. Create and adopt uniform verification and test procedures for
standards and guidelines.
Results
Technical reports
Comments
N/A
URL
http://www.gridwise.org/gridwisealli_about.asp
Name
NEMA
Type
Standards
Line of action
Standards, dissemination and awareness
Participants
Manufacturers
Mission/Objectives
National Electrical Manufacturers Association (NEMA)(61) was
founded on 1926 and it is the trade association of choice for the
electrical manufacturing industry.
NEMA promotes the competitiveness of the U.S. electrical product
industry through the development of standards, advocacy in federal
and state legislatures and executive agencies, and the collection and
analysis of economic data.
NEMA members are leading the way in smart grid technologies by
encouraging investment in the national electricity grid and
developing new product standards.
Activities related to
smart grid security
The NEMA’s objectives for Cyber Security in smart grid are twofold:
the risk to business operations from security breaches
the risk to product development and marketing as the federal
government adopts preventive measures.
The NEMA member companies agree that first and foremost, security
must be part of the design consideration for any smart grid
component (and its corresponding interactions with other grid
elements) from its inception (62).
Results
Technical reports, Standards and policies
Comments
NEMA stands for National Electrical Manufacturers Association
URL
http://www.nema.org/gov/energy/smartgrid/index.cfm
Smart Grid Security
55
Annex V. Related initiatives
Name
NESCOR - Annual Conference & workshops
Type
Specialized event
Line of action
Dissemination and Awareness, training and education
Participants
All stakeholders
Mission/Objectives
Its primary purpose is to:
Activities related to
smart grid security
Bring together a broad spectrum of industry stakeholders to
meet face to face with the EPRI led National Electric Sector
Cyber Security Organization Resources team to discuss the
critical cyber security and data privacy issues facing the
electric sector
Share the research results already achieved by the three
technical working groups of the National Electric Sector Cyber
Security Organization Resources with the industry
Review the 12-month project plan for the National Electric
Sector Cyber Security Organization Resources in each of the
three technical working groups to make changes,
modifications, and additions with input from the industry
participants
Accelerate the technical deliberations of the three working
groups by having focused round table exercises in the
breakout sessions between the National Electric Sector Cyber
Security Organization Resource team and the industry
participants
Provide DoE a written report on the key findings from the
Summit including the 12-month National Electric Sector Cyber
Security Organization Resources project plan
NESCOR have defined three technical working groups to do their jobs:
Cyber security Requirements & Standards Assessment Group
Cyber security Technologies Testing & Validation Group
Threat & Vulnerability Assessment & Mitigation
The three Working Groups will focus their R&D efforts in Year 1 on
securing the following 6 critical grid functions end-to-end:
1. Advanced Metering Infrastructure
2. Demand Response
3. Electric Transportation
4. Distributed Energy Resources
Smart Grid Security
56
Annex V. Related initiatives
5. Distribution Grid Management
6. Wide Area Monitoring, Protection & Control
Results
Annual conference and workshops, Advisories, Technical reports(63)
Comments
National Electric Sector Cyber Security Organization Resources
URL
http://www.cvent.com/events/nescor-annual-conferenceworkshops/event-summaryff2fb887488c4af1aa572813885fd034.aspx
Name
TIA
Type
Industrial association
Line of action
Policy, standard, dissemination and awareness
Participants
Manufacturers, security tools and services providers
Mission/Objectives
Telecommunications Industry Association (TIA) was formally formed
in April 1988 after a merger of USTSA and the Information and
Telecommunications Technologies Group of EIA
The Telecommunications Industry Association is the leading trade
association representing the global informationand communications
technology (ICT) industries through :
Activities related to
smart grid security
Standards Development
Government Affairs
Market Intelligence
TR-51 Smart Utility Networks Standards Working Group develops
and maintains air-interface, network, and conformance standards in
support of Smart Utility Networks. The committee will focus on airinterface and network standards with wireless mesh network
topology, optimized for Smart Utility Network applications. TR-51
liaises with other TIA committees, international and national
standards bodies, and other appropriate organizations, as required,
to avoid duplication of work and to foster collaboration among
organizations addressing various aspects of smart device
communication networks.
TR45.5 has been participating in the Smart Grid Interoperability
Panel’s (SGIP) Priority Action 2 (Wireless Technologies for Smart Grid)
since early 2010, which is in charge of doing a new standard.
Results
Standard
Comments
Telecommunications Industry Association
URL
www.tiaonline.org
Smart Grid Security
57
Annex V. Related initiatives
Smart Grid Security
58
Annex V. Related initiatives
10 International
Name
CIGRE, Study Commitees B5 and D2
Type
Industry association
Line of action
Organizational and Policy, Standards, Economic or Financial,
Technical, Information sharing
Participants
Manufacturer or Integrator, DSO, TSO, Academia and R&D
Mission/Objectives
CIGRE (International Council on Large Electric Systems) is a
permanent international, non government, non-profit-making
Association, founded in France, in 1921. Its aim is to develop and
distribute technical knowledge in the field of the generation and
transmission of high voltage electricity. CIGRE deals with all the main
themes of the field of electricity, i.e. organisation of utilities,
development and adaptation of grids, optimisation of maintenance
and life expectancy of electrical equipment, as well as the analysis of
the impact on the environment, etc.
Activities related to
smart grid security
Study Committee B5 (SC B5) mission is to facilitate and promote the
progress of engineering and the international exchange of
information and knowledge in the field of protection and automation
and also to add value to this information and knowledge by means of
synthesising
state-of-the-art
practices
and
developing
recommendations. Study committee B5 covers principles, design,
applications, coordination, performance and asset management of
system protection, substation control and automation, remote
control systems and equipment and metering systems.
Study Committee D2 (SC D2) covers the specification, design,
engineering, performance, operation, maintenance, economic and
management aspects of the Information and the Telecommunication
systems in the EPI both for operational and business activities, as well
as the different devices, media and networks to support all that
services: speech, data, video, internet, specialised signalling for
teleprotection, SCADA, EMS, DSM. It also covers security aspects of
related Information Systems and Telecommunications.
The results are published as technical reports and summarised in the
bi-monthly CIGRE journal, ELECTRA. Some of its articles are related to
security in ICS environments. i.e.: ‘The Impact of Implementing Cyber
Security Requirements using IEC 61850’(2).
Results
Technical Reports
Comments
International Council on Large Electric Systems
URL
http://www.cigre-b5.org/
http://www.cigre-d2.org/
Smart Grid Security
59
Annex V. Related initiatives
Name
ITU, ITU-T FG on Smart Grid
Type
Public Private Partnership
Line of action
Policy, standards, technical
Participants
All stakeholders
Mission/Objectives
ITU (International Telecommunication Union) is the United Nations
specialized agency for information and communication technologies.
In February 2010, the Telecommunication Standardization sector of
the ITU, ITU-T, established a Focus Group on Smart Grids (FG Smart).
The Focus Group aims to:
Identify potential impacts on standards development.
Investigate future ITU-T study items and related actions.
Familiarize ITU-T and standardization communities with
emerging attributes of smart grid.
Encourage collaboration between ITU-T and smart grid
communities.
The objective of this group is to collect and document ideas that
would be helpful for developing recommendations to support the
smart grid from a telecommunication/ICT perspective. To achieve this
objective, the Focus Group:
Updates living list of standards bodies, forums, and consortia
dealing with smart grid.
Collects visions and value propositions for the smart grid.
Provide terminology and taxonomy necessary to support
smart grid.
Analyzes communication networking requirement functions
and capabilities to support smart grid.
Gathers new ideas relevant to and identify potential study
areas to support smart grid.
Identifies use cases of smart grid that can be used to derive
communication network requirements.
Suggests future itu-t study items and related actions.
Identifies potential impacts on standards development.
The Focus Group interacts with the various research activities in
order to familiarize ITU-T and standardization communities with the
emerging attributes of smart grid.
Activities related to
FG on Smart Grid identifies security and privacy issues that might
impact standards development. To this regard they have been
Smart Grid Security
60
Annex V. Related initiatives
smart grid security
working on a deliverable which analyses communications networking
requirement functions and capabilities to support smart grid,
including security and reliability aspects.
Results
Technical Reports, standards, good practices.
Comments
Focus Group on Smart Grid concluded in Decemer 2011
URL
http://www.itu.int/en/ITU-T/focusgroups/smart/Pages/Default.aspx
Name
IEC, TC 8, TC 57 and JTC1/SC27
Type
International agency
Line of action
Standards, Technical
Participants
Standardization bodies
Mission/Objectives
The International Electrotechnical Commission (IEC) is the world’s
leading organization that prepares and publishes International
Standards for all electrical, electronic and related technologies.
IEC provides a platform to companies, industries and governments for
meeting, discussing and developing the International Standards they
require.
All IEC International Standards are fully consensus-based and
represent the needs of key stakeholders of every nation participating
in IEC work. Every member country, no matter how large or small, has
one vote and a say in what goes into an IEC International Standard.
The IEC develops a lot of standards and technical reports, alone or in
collaboration with other organizations like ISO, on security and other
technical aspects.
IEC has several groups working for the implementation of security
measures in ICS and smart grid environments. The following points
highlight the most important ones:
IEC TC 8 prepares and coordinates, in cooperation with other
TC/SCs, the development of international standards and other
deliverables with emphasis on overall system aspects of
electricity supply systems and acceptable balance between
cost and quality for the users of electrical energy. Electricity
supply system encompasses transmission and distribution
networks and connected user installations (generators and
loads) with their network interfaces.
IEC TC 57 develops and maintains international standards for
power systems control equipment and systems including EMS
(Energy Management Systems), SCADA (Supervisory Control
And
Data
Acquisition),
distribution
automation,
Smart Grid Security
61
Annex V. Related initiatives
teleprotection, and associated information exchange for realtime and non-real-time information, used in the planning,
operation and maintenance of power systems.
On the other hand, the Joint Technical Committee ISO/IEC JTC 1 of
ISO and IEC is a standardization committee which main objective is
the creation of standards for general methods and techniques in the
area of information security.
Activities related to
smart grid security
IEC TC 8 WG AHG 4 works in smart grid requirements including
electrical system reliability (e.g. system security), as well as in
communication security, metering, etc.
IEC TC 57 WG 15 undertakes the development of standards for
security of the communication protocols defined by the IEC TC57,
specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC
61850 series, the IEC 61970 series, and the IEC 61968 series.
ISO/IEC JTC1/SC27 includes the development of standards for the
protection of information and ICT, including generic methods,
techniques and guidelines to address both security and privacy
aspects.
Some of the most relevant documents on ICS security of IEC are:
IEC 62351 series, Data and communication security (3),(4),
(5),(6),(7),(8) and(9).
IEC 62210, Power system control and associated
communications. Data and communication security (10).
Results
Standards, technical reports
Comments
IEC stands for International Electrotechnical Commission
URL
https://www.iec.ch
Name
IEEE, WGC1, WGC6, E7.1402 and other
Type
Professional association
Line of action
Standards
Participants
All stakeholders
Mission/Objectives
IEEE is the world’s largest professional association dedicated to
advancing technological innovation and excellence for the benefit of
humanity. IEEE and its members inspire a global community through
IEEE's highly cited publications, conferences, technology standards,
and professional and educational activities. In this way, the IEEE
develops standards and technical reports on security and other
technical-related aspects.
Smart Grid Security
62
Annex V. Related initiatives
Activities related to The IEEE is divided into several technical committees. One of the
smart grid security
most important is the standardization technical committee. This
Committee includes several work groups that are devoted to
defining security measures for ICS and smartgGrid environments.
Some of the most important workgroups are:
IEEE WGC1 - Application of Computer-Based Systems: This group
has been responsible for the document ‘1686-2007 IEEE Standard
for Substation Intelligent Electronic Devices (IEDs) Cyber Security
Capabilities Active Standard’ (11).
IEEE WGC6 - Trial Use Standard for a Cryptographic Protocol for
Cyber Security of Substation Serial Links: This group has been in
charge of the document ‘1711-2010 IEEE Trial-Use Standards for a
Cryptographic Protocol for Cyber Security of Substation Serial Links’
(12).
IEEE E7.1402 - Physical Security of Electric Power Substations:
Responsible for the treatment of all matters related to the secure
operation of electrical substations with respect to outside intrusions
into the substation. This group has developed the document ‘14022000 IEEE Guide for Electric Power Substation Physical and
Electronic Security’ (13).
Another technical committee which makes studies on security is the
IEEE Power & Energy Society (14) who is responsible for Smart Grid
Forum(15). It is worth highlighting workgroup IEES PSACE CAMS
(Power System Analysis, Computing, and Economics) (Computing
and Analytical Methods Subcommittee). The focus of the workgroup
is the cyber security of electric power infrastructures (16).
Results
Standards, technical reports, conferences, educational and training
activities
Comments
IEEE stands for Institute of Electrical and Electronics Engineers
URL
http://www.ieee.org/
Name
ISA, ISA99 and ISA67
Type
Professional association
Line of action
Dissemination and awareness, standards, and education and
training
Participants
All Stakeholders
Mission/Objectives
The International Society of Automation (ISA) is a leading, global,
non-profit organization that is setting the standard for automation
by helping over 30,000 worldwide members and other professionals
solve difficult technical problems, while enhancing their leadership
Smart Grid Security
63
Annex V. Related initiatives
and personal career capabilities.
ISA’s mission is to become the standard for automation globally by
certifying industry professionals; providing education and training;
publishing books and technical articles; hosting conferences and
exhibitions for automation professionals; and developing standards
for industry.
Some of the ISA objectives are to develop and establish standards,
recommended practices, technical reports, and related information
that will define procedures for implementing electronically secure
industrial automation and control systems and security practices
and assessing electronic security performance.
Activities related to The ISA is involved in the development of standards and technical
smart grid security
reports about ICS security and smart grid security.
The purpose of the ISA99 committee is to develop and establish
standards, recommended practices, technical reports, and related
information that will define procedures for implementing
electronically secure industrial automation and control systems and
security practices and assessing electronic security performance,
such as ISA99 standard (17) series.
The ISA67 16WG5 is in charge of organizing the cyber security for
the nuclear power industry (18).
Results
Standards, technical reports, good practices, events
Comments
It is not necessary to be a member of ISA in order to be a member of
an ISA committee.
URL
http://www.isa.org/
Name
UCA International Users Group
Type
Industry association
Line of action
Organizational and Policy, Standards, Information sharing.
Participants
Manufacturers, Integrators, Security tools and services providers,
Operators.
Mission/Objectives
The UCA International Users Group is a not-for-profit corporation
focused on assisting users and vendors in the deployment of
standards for real-time applications for several industries with related
requirements. The Users Group does not write standards, however
works closely with those bodies that have primary responsibility for
the completion of standards (notably IEC TC 57: Power Systems
Management and Associated Information Exchange).
The UCAIug as well as its member groups (CIMug, Open Smart Grid,
Smart Grid Security
64
Annex V. Related initiatives
and IEC 61850) draws its membership from utility user and supplier
companies. The mission of the UCA International Users Group is to
enable integration through the deployment of open standards by
providing a forum in which the various stakeholders in the energy
and utility industry can work cooperatively together as members of a
common organization to:
Activities related to
smart grid security
Influence, select, and/or endorse open and public standards
appropriate to the energy and utility market based upon the
needs of the membership.
Specify, develop and/or accredit product/system-testing
programs that facilitate the field interoperability of products
and systems based upon these standards.
Implement educational and promotional activities that
increase awareness and deployment of these standards in the
energy and utility industry.
Influence and promote the adoption of standards and
technologies specific to the ever-increasing smart grid
initiatives worldwide.
UCAIug works in security and in other aspects through its member
groups. For instance, the Open Smart Grid sub-technical committee is
responsible for developing security guidelines, recommendations,
and good practices for AMI system elements. This group fosters
enhanced functionality, lower costs and speed market adoption of
Advanced Metering networks and Demand Response solutions
through the development of an open standards-based
information/data model, reference design & interoperability
guidelines.
There are several task forces inside the UCA Ineternational Users
Group dealing to some extent with the security of smart grid
componentes and architectures. These are the following:
Usability Analysis Task Force
CyberSec-Interop Task Force
AMI-SEC Task Force
Embedded Systems Security Task Force
Among them, the AMI-SEC Task Force is the most directly related to
smart grid cyber security aspects. This task force was established
August 2007 to develop consistent security guidelines,
recommendations, and best practices for AMI system elements as
well as on design specifications. Moreover it tries to support vendors
to produce compliant and compatible security technologies. It
also provides a focus point for industry discussions on security
aspects related to AMI.
Smart Grid Security
65
Annex V. Related initiatives
Open Smart Grid subcommittee have four Working Groups. SG
Security is the charged on provide and study the security on the
smart grid.
Results
Standards, guidelines.
Comments
N/A
URL
http://www.ucaiug.org
Name
Zigbee Alliance
Type
Industry association
Line of action
Standard, Technical
Participants
All stakeholders
Mission/Objectives
The ZigBee Alliance is a non-profit industry consortium of leading
semiconductor manufacturers, technology providers, OEMs and endusers worldwide. Members aim at defining a global specification for
interoperable, cost-effective, low-power wireless applications based
on the IEEE 802.15.4 standard. Current membership is about 200 and
includes both heavyweights (such as Siemens and Texas Instruments)
and small start-ups.
The goal of the ZigBee Alliance is to create an open specification
defining mesh and tree network topologies with interoperable
application profiles for wireless control systems. Its focus is clearly on
standards-based, low-cost, low-power, and low-data rates
applications. Means to certify products are also within the scope of
the ZigBee Alliance.
Zigbee is envisioned as a promising technology in home automation,
due to the technical characteristics that differentiate it from other
technologies:
Its low power consumption.
Its mesh network topology.
Easy integration (nodes can be manufactured with very little
electronics).
Activities related to
smart grid security
Zigbee Alliance is working on a communication method based on
wireless technology. Low cost and low power have done Zigbee an
ideal protocol in industrial automation. The Zigbee Alliance works on
the definition of the security mechanism implemented in the protocol
definition.
Results
Standards, technical Report
Comments
N/A
Smart Grid Security
66
Annex V. Related initiatives
URL
www.zigbee.org
Smart Grid Security
67
Annex V. Related initiatives
11 Other web 2.0 initiatives
Name
Smart Grid Network
Type
Online resource (Social Network)
Line of action
Information sharing, dissemination and awareness, training and
education
Participants
Manufacturer or Integrator, Security tools and services Provider, DSO,
TSO, Retail Energy Provider
Mission/Objectives
The goal of Smart Grid Network is to accelerate the pace of smart grid
deployment by promoting dialog and information exchange among
stakeholders and connecting interested consumers with solution
providers.
The site helps consumers understand how a smarter grid can
empower them to better manage their energy usage and identify
trusted solution providers. Solution providers, big companies and
small start-ups alike, will be able to get the message out about their
innovative solutions to interested customers around the globe.
Smart Grid Network has two components; information from
authorized content providers on smart grid initiatives in a state or
country and a Facebook-style social network allowing:
Consumers, solution providers and enablers to communicate
on issues of interest.
Individuals to develop a network of trusted advisors for
identifying and selecting smart grid solutions.
Countries, states, and communities to highlight smart grid
projects and attract best of class solutions suitable for their
local requirements.
Utilities to learn about their customers’ needs, expectations
and demands; and inform customers of new offerings.
Universities and research centres to highlight ongoing smart
grid research and education programs.
Solutions providers to advertise their products and services.
Smart Grid Network, Inc. launched this site on October 18, 2011, with
a pilot test for Illinois (US) and is now expanding to other states and
countries.
Activities related to
smart grid security
This site provides information on security and privacy related issues
affecting the smart grid.
Results
Articles and discussions
Comments
Social network project
Smart Grid Security
68
Annex V. Related initiatives
URL
http://www.smartgrid.com/
Name
Smart grid security
Type
Online Resource
Line of action
Technical
Participants
All stakeholders
Mission/Objectives
The Smart Grid Security group is intended to facilitate the exchange
and discussion of ideas and concepts around the implementation of
smart applications and communications technology within the
electric power system.
Activities related to
smart grid security
All exposed in Mission/Objectives
Results
N/A
Comments
N/A
URL
http://www.linkedin.com/groups?home=&gid=
1842898&trk=anet_ug_hm&goback=.gdr_1332346537283_1
Name
Smart Grid Cyber Security (Exclusive Forum & Networking Group)
Type
Online Resource
Line of action
Technical
Participants
DSO, TSO, Security tools and services Provider
Mission/Objectives
The Smart Grid Cyber Security group is an exclusive memberscommunity, that’s brings together professionals from across the
International Smart Grid/Utilities sector involved with ‘Cyber and
Critical Infrastructure’ security. This community extends to both
those security professionals from within the Utilities Sector and their
IT security partners and vendors.
The objective of this group is to create a forum for its members to
discuss, share ideas, best practices, trends, strategies and create a
common community voice to further understand the dynamics
surrounding the global emergence of smart grid initiative and its
security risks.
Activities related to
smart grid security
All exposed in Mission/Objectives
Results
Forum
Smart Grid Security
69
Annex V. Related initiatives
Comments
N/A
URL
http://www.linkedin.com/groups?home=&gid=
4149740&trk=anet_ug_hm&goback=.gdr_1332346537283_1
http://www.smartgridcybersecurity.co.uk
Name
Energy Sector, Smart Grid, and Smart Meter Security
Type
Online Resource
Line of action
Technical
Participants
All stakeholders
Mission/Objectives
The Smart Grid initiative is perhaps the single largest worldwide
technological project mankind will ever witness. The design,
implementation, and maintenance of a secure system will be of
paramount importance in assuring success.
Activities related to
smart grid security
All exposed in Mission/Objectives
Results
N/A
Comments
It is mainly a discussion forum, where experts hare their opinion on
trending topics regarding cyber security.
URL
http://www.linkedin.com/groups?about=&gid=
2693507&trk=anet_ug_grppro
Name
European Smart-Grid Cyber-Security Forum
Type
Online Resource
Line of action
Technical
Participants
N/A
Mission/Objectives
The European Smart-Grid Cyber-Security Forum aims to provide a
much needed professional and open space for discussions,
knowledge sharing, innovation and ideas around Cyber-Security
aspects for Smart-Grids and Smart-Grid projects in Europe. It intends
to attract knowledge and expertise from anyone who has an insight
and experience in this exciting new industry.
All credible candidates are welcome to join and participate, either
individuals or organisations such as smart-energy/grid equipment
manufacturers, research organisations, consultancies, systems
integrators, security advisories, national regulatory bodies, telecoms
Smart Grid Security
70
Annex V. Related initiatives
providers, etc.
The ultimate objective being to foster and provide a centre of
excellence, collective balanced guidance and direction to all countries
and projects in Europe embarking on or already on their journey
towards Smart-Grids.
Activities related to
smart grid security
All exposed in Mission/Objectives
Results
N/A
Comments
N/A
URL
http://www.linkedin.com/groups?about=&gid=
3847044&trk=anet_ug_grppro
Smart Grid Security
71
Annex V. Related initiatives
12 Bibliography
1. European Network and Informations Security Agency (ENISA). Protecting Industrial Control
Systems - Recommendations for Europe and Member States. 2011.
2. CIGRÉ. The Impact of Implementing Cyber Security Requirements using IEC 61850. s.l. :
CIGRE Publication 427, 2010.
3. International Electrotechnical Commission (IEC). IEC TS 62351-1: Power systems
management and associated information exchange – Data and communications security. Part
1: Communication network and system security – Introduction to security issues. International
Electrotechnical Commission. 2007.
4. —. IEC TS 62351-2: Power systems management and associated information exchange –
Data and communications security – Part 2: Glossary of terms. International Electrotechnical
Commission. 2008.
5. —. IEC TS 62351-3: Power systems management and associated information exchange –
Data and communications security – Part 3: Communication network and system security –
Profiles including TCP/IP. International Electrotechnical Commission. 2007.
6. —. IEC TS 62351-4: Power systems management and associated information exchange –
Data and communications security – Part 4: Profiles including MMS. International
Electrotechnical Commission. 2007.
7. —. IEC TS 62351-5: Power systems management and associated information exchange –
Data and communications security – Part 5: Security for IEC 60870-5 and derivatives.
International Electrotechnical Commission. 2009.
8. —. IEC TS 62351-6: Power systems management and associated information exchange –
Data and communications security – Part 6: Security for IEC 61850. International
Electrotechnical Commission. 2007.
9. —. IEC TS 62351-7: Power systems management and associated information exchange –
Data and communications security. Part 7: Network and system management (NSM) data
object models. International Electrotechnical Commission. 2010.
10. —. IEC TR 62210: Power system control and associated communications – Data and
communication security. 2003-05.
11. Institute of Electrical and Electronics Engineers (IEEE). WGC1 - Application of ComputerBased Systems. s.l. : http://standards.ieee.org/develop/wg/WGC1.html, 2007.
12. —. WGC6 - Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation
Serial Links. s.l. : http://standards.ieee.org/develop/wg/WGC6.html, 2010.
13. —. E7.1402 - Physical Security of Electric
http://standards.ieee.org/develop/wg/E7_1402.html, 2000.
Power
14. —. IEEE Power & Energy Society. [Online] http://www.ieee-pes.org.
Substations.
s.l. :
72
Smart Grid Security
Annex V. Related initiatives
15. —. IEEE-PES Smart Grid Forum. [Online] tp://www.ieee-pes.org/smart-grid-forum.
16. —. IEEE PES Computer and Analytical Methods SubCommittee. [Online] 2000.
http://ewh.ieee.org/cmte/psace/CAMS_taskforce.html.
17. International Society of Automation (ISA). ISA99 Committee - Home. [Online]
http://isa99.isa.org/ISA99 Wiki/Home.aspx.
18. —. LISTSERV 15.5 bin/wa.exe?A0=ISA67-16WG5.
ISA67-16WG5.
[Online]
http://www.isa-online.org/cgi-
19. Commission of the European communities. Communication from the commission to the
European parliament. Protecting Europe from large scale cyber-attacks and disruptions:
enhancing preparedness, security and resilience. 2009.
20.
European
Commision.
M/441:
http://www.cen.eu/cen/Sectors/Sectors/Measurement/Documents/M441.pdf : s.n., 2009.
.
21. CEN/CENELEC/ETSI. CEN/CLC/ETSI/TR 50572. Functional reference architecture for
communications
in
smart
metering
systems.
s.l. :
ftp://ftp.cen.eu/cen/Sectors/List/Measurement/Smartmeters/CENCLCETSI_TR50572.pdf,
2011.
22. Commission of the European communities. Communication from the commission to the
European parliament, the European economic and social commitee and the commitee of the
regions. Achievements and next steps: towards global cyber-security. COM(2011) 163. 2011.
23. —. Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. COM(2011) 202
final. 2011.
24. DG-INFSO Expert Group on the security and resilience of Communication networks and
Information
systems
for
Smart
Grids.
Programme
of
Work.
s.l. :
https://resilience.enisa.europa.eu/security-and-resilience-of-communication-networks-andinformation-systems-for-smart-grids/program-of-work/draft-final-versionpow/at_download/file, 2011.
25. Task Force Smart Grids. Expert group 2. Regulatory recommendations for data safety,
data
handling
and
data
protection.
s.l. :
http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/expert_group2.pdf, 2011.
26. Elvire. [Online] 2011. http://www.elvire.eu/.
27.
CORDIS
Services.
AFTER.
[Online]
2011.
http://cordis.europa.eu/search/index.cfm?fuseaction=proj.document&PJ_LANG=EN&PJ_RCN
=12231422.
28. The OPEN meter Consortium. Open Meter. [Online] 2009. http://www.openmeter.com/.
29. Aretmis. Internet of Energy. [Online] 2011. http://www.artemis-ioe.eu/.
Smart Grid Security
73
Annex V. Related initiatives
30. O.Vermesan, R.Zafalon, K.Kriegel, R.Mock, R.John, M.Ottella, P.Perlo. Internet Of Energy
pag:33. Advance Microsystems for Automotive Applications 2011. [Online]
http://books.google.es/books?id=Qt7HDlzmrhsC&pg=PA33&lpg=PA33&dq=Internet+of+Energ
y+%E2%80%93+Connecting+Energy+Anywhere+Anytime&source=bl&ots=KlFXHWQYEA&sig=Y
DjZYgFqAevFtfWL6tuFqJxIKOo&hl=es&sa=X&ei=arVdT6mDIuem0AW9v9zWDQ&ved=0CIUBEO
gBMAY#v=onepage&q=Int.
31. European Technology Platform SmartGrids. Strategic research agenda for Europe’s
electricity
networks
of
the
future.
s.l. :
http://www.smartgrids.eu/documents/sra/sra_finalversion.pdf, 2007.
32. European Commission. Directorate-General for Energy. Standardization Mandate to
European Standardisation Organisations (ESOs) to support European Smart Grid deployment.
M/490.
s.l. :
http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/2011_03_01_mandate_m490_en.
pdf.
33. Commission of the European communities. Commission staff working document
definition, expected services, functionalities and benefits of smart grids SEC(2011)463. 2011.
34. ENTSOE. WG European operational standards. [Online] https://www.entsoe.eu/systemoperations/working-groups/wg-european-operational-standards/.
35. —. ENTSOE Working Group System Protection. [Online] https://www.entsoe.eu/systemoperations/working-groups/wg-critical-system-protection/.
36. —. WG Electronic Highway. [Online] https://www.entsoe.eu/system-operations/workinggroups/wg-electronic-highway/.
37. ESMIG. External Activities, ESMIG. [Online] http://www.esmig.eu/about-us/smart-metercoordination-group-sm-cg-new.
38.
EUROELECTRIC.
10
Steps
to
http://www.eurelectric.org/10StepsTosmartGrids/.
Smart
Grid.
[Online]
2010.
39. International Instruments Users' Association (WIB). Process control domain - Security
requirements for vendors. EWE (EI, WIB, EXERA). 2010.
40.
DIN.
Electromobility.
[Online]
2011.
http://www.naautomobil.din.de/cmd?contextid=naautomobil&bcrumblevel=1&subcommitte
eid=118124005&projid=149029465&level=tpl-projdetailansicht&committeeid=54738955&languageid=en.
41.
VGB.
VGB-R.175
IT-Sicherheit
http://www.vgb.org/shop/r175.html, 2006.
für
Erzeugungsanlagen
.
s.l. :
42. Netbeheer Nederland. Privacy and Security Advance Metering Infraestructure. Apendix A.
s.l. :
http://www.energiened.nl/_upload/bestellingen/publicaties/356_320006%20%20PS%20M%20StakeholderAnalysis.pdf, 2010.
74
Smart Grid Security
Annex V. Related initiatives
43.
DECC.
Smarter
Grids:
The
Opportunity.
s.l. :
http://www.decc.gov.uk/assets/decc/what%20we%20do/uk%20energy%20supply/futureelec
tricitynetworks/1_20091203163757_e_@@_smartergridsopportunity.pdf, 2009.
44. KEMA and ENA. UK Smart Grid Cyber Security Report. http://ses.jrc.ec.europa.eu/.
[Online] 2011. http://energynetworks.squarespace.com/storage/UK Smart Grid Cyber Security
Report.pdf.
45. North American Electric Reliability Corporation (NERC). Categorizing Cyber Systems. An
Approach Based on BES Reliability Functions. Cyber Security Standards Drafting Team for
Project 2008-06 Cyber Security Order 706. 2009.
46. SGTF. Smart Grid Task Force. [Online] http://www.nerc.com/filez/sgtf.html.
47. SGWG. Smart Grid Working Groups. [Online] 2011. http://www.nerc.com/filez/sgwg.html.
48. National Institute of Standards and Technology (NIST). NIST SP 800-82: Guide to
Industrial Control Systems (ICS) Security. National Institute of Standards and Technology. 2011.
49. —. NIST SP 800-53: Information Security. National Institute of Standards and Technology.
2009.
50. —. NISTIR 7176: System Protection Profile - Industrial Control Systems. Decisive Analytics.
2004.
51. —. NISTIR 7628: Guidelines for Smart Grid Cyber Security. Smart Grid Interoperability
Panel–Cyber Security Working Group (SGIP–CSWG). 2010.
52. ASAP-SG. Advanced Security Acceleration Project for the Smart Grid. [Online] 2011.
http://www.smartgridipedia.org/index.php/ASAP-SG.
53. The AMI-SEC Task Force (UCAIug) and The NIST Cyber Security Coordination Task Group.
SECURITY PROFILE FOR ADVANCED METERING INFRASTRUCTURE. 2010.
54. AMI-SEC-ASAP. AMI Security Implementation Guide. 2009.
55. National Institute of Standards and Technology (NIST). NIST Smart Grid Federal Advisory
Commitee. [Online] 2010. http://www.nist.gov/smartgrid/committee.cfm.
56. Smart Grid Architecture Committee. Smart Grid Architecture Committee. [Online]
http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/SmartGridArchitectureCommittee.
57. Cyber Security Working Group. Cyber Security Working Group.
http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG.
[Online]
58. Smart Grid Interoperability Panel (SGIP). SGIP Cyber Security Working Group (SGIP
CSWG).
[Online]
http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/CyberSecurityCTG.
59. NIST SGIP. Priority Action Plans.
sggrid/bin/view/SmartGrid/PriorityActionPlans.
[Online]
http://collaborate.nist.gov/twiki-
Smart Grid Security
75
Annex V. Related initiatives
60. —. Domain Expert Working Groups. [Online] 2011. http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/DEWGs.
61. NEMA. National Electrical Manufacturers Association. Position Statement on Cyber
Security.
s.l. :
www.nema.org/gov/energy/smartgrid/upload/Cyber_Security_Position_Statement.pdf.
62. National Electrical Manufacturers Association (NEMA). Position Statement on Cyber
Security.
s.l. :
http://www.nema.org/gov/energy/smartgrid/upload/Cyber_Security_Position_Statement.pdf
.
63.
EPRI.
EPRI
Progress
Report.
[Online]
http://www.smartgrid.epri.com/doc/IntelliGrid%20Newsletter%20Template_June%20053111
.pdf.
64. Zwan, Erwin van der. Security of Industrial Control Systems, What to Look For. 2010.
65. Zhang, Zhen. Smart Grid in America and Europe: Similar Desires, Different Approaches
(Part 2). . 2011.
66. —. Smart Grid in America and Europe: Similar Desires, Different Approaches (Part 1). .
2011.
67. Yin Hong, Chang. Cyber Security of a Smart Grid: Vulnerability Assessment. s.l. :
http://www.ece.nus.edu.sg/stfpage/elejp/FYP/CYH09.pdf, 2010.
68.
West,
Andrew.
SCADA
Communication
protocols.
http://www.powertrans.com.au/articles/new pdfs/SCADA PROTOCOLS.pdf.
[Online]
69. Weiss, Joseph. Protecting Industrial Control Systems from Electronic Threats. s.l. :
Momentum Press, 2010.
70. Tsang, Rose. Cyberthreats, Vulnerabilities and Attacks on SCADA networks. 2009.
71. Theriault, Marlene and Heney, William. Oracle Security. First Edition. s.l. : O'Reilly, 1998.
p. 446. 1-56592-450-9.
72. Syngres, Eric Knapp. Industrial Network Security. Securing critical infrastructure Networks
for Smart Grid, SCADA and other Industrial Control Systems. .
73. Suter, Manuel and Brunner, Elgin M. International CIIP Handbook 2008 / 2009. 2008.
74. Stouffer, K. A., Falco, J. A. and Scarfone, K. A. Guide to Industrial Control Systems (ICS)
Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control
Systems (DCS), and other control system configurations such as Programmable Logic
Controllers (PLC). s.l. : National Institute of Standards and Technology, 2011.
75.
Snyder,
Mike.
Smart
Grid
http://ict2020.tiaonline.org/may_june_2009/policy_stimulus.cfm.
Synergy.
76. Smith, Steven S. The SCADA Security Challenge: The Race Is On. 2006.
[Online]
76
Smart Grid Security
Annex V. Related initiatives
77. Identifying, understanding, and analyzing Critical Infrastructure Interdependencies.
Rinaldi, Steven M., Peerenboom, James P. and Kelly, Terrence K. 2001, IEEE Control Systems
Magazine.
78. Mo, Yilin, et al. Cyber–Physical Security of a Smart Grid Infrastructure. s.l. :
http://sparrow.ece.cmu.edu/group/pub/Mo-Kim-etal-ProcIEEE-2011.pdf, 2011.
79. Masica, Ken. Securing WLANs using 802.11i. Draft. Recommended Practice. 2007.
80. —. Recommended Practices Guide For Securing ZigBee Wireless Networks in Process
Control System Environments. 2007.
81. Lewis, Adam. ERN-CIP: European reference network for critical infrastructure protection.
[Online] http://www.creatif-network.eu/workshop1/Lewis_session3.pdf.
82. Lenzini, G., Oostdijk, M. and Teeuw, W. Trust, Security, and Privacy for the Advanced
Metering Infrastructure. s.l. : https://doc.novay.nl/dsweb/Get/Document-100649, 2009.
83. Kwasinski, A. Implication of Smart-Grids development for communication systems in
normal operation and during disasters. 2010.
84. Jeff Trandahl, Clerk. USA Patriot
http://epic.org/privacy/terrorism/hr3162.html.
Act
(H.R.
3162).
[Online]
2001.
85. International Organization for Standardization (ISO), International Electrotechnical
Commission (IEC). Information technology — Security techniques — Code of practice for
information security management. International Organization for Standardization,
International Electrotechnical Commission. 2005.
86. Huntington, Guy. NERC CIP’s and identity management. Huntington Ventures Ltd. 2009.
87. Holstein, Dennis Cease, Li, Haiyu L and Meneses, Albertin,. The Impact of Implementing
Cyber Security Requirements using IEC 61850. 2010.
88. Holstein, Dennis K. P1711 “The state of closure”. s.l. : PES/PSSC Working Group C6, 2008.
89. Hayden, Ernie. There is No SMART in Smart Grid Without Secure and Reliable
Communications. s.l. : http://www.verizonbusiness.com/resources/whitepapers/wp_nosmart-in-smart-grid-without-secure-comms_en_xg.pdf.
90. Hart, D.G. Using AMI torealize the Smart Grid. En Powerand energy society general
meeting -Conversion and delivery of electrical energy in the 21st Century. s.l. : IEEE 2008, 2008.
91. Green, Brian D., Cote, J. R. and Simmins, John. Smartgridinformation.info. [Online] 17 8
2010. [Cited: 30 12 2011.] http://www.smartgridinformation.info/pdf/2663_doc_1.pdf.
92. Gorman, Siobhan. Electricity Grid in U.S. Penetrated By Spies.
93. Goméz, J. Antonio. III Curso de verano AMETIC-UPM 2011 hacia un mundo digital: las eTIC motor de los cambios sociales, económicos y culturales. 2011.
94. Glöckler, Oszvald. IAEA Coordinated Research Project (CRP) on Cybersecurity of Digital
I&C
Systems
in
NPPs.
[Online]
2011.
Smart Grid Security
77
Annex V. Related initiatives
http://www.iaea.org/NuclearPower/Downloads/Engineering/meetings/2011-05-TWGNPPIC/Day-3.Thursday/TWG-CyberSec-O.Glockler-2011.pdf.
95. Giordano, Vincenzo, et al. Smart Grid projects in Europe: lessons learned and current
developments. 2011.
96. Ginter, Andrew. An Analysis of Whitelisting Security Solutions and Their Applicability in
Control Systems. 2010.
97. Flick, Tony and Morehouse, Justin. Securing the Smart Grid. Next Generation Power Grid
Security. 2011.
98. Fan, Jiyuan and Zhang, Xiaoling. Feeder Automation within the Scope of Substation
Automation.
[Online]
10
31,
2006.
[Cited:
12
29,
2011.]
http://www.ieee.org/portal/cms_docs_pes/pes/subpages/meetingsfolder/PSCE/PSCE06/panel24/Panel-24-3_Feeder_Automation.pdf.
99. Fan, Jiyuan, du Toit, Willem and Backschneider, Paul. Distribution Substation Automation
in Smart Grid.
100. Falliere, Nicolas, Murchu, Liam O and Chien, Eric. W32.Stuxnet Dossier. Symantec. 2011.
101. Ericsson, Göran. Managing Information Security in an Electric Utility. Cigré Joint Working
Group (JWG) D2/B3/C2-01.
102. Ebinger, Charles and Massy, Kevin. Software and hard targets: enhancing Smart Grid
cyber
security
in
the
age
of
information
warfare.
s.l. :
http://www.brookings.edu/~/media/Files/rc/papers/2011/02_smart_grid_ebinger/02_smart_
grid_ebinger.pdf, 2011.
103. Díaz Andrade, Carlos Andrés and Hernandez, Juan Carlos. Smart grid: Las TICs y la
modernización de las redes de energía eléctrica – Estado del arte. 2011.
104. Davis, Mike. SmartGrid Device Security. Adventures in a new medium. s.l. :
https://www.blackhat.com/presentations/bh-usa-09/MDAVIS/BHUSA09-Davis-AMISLIDES.pdf, 2009.
105. Conant, Rob. Toward a Global Smart Grid - The U.S. vs. Europe. [Online]
http://www.elp.com/index/display/article-display/2702271845/articles/utility-automationengineering-td/volume-15/Issue_5/Features/Toward_a_Global_Smart_Grid__The_US_vs_Europe.html .
106. —. Toward a Global Smart Grid - The U.S. vs. Europe. [Online]
http://www.elp.com/index/display/article-display/2702271845/articles/utility-automationengineering-td/volume-15/Issue_5/Features/Toward_a_Global_Smart_Grid__The_US_vs_Europe.html.
107.
Coll-Mayor,
Debora.
Overview
of
strategies
and
goals.
[Online]
http://www.4thintegrationconference.com/downloads/Strategies & Goals of Smartgrid in
Europe.pdf.
78
Smart Grid Security
Annex V. Related initiatives
108. Cleveland, Frances. White Paper: Cyber Security Issues for the Smart Grid. s.l. :
http://www.xanthusconsulting.com/Publications/White_Paper_Cyber_Security_Issues_for_the_Smart_Grid.pdf,
2009.
109. Clemente, Jude. The Security Vulnerabilities of Smart Grid. s.l. :
http://www.ensec.org/index.php?option=com_content&view=article&id=198:the-securityvulnerabilities-of-smart-grid&catid=96:content&Itemid=345, 2009.
110. Chebbo, Maher. Recommendations of the SmartGrid ICT consultation Group to the
European Commision. 2010.
111. Carpenter, Matthew and Wright, Joshua. Advanced metering infrastructure attack
methodology. 2009.
112. Brodsy, Jacob and McConnell, Anthony. Jamming and Interference Induced Denial-ofService Attacks on IEEE 802.15.4-Based Wireless Networks. 2009.
113. Boyer, Stuart A. SCADA: Supervisory Control and Data Acquisition. Iliad Development
Inc., ISA. 2010.
114. —. SCADA Supervisory and Data Acquisition. 2004.
115. Berkeley III, Alfred R. and Wallace, Mike. A Framework for Establishing Critical
Infrastructure Resilience Goals. Final Report and Recommendations by the Council. s.l. :
National Infrastructure Advisory Council, 2010.
116.
Bartels,
Guido.
Combating
Smart
Grid
Vulnerabilities.
s.l. :
http://www.ensec.org/index.php?option=com_content&view=article&id=284:combatingsmart-grid-vulnerabilities&catid=114:content0211&Itemid=374, 2011.
117. Bailey, David and Wright, Edwin. Practical SCADA for Industry. s.l. : Newnes, 2003.
118.
Asad,
Mohammad.
Challenges
of
http://www.ceia.seecs.nust.edu.pk/pdfs/Challenges_of_SCADA.pdf.
SCADA.
[Online]
119. Anderson, Roger N., et al. Computer-Aided Lean Management for the Energy Industry.
2008.
120. Amin, Saurabh, Sastry, Shankar and Cárdenas, Alvaro A. Research Challenges for the
Security of Control Systems. 2008.
121. Amin, S. Massoud. Smart Grid: Overview, Issues and Opportunities. Advances and
Challenges in Sensing, Modeling, Simulation, Optimization and Control. s.l. :
http://central.tli.umn.edu/CDC_Semi_plenary_Smart%20Grids_Massoud%20Amin_final.pdf,
2011.
122. Abbott, Ralph E. The Successful AMI Marriage: When Water AMR and Electric AMI
Converge.
[Online]
http://www.waterworld.com/index/display/articledisplay/328763/articles/waterworld/volume-24/issue-5/editorial-feature/the-successful-amimarriage-when-water-amr-and-electric-ami-converge.html.
Smart Grid Security
79
Annex V. Related initiatives
123.
ZigBee.
ZigBee
Home
Automation
Overview.
http://www.zigbee.org/Standards/ZigBeeHomeAutomation/Overview.aspx.
[Online]
124. International Federation of Automatic Control (IFAC). Working Group 3: Intelligent
Monitoring, Control and Security of Critical Infrastructure Systems — IFAC TC Websites.
[Online]
http://tc.ifac-control.org/5/4/working-groups/copy2_of_working-group-1decentralized-control-of-large-scale-systems.
125.
WirelessHART.
WirelessHART.
http://www.hartcomm.org/protocol/wihart/wireless_technology.html.
[Online]
126. Web application Security Consortium. Web Application Firewall Evaluation Criteria.
[Online] 2009. http://projects.webappsec.org/w/page/13246985/Web Application Firewall
Evaluation Criteria.
127. VIKING Project. Vital Infrastructure, Networks, Information and Control Systems
Management. [Online] 2008. http://www.vikingproject.eu.
128. VDI/VDE. VDI/VDE 2182: IT security for industrial automation. 2011.
129. United States Computer Emergency Readiness Team (US-CERT). US-CERT: United States
Compueter Emergency readiness Team. [Online] http://www.us-cert.gov.
130. Institute of Electrical and Electronics Engineers (IEEE). Transmission & Distribution
Exposition & Conference 2008 IEEE PES : powering toward the future. Institute of Electrical and
Electronics Engineers. 2008.
131. Pacific Northwest National Labortory, U.S. Department of Energy. The Role of
Synchronized Wide Area Measurements for Electric Power Grid Operations. 2006.
132. EURELECTRIC Networks Committee. The Role of Distribution System. Operators (DSOs) as
Information Hubs. 2010.
133. The 451 Group. The adversary: APTs and adaptive persistent adversaries. 2010.
134. SANS. The 2011 Asia Pacific SCADA and Process Control Summit - Event-At-A-Glance.
[Online] 2011. http://www.sans.org/sydney-scada-2011.
135. International Energy Agency (IEA). Technology Roadmap. Smart Grids. France :
OCDE/IEA, 2011.
136. EPRI. Technical and System Requirements for Advanced Distribution Automation. 2004.
137. International Federation of Automatic Control (IFAC). TC 6.3. Power Plants and Power
Systems — IFAC TC Websites. [Online] http://tc.ifac-control.org/6/3.
138. —. TC 3.1. Computers for Control — IFAC TC Websites. [Online] http://tc.ifaccontrol.org/3/1.
139. ESCoRTS Project. Survey on existing methods, guidelines and procedures. 2009.
140. CEN/CENELEC/ETSI Joint Working Group. Standards for Smart Grids. 2011.
80
Smart Grid Security
Annex V. Related initiatives
141. Smart Substations. Smart Substations:Desing, Operations and Maintenance. [Online]
http://www.smartsubstations.com.au/Event.aspx?id=664622.
142. EnergieNed. Smart Meter Requirements. Dutch Smart Meter specification and tender
dossier.
s.l. :
http://www.energiened.nl/_upload/bestellingen/publicaties/288_Dutch%20Smart%20Meter
%20%20v2.1%20final%20Main.pdf, 2008.
143.
European
Commision.
Energy.
Smart
Grids
Task
http://ec.europa.eu/energy/gas_electricity/smartgrids/taskforce_en.htm.
force.
[Online]
144. U.S. Department of Energy. Smart Grid System Report. 2009.
145.
Industrial
Defender.
Smart
Grid
http://blog.industrialdefender.com/?p=756, 2011.
Safety
vs
Confidentiality.
s.l. :
146.
Enerweb.
Smart
grid
Information
Report.
http://enerweb.co.za/brochures/Smart%20Grid%20Information%20Report.pdf, 2011.
s.l. :
147. IEEE Smart grid. Smart Grid Conceptual Model. [Online] http://smartgrid.ieee.org/ieeesmart-grid/smart-grid-conceptual-model.
148. Sonoma innovation. Smart Grid Communications Architectural Framework. 2009.
149. EU Commission Task Force for Smart Grids. Expert Group 4. Smart Grid aspects related
to Gas. 2011.
150. European Commision. Smart electricity Systems. European CommisionJoint Research
Centre. [Online] http://ses.jrc.ec.europa.eu/.
151. Siemens. Smart Distribution. Distribution Automation and Protection. [Online] [Cited: 29
12
2011.]
http://www.energy.siemens.com/fi/en/energy-topics/smart-grid/smartdistribution/distribution-automation-and-protection.htm.
152. The Climate Group. smart 2020: enabling the low carbon economy in the information
age. [Online] 2008.
153. Treehugger. SMART 2020 Report: Smart Grids Can Cut CO2 Emissions by 15 Percent.
[Online] 2011. http://www.treehugger.com/clean-technology/smart-2020-report-smart-gridscan-cut-co2-emissions-by-15-percent.html.
154. smart 2020. Smart 2020 . [Online] 2009. http://www.smart2020.org/.
155. ESCoRTS Project. Security of Control and Real Time Systems. [Online] 2008.
http://www.escortsproject.eu.
156.
ABB.
Security
in
the
smart
grid.
s.l. :
http://www02.abb.com/db/db0003/db002698.nsf/0/832c29e54746dd0fc12576400024ef16/
$file/paper_Security+in+the+Smart+Grid+%28Sept+09%29_docnum.pdf, 2009.
157. American Petroleum Institute (API) energy. Security Guidelines for the Petroleum
Industry. American Petroleum Institute. 2005.
Smart Grid Security
81
Annex V. Related initiatives
158. Technical Support Working Group (TSWG). Securing Your SCADA and Industrial Control
Systems. Departmet of Homeland Security. 2005.
159. Rijksoverheid. Scenario's Nationale Risicobeoordeling 2008/2009. [Online] 2009.
http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2009/10/21/scenario-snationale-risicobeoordeling-2008-2009.html.
160. SANS. SCADA Security Advanced Training. [Online] 1989. http://www.sans.org/securitytraining/scada-security-advanced-training-1457-mid.
161. Water Sector Coordinating Council Cyber Security Working Group. Roadmap to Secure
Control Systems in the Water Sector. 2008.
162.
RISI.
Repository
of
http://www.securityincidents.org/.
Industrial
Security
Incidents.
[Online]
163. United States Nuclear Regulatory Commission. Regulatory Guide 5.71: Cyber security
programs for nuclear facilities. 2010.
164. Department of Homeland Security (DHS). Recommended Practice: Improving Industrial
Control Systems Cybersecurity with Defense-In-Depth Strategies. 2009.
165. Wikipedia. Recloser. [Online] [Cited: 12 26, 2011.] http://en.wikipedia.org/wiki/Recloser.
166. Iberdrola. Proyecto tipo para Centro de Transformación intemperie compacto. [En línea]
Abril
de
1997.
[Citado
el:
29
de
Diciembre
de
2011.]
http://www.coitiab.es/reglamentos/electricidad/reglamentos/jccm/iberdrola/mt_2-1105.htm.
167. Centre for the Protection of National Infrastructure (CPNI). Process control and SCADA
security. Guide 7. Establish ongoing governance. Centre for the Protection of National
Infrastructure.
168. —. Process control and SCADA security. Guide 6. Engage projects. Centre for the
Protection of National Infrastructure.
169. —. Process control and SCADA security. Guide 5. Manage third party risk. Centre for the
Protection of National Infrastructure.
170. —. Process control and SCADA security. Guide 4. Improve awareness and skills. Centre for
the Protection of National Infrastructure.
171. —. Process control and SCADA security. Guide 3. Establish response capabilities. Centre
for the Protection of National Infrastructure.
172. —. Process control and SCADA security. Guide 2. Implement secure architecture. Centre
for the Protection of National Infrastructure.
173. —. Process control and SCADA security. Guide 1. Understand the business risk. Centre for
the Protection of National Infrastructure.
82
Smart Grid Security
Annex V. Related initiatives
174. —. Process control and SCADA security. Centre for the Protection of National
Infrastructure.
175. Institute of Electrical and Electronics Engineers (IEEE). P2030: IEEE Guide for Smart Grid
Interoperability of Energy Technology and Information Technology Operation with the Electric
Power System (EPS), End-Use Applications, and Loads. 2011.
176.
Wikipedia.
Outage
management
http://en.wikipedia.org/wiki/Outage_management_system.
system.
[Online]
177. Open Smart Grid. Open Smart Grid. [Online] http://osgug.ucaiug.org/default.aspx.
178. OpenSG. Open Smart Grid. http://osgug.ucaiug.org. [Online]
179. Norwegian Oil Industry Association (OLF). OLF Guideline No.110: Implementation of
information security in PCSS/ICT systems during the engineering, procurement and
commissioning phases. Norwegian Oil Industry Association. 2006.
180. —. OLF Guideline No. 104: Information Security Baseline Requirements for Process.
Norwegian Oil Industry Association. 2006.
181. National Institute of Standards and Technology (NIST). NIST SP 1108: NIST Framework
and Roadmap for Smart Grid Interoperability Standards, Release 1.0. 2010.
182. The White House. National Strategy for Information Sharing. [Online] 2007.
http://georgewbush-whitehouse.archives.gov/nsc/infosharing/index.html.
183. Department of Homeland Security (DHS). National Infrastructure Protection Plan:
Partnering to enhance protection and resiliency. Department of Homeland Security. 2009.
184. NAMUR. NAMUR NA 115 IT-Security for Industrial Automation Systems: Constraints for
measures applied in process industries. 2006.
185. Centre for the Protection of Critial Infrastructure (CPNI). Meridian Process Control
Security
Information
Exchange
(MPCSIE).
[Online]
http://www.cpni.nl/informatieknooppunt/internationaal/mpcsie.
186. Meridian. Meridian. [Online] http://www.meridian2007.org.
187. International Electrotechnical Commission (IEC). ISO/IEC 15408: Information technology.
Security techniques. Evaluation criteria for IT security. 2009-2011.
188. International Society of Automation (ISA). ISA100, Wireless Systems for Automation.
[Online] www.isa.org/isa100.
189. INTERSECTION Project. INfrastructure for heTErogeneous, Resilient, SEcure, Complex,
Tightly Inter-Operating Networks (INTERSECTION). [Online] 2008. http://www.intersectionproject.eu.
190. Norwegian Oil Industry Association (OLF). Information Security Baseline Requirements
for Process Control, Safety, and Support ICT Systems. Norwegian Oil Industry Association.
2009.
Smart Grid Security
83
Annex V. Related initiatives
191. INSPIRE Project. INcreasing Security and Protection through Infrastructure REsilience.
[Online] 2008. http://www.inspire-strep.eu.
192. International Federation for Information Processing (IFIP). IFIP WG 1.7 Home Page.
[Online] http://www.dsi.unive.it/~focardi/IFIPWG1_7.
193. —. IFIP Technical Committees. [Online] http://ifiptc.org/?tc=tc11.
194. —. IFIP TC 8 International Workshop on Information Systems Security Research. [Online]
http://ifip.byu.edu.
195. Institute of Electrical and Electronics Engineers (IEEE). IEEE Standard for Substation
Intelligent Electronic Devices (IEDs) Cyber Security Capabilities. 2007.
196. —. IEEE Standard C37.1-1994: Definition, Specification, and Analysis of Systems Used for
Supervisory Control, Data Acquisition, and Automatic Control. Institute of Electrical and
Electronics Engineers. 1994.
197. International Electrotechnical Commission (IEC). IEC 62443: Security for Industrial
Process Measurement and Control: Network and System Security. 2010.
198. —. IEC 61970: Common Information Model (CIM) / Energy Management.
199. —. IEC 61968: Common Information Model (CIM) / Distribution Management.
200. —. IEC 61850-7-2: Communication networks and systems for power utility automation –
Part 7-2: Basic information and communication structure – Abstract communication service
interface (ACSI). International Electrotechnical Commission. 2010.
201. —. IEC 61850: Communication networks and systems in substations. 2011.
202. —. IEC 60870-6: Telecontrol equipment and systems. 2005.
203. —. IEC 60870-5: Telecontrol equipment and system. 2007.
204. ICT4SMARTDG. ICT Solutions to enable Smart Distributed Generation. 2011.
205. International Atomic Energy Agency (IAEA). IAEA Technical Meeting on Newly Arising
Threats
in
Cybersecurity
of
Nuclear
Facilities.
[Online]
2011.
http://www.iaea.org/NuclearPower/Downloads/Engineering/files/InfoSheetCybersecurityTM-May-2011.pdf.
206.
Energie
Vortex.
http://www.energyvortex.com.
[Online]
http://www.energyvortex.com/energydictionary/blackout__brownout__brown_power__rolli
ng_blackout.html.
207. IRRIIS Project. Homepage of the IRRIIS project. [Online] 2006. http://www.irriis.org.
208. Department of Homeland Security (DHS). Homeland Security Presidential Directive-7.
[Online] 2003. http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm#1.
84
Smart Grid Security
Annex V. Related initiatives
209. Department of Energy (DoE). Hands-on Control Systems Cyber Security Training of
National
SCADA
Test
Bed.
[Online]
2008.
http://www.inl.gov/scada/training/d/8hr_intermediate_handson_hstb.pdf.
210.
BBC
news.
Hackers
'hit'
US
water
http://www.bbc.co.uk/news/technology-15817335, 2011.
treatment
systems.
s.l. :
211. Swedish Civil Contingencies Agency (MSB). Guide to Increased Security in Industrial
Control Systems. Swedish Civil Contingencies Agency. 2010.
212. Commission of the European communities. Green paper. On a European programme for
critical infrastructure protection COM(2005) 576 final. 2005.
213. National Infrastructure Security Coordination Centre (NISCC). Good Practice Guide
Process Control and SCADA Security. PA Consulting Group. 2006.
214. —. Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks.
British Columbia Institute of Technology (BCIT). 2005.
215. McAfee. Global Energy Cyberattacks: “Night Dragon”. [Online] 2011.
http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-nightdragon.pdf.
216. National Infrastructure Security Coordination Centre (NISCC). Firewall deployment for
scada and process control networks. good practice guide. National Infrastructure Security
Coordination Centre. 2005.
217. Centre for the Protection of National Infrastructure (CPNI). Firewall deployment for
scada and process control networks. Centre for the Protection of National Infrastructure.
2005.
218. National Institute of Standards and Technology (NIST). FIPS PUB 199. Standards for
Security Categorization of Federal Information and Information Systems. [Online] 2004.
http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf.
219. —. Field Device Protection Profile for SCADA Systems in Medium Robustness
Environments. 2006.
220. EU Commission Task Force for Smart Grids. Expert Group 1: Functionalities of smart grids
and smart meters. 2010.
221.
The
White
House.
Executive
http://www.fas.org/irp/offdocs/eo/eo-13231.htm.
Order
13231.
[Online]
222. European Commission. Europ2 2020. Europe 2020 targets.
http://ec.europa.eu/europe2020/reaching-the-goals/targets/index_en.htm.
2001.
[Online]
223. Eur Lex. [Online] http://eur-lex.europa.eu/en/index.htm.
224. European Network and Informations Security Agency (ENISA). EU Agency analysis of
‘Stuxnet’ malware: a paradigm shift in threats and Critical Information Infrastructure
Smart Grid Security
85
Annex V. Related initiatives
Protection. [Online] 2010. http://www.enisa.europa.eu/media/press-releases/eu-agencyanalysis-of-2018stuxnet2019-malware-a-paradigm-shift-in-threats-and-critical-informationinfrastructure-protection-1.
225. Instituto de Investigaciones Eléctricas de México. Estado del arte en Redes Inteligentes
"Smart Grids". Automatización de la Distribución en las Redes Inteligentes. México : s.n.
226. eSEC. eSEC. Plataforma Tecnológica Española de Tecnologías para Seguridad y Confianza.
[Online] http://www.idi.aetic.es/esec.
227.
Energie.gov.
Energy
development/energy-storage.
Storage.
[Online]
http://energy.gov/oe/technology-
228. Department of Energy (DoE). Energy Infrastructure Risk Management Checklists for
Small and Medium Sized Energy Facilities. Department of Energy. 2002.
229. Energy Independence and Security Act of 2007. s.l. : http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=110_cong_bills&docid=f:h6enr.txt.pdf, 2007.
230.
Energiened.
Energiened
Documentation.
http://www.energiened.nl/Content/Publications/Publications.aspx.
[Online]
231. U.S. Department of Energy. Electricity sector cyber-security risk management process
guideline. 2011.
232. Government Accountability Office (GAO). Electricity grid modernization. Progress Being
Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed. s.l. :
http://www.gao.gov/new.items/d11117.pdf, 2011.
233. Smarter Grid Solutions. Dynamic Line Rating - managing capacity. [Online]
http://www.smartergridsolutions.com/index.html?pid=153.
234. National Institute of Standards and Technology (NIST). Draft NIST Framework and
Roadmap for Smart Grid Interoperability Standards, Release 2.0. 2011.
235. DLMS User Association. DLMS/COSEM: Conformance Testing Process. 2010.
236. —. DLMS/COSEM: Architecture and Protocols. 2009.
237.
Wikipedia.
Distribution
mangagement
http://en.wikipedia.org/wiki/Distribution_mangagement_system.
system.
[Online]
238. Commission of the European communities. Directive 95/46/EC of the European
Parliament and of the Council of 24 October 1995 on the protection of individuals with regard
to the processing of personal data and on the free movement of such data. 1995.
239.
DigitalBond.
DigitalBond.
ICS
Security
Tool
http://www.digitalbond.com/tools/ics-security-tool-mail-list.
Mail
List.
[Online]
240. Department of Homeland Security (DHS). DHS officials: Stuxnet can morph into new
threat. [Online] 2011. http://www.homelandsecuritynewswire.com/dhs-officials-stuxnet-canmorph-new-threat.
86
Smart Grid Security
Annex V. Related initiatives
241. Department of Energy (DoE). Cybersecurity for Energy Delivery Systems Peer Review.
[Online] 2010. http://events.energetics.com/CSEDSPeerReview2010.
242. Department of Homeland Security (DHS). Cyber storm III Final Report. Department of
Homeland Security Office of Cybersecurity and Communications National Cyber Security
Division. 2011.
243. Centre for the Protection of National Infrastructure (CPNI). Cyber security assessments
of industrial control systems. Centre for the Protection of National Infrastructure. 2011.
244. CRUTIAL Project.
http://crutial.rse-web.it.
CRitical
Utility
InfrastructurAL
resilience.
[Online]
2006.
245. Thales. Critical Infrastructure Security. A Holistic Security Risk Management Approach.
s.l. :
http://www.securitymanagement.com.au/content/file/CriticalISThales.pdf?asm=ad05637d37
e2a8c1afeeda016804c85, 2008.
246. United States General Accounting Office (GAO). Critical infrastructure protection.
Challenges and Efforts to Secure Control Systems. United States General Accounting Office.
2004.
247. CI2RCO Project. Critical information infrastructure research coordination. [Online] 2008.
http://cordis.europa.eu/fetch?CALLER=PROJ_ICT&ACTION=D&CAT=PROJ&RCN=79305.
248. SINTEF. CRIOP: A scenario method for Crisis Intervention and Operability analysis. 2011.
249. Centre for the Protection of Critical Infrastructure (CPNI). CPNI. [Online]
http://www.cpni.gov.uk/advice/infosec/business-systems/scada.
250. Commission of the European communities. Council directive 2008/114/EC of 8
December 2008 on the identification and designation of European critical infrastructures and
the assessment of the need to improve their protection. 2008.
251. Council decision on a Critical Infrastructure Warning Information Network (CIWIN)
COM(2008) 676». Commission of the European communities. 2008.
252. DLMS User Association. COSEM: Identification System and Interface Classes. 2010.
253. —. COSEM: Glossary of Terms. 2003.
254. Department of Energy (DoE). Control Systems Security Publications Library. [Online]
http://energy.gov/oe/control-systems-security-publications-library.
255. United States Computer Emergency Readiness Team (US-CERT). Control Systems
Security Program: Industrial Control Systems Joint Working Group. [Online] http://www.uscert.gov/control_systems/icsjwg/index.html.
256. —. Control Systems Security Program: Industrial Control Systems Cyber Emergency
Response Team. [Online] http://www.us-cert.gov/control_systems/ics-cert/.
Smart Grid Security
87
Annex V. Related initiatives
257. Interstate Natural Gas Association of America (INGAA). Control Systems Cyber Security
Guidelines for the Natural Gas Pipeline Industry. Interstate Natural Gas Association of
America. 2011.
258. ICT4SMARTDG. Consensus on ICT solutions for a Smart Distribution at Domestic Level.
2011.
259. Centre for the Protection of National Infrastructure (CPNI). Configuring & managing
remote access for industrial control systems. Centre for the Protection of National
Infrastructure. 2011.
260. Commission of the European communities. Communication from the commission.
Energy infrastructure priorities for 2020 and beyond – A Blueprint for an integrated European
energy network. COM(2010) 677. 2010.
261. —. Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions: A Digital Agenda
for Europe. COM(2010)245 final. 2010.
262. —. Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. Energy 2020: A
strategy for competitive, sustainable and secure energy. COM(2010) 639 final. 2010.
263. —. Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. Digital Agenda
for Europe. COM(2010) 245. 2010.
264. —. Communication from the commission to the council, the European parliament, the
European economic and social commitee and the commitee of the regions. A strategy for a
Secure Information Society – 'Dialogue, partnership and empowerment' COM(2006) 251. 2006.
265. —. Communication from the commission to the council and the European parliament.
Prevention, preparedness and response to terrorist attacks COM(2004) 698 final. 2004.
266. —. Communication from the commission to the council and the European parliament.
Critical Infrastructure Protection in the fight against terrorism COM(2004) 702 final. 2004.
267. —. Communication from the commission on a European Programme for Critical
Infrastructure Protection COM(2006) 786. 2006.
268. North American Electric Reliability Corporation (NERC). CIP-009-4: Cyber Security —
Recovery Plans for Critical Cyber Assets. North American Electric Reliability Corporation
(NERC). 2011.
269. —. CIP-008-4: Cyber Security — Incident Reporting and Response Planning. North
American Electric Reliability Corporation. 2011.
270. —. CIP-007-4: Cyber Security — Systems Security Management. North American Electric
Reliability Corporation. 2011.
88
Smart Grid Security
Annex V. Related initiatives
271. —. CIP-006-4: Cyber Security — Physical Security. North American Electric Reliability
Corporation. 2011.
272. —. CIP-005-4: Cyber Security — Electronic Security Perimeter(s). North American Electric
Reliability Corporation. 2011.
273. —. CIP-004-4: Cyber Security — Personnel and Training. North American Electric
Reliability Corporation. 2011.
274. —. CIP-003-4: Cyber Security — Security Management Controls. North American Electric
Reliability Corporation. 2011.
275. —. CIP-002-4: Cyber Security — Critical Cyber Asset Identification. North American
Electric Reliability Corporation. 2011.
276. —. CIP-001-1a: Sabotage Reporting. North American Electric Reliability Corporation.
2010.
277. Department of Homeland Security (DHS). Catalog of Control Systems Security:
Recommendations for Standards Developers. 2009.
278. Council of the European Union. Brussels European Council 8/9 march 2007. Presidency
conclusions. 2007.
279. Power Systems Engineering Research Center. Automated Circuit Breaker Monitoring.
2007.
280. Gartner. Assessing the Security Risks of Cloud Computing. Gartner. [Online] 2008.
http://www.gartner.com/DisplayDocument?id=685308.
281. American Petroleum Institute (API) energy. API Standard 1164. Pipeline SCADA Security.
American Petroleum Institute. 2009.
282. American National Standard (ANSI). ANSI/ISA-TR99.00.01-2007 Security Technologies for
Industrial Automation and Control Systems. International Society of Automation (ISA). 2007.
283. —. ANSI/ISA–99.02.01–2009 Security for Industrial Automation and Control Systems. Part
2: Establishing an Industrial Automation and Control Systems Security Program. International
Society of Automation (ISA). 2009.
284. —. ANSI/ISA–99.00.01–2007 Security for Industrial Automation and Control Systems. Part
1: Terminology, Concepts, and Models. International Society of Automation (ISA). 2007.
285. —. ANSI C12.21: American National Standard for Protocol Specification for Telephone
Modem Communication. 2006.
286. —. ANSI C12.19: American National Standard for Utility Industry End Device Data Tables.
2008.
287. —. ANSI C12.18: American National Standard for Protocol Specification for ANSI Type 2
Optical Port. 2006.
288. AMI-SEC-ASAP. AMI System Security Requirements. 2008.
Smart Grid Security
89
Annex V. Related initiatives
289. American Gas Association (AGA). AGA Report No. 12, Cryptographic Protection of SCADA
Communications. Part 2 Performance Test Plan. American Gas Association. 2006.
290. —. AGA Report No. 12, Cryptographic Protection of SCADA Communications. Part 1
Background, policies and test plan. American Gas Association. 2006.
291. Wikipedia. Advanced Distribution Automation. [Online] [Cited: 02 01 2012.]
http://en.wikipedia.org/wiki/Advanced_Distribution_Automation.
292. IBM Global Services. A Strategic Approach to Protecting SCADA and Process Control
Systems. 2007.
293. Europe 2020. A resource-efficient Europe – Flagship initiative of the Europe 2020
Strategy. [Online] http://ec.europa.eu/resource-efficient-europe/index_en.htm.
294. EOS Energy Infrastructure Protection & Resilience Working Group. A global european
approach for energy infrastructure protection & resilience. s.l. : http://www.eoseu.com/LinkClick.aspx?fileticket=DEvuI/4l1jU=&tabid=232, 2009.
295. Department of Energy (DoE). 21 Steps to Improve Cyber Security of SCADA Networks.
Department of Energy.
296. Security of Industrial Control Systems, What to Look For. Zwan, Erwin van der. 2010,
ISACA Journal Online.
297. IEC. IEC TS 62351-5: Power systems management and associated information exchange –
Data and.
298. En. [Online]
299. Taylor, Dr. Gary. DEVELOPING NOVEL ICT BASED SOLUTIONS FOR SMART DISTRIBUTION
NETWORK
OPERATION.
[Online]
http://dea.brunel.ac.uk/hiperdno/files/UPEC%202010%20HiPerDNO%20Project%20Presentati
on.pdf.
300. NIST -SGIP. SGIP Catalog of Standards. [Online] 2012. http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/SGIPCatalogOfStandards.
Smart Grid Security
90
Annex V. Related initiatives
13 Abbreviations
ACER
ADA
AMI
AMR/AMM
ANSI
AoR
BAN
BPL
C&DM
CC
CEN
CENELEC
CEO
CERT
CIA
CIWIN
C-level
CO2
COTS
CS
CZ
DAE
DCA
DE
DER
DG ENER
DK
DLF/DLE
DLMS/COSEM
DLR
DMS
DoS
DPF
DSE
DSM
DSO
EACI
Agency for the Cooperation of Energy Regulators
Advanced Distribution Automation
Advanced Metering Infrastructure
Advanced Metering Reading/Measures
American National Standards Institute
Assessment of the Resilience
Building Area Networks
Broadband over power line
Control & Data Management
Common Criteria
European Committee for Standardization
European Committee for Electrotechnical Standardization
chief executive officer
centre emergency response team
Confidentially, Integrity and Availability
Critical Infrastructure Warning Information Network
Chief level (CEO, CIO, ...)
Carbon dioxide
Commercial of the Self
Control Systems
Czech Republic
Digital Agenda for Europe
Distribution Contingency Analysis
Germany
Distributed Energy Resources
Directorate-General for Energy
Denmark
Distribution Load Forecasting and Estimation
Device Language Message specification/COmpanion Specification for Energy
Metering
Dynamic Line Ratings
Distribution Management System
Denial of Service
Distribution Power Flow
Distribution State Estimation
Demand Side Management
Distribution System Operators
European Association for Creativity and Innovation
Smart Grid Security
91
Annex V. Related initiatives
EC
ECI
EG
EII
EISAS
EL
EMS
ENISA
ENTSO
EP3R
EPCIP
ES
ESI
ETN
ETP
ETP
ETSI
EU
EV
FAN
FDIR
FP7
FTP
GDP
GHG
GIS
GPRS
HAN
HMI
HPC
HTTP
HTTPS
HVDC
HW
IAC
IAN
ICS
ICT
IE
IEC
European Commission
European Critical Infrastructures
Expert Group
European Industrial Initiatives
European Information Sharing and Alert System
Greek
Energy Management System
European Network and Information Security Agency
European Network of Transmission System Operators for Electricity
European Public Private Partnership for Resilience
European Programme for Critical Infrastructure Protection
Spain
Energy service interface
Electrical Transmission Network
Executive Training Programme
European Technology Platform
European Telecommunications Standards Institute
European Union
Electric Vehicle
Field Area Network
Fault Detection Isolation and Restoration
Framework Programme 7
File Transfer Protocol
Gross domestic product
Greenhouse Gas
geographic Information system
General Packet Radio Service
Home Area Network
Human Machine Interface
High Performance Computing
Hypertext Transfer Protocol
Hypertext Transfer Protocol Secure
High-Voltage Direct Current
Hardware
Integrity, Availability, Confidentiality
Industrial Area Networks
Industrial Control Systems
Information and communications technology
Information Exchange
International Electrotechnical Commission
Smart Grid Security
92
Annex V. Related initiatives
IED
IEEE
IoE
IPS/IDS
IP-Sec
ISA
ISM
ISMS
ISO
IST
IT
IT
IVVC
JHA
JRC
JWG
KF
LAN
LV
MAN
MDMS
MID
MPLS
MS
MV
NAN
NCA
NCI
NERC
NIS
NIST
NL
NO
NRA
OFC
OFDM
OMS
OWASP
PCD
PLC
Intelligent Electronic Devices
Institute of Electrical and Electronics Engineers
Internet of Energy
Intrusion Protection/Detection System
Internet Protocol Secure
International Society of Automation
Information Security Management
Information Security Management System
International Organization for Standardization
Information Society Technologies
Information Technology
Italy
Integrated Voltage/Var Control
Justice and Home Affairs
Joint Research Center
Joint Working Group
Key Finding
Local Area Network
Low Voltage
Metropolitan Area Network
Meter data management system
Measuring Instruments Directive
Multiprotocol Label Switching
Member State
Medium Voltage
Neighbourhood Area Network
National Certification Authorities
National Critical Infrastructures
North American Electric Reliability Corporation
Network and Information Security
National Institute of Standards and Technology
Nederland
Norway
National Regulatory Authorities
Optimal Feeder Configuration
Orthogonal Frequency Division Multiplexing
Outage Management System
Open Web Application Security Project
Process Control Domain
Power Line Communications
Smart Grid Security
93
Annex V. Related initiatives
PMU
PP
QoS
R&D
RBAC
RF
RISI
RMP
RTD
RTP
RTU
SCADA
SES
SFTP
SG
SGIS
SIEM
SL
SMART
SOC
SSH
ST
SW
TCP/IP
Telnet
TF
TOE
TP
TSO
UK
USA/US
USB
VPN
WAAPCA
WAMS
WAN
WASA
WG
WMD
Phasor Measurement Units
Protection Profiles
quality of service
Research and Development
Role Based Access Control
Radio Frequency
Repository of Industrial Security Incidents
Risk Management Process
Research and Technology Development
Real-Time Pricing
Remote Terminal Units
Supervisory Control and Data Acquisition
Smart Electricity System
Secure File Transfer Protocol
Smart Grid
Smart Grid Information Security
Security information and event management
Slovenia
Standardization, Monitoring, Accounting, Rethink, Transformation
Security Operations Centre
Secure Shell
Security Targets
Software
Transmission Control Protocol/Internet Protocol
Telecommunications Network
Task Force
Target of Evaluation
Topology Processor
Transmission System Operators
United Kingdom
United States of America
Universal Serial Bus
Virtual Private Network
wide-area adaptive protection, control and automation
Wide Area Monitoring System
Wide Area Networks
Wide-Area Situational Awareness
Working Group
Weapon of Mass Destruction
94
Smart Grid Security
Annex V. Related initiatives
P.O. Box 1309, 71001 Heraklion, Greece
www.enisa.europa.eu
Annex V. Related initiatives
[Deliverable – 2012-03-31]
Smart Grid Security
I
Annex V. Related initiatives
This document is Annex 5 (of 5) to the ENISA study ‘Smart grid security: Recommendations for
Europe and Member States, June 2012’.
Contributors to this report
ENISA would like to recognise the contribution of the S21sec1 team members that prepared
this report in collaboration with and on behalf of ENISA:
Elyoenai Egozcue,
Daniel Herreras Rodríguez,
Jairo Alonso Ortiz,
Victor Fidalgo Villar,
Luis Tarrafeta.
Agreements or Acknowledgements
ENISA would like to acknowledge the contribution of Mr. Wouter Vlegels and Mr. Rafał
Leszczyna to this study.
1
S21sec, the contractor of ENISA for this study is an international security services company with offices in several countries.
Smart Grid Security
II
Annex V. Related initiatives
About ENISA
The European Network and Information Security Agency (ENISA) is a centre of network and
information security expertise for the EU, its member states, the private sector and Europe’s
citizens. ENISA works with these groups to develop advice and recommendations on good
practice in information security. It assists EU member states in implementing relevant EU
legislation and works to improve the resilience of Europe’s critical information infrastructure
and networks. ENISA seeks to enhance existing expertise in EU member states by supporting
the development of cross-border communities committed to improving network and
information security throughout the EU. More information about ENISA and its work can be
found at www.enisa.europa.eu.
Contact details
For contacting ENISA or for general enquiries on CIIP & Resilience, please use the following
details:
E-mail: [email protected]
Internet: http://www.enisa.europa.eu
For questions related to ‘’Smart grid security: Recommendations for Europe and Member
States’’, please use the following details:
E-mail: [email protected]
Legal notice
Notice must be taken that this publication represents the views and interpretations of the
authors and editors, unless stated otherwise. This publication should not be construed to be a
legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC)
No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not
necessarily represent state-of the-art and ENISA may update it from time to time.
Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the
external sources including external websites referenced in this publication.
This publication is intended for information purposes only. It must be accessible free of charge.
Neither ENISA nor any person acting on its behalf is responsible for the use that might be made
of the information contained in this publication.
Reproduction is authorised provided the source is acknowledged.
© European Network and Information Security Agency (ENISA), 2012
Smart Grid Security
III
Annex V. Related initiatives
Contents
1
Introduction .......................................................................................................................... 2
2
Europe ................................................................................................................................... 6
3
Belgium ............................................................................................................................... 37
4
Denmark .............................................................................................................................. 38
5
Germany.............................................................................................................................. 39
6
Italy...................................................................................................................................... 42
7
The Netherlands.................................................................................................................. 44
8
United Kingdom .................................................................................................................. 46
9
USA ...................................................................................................................................... 48
10 International ....................................................................................................................... 58
11 Other web 2.0 initiatives ..................................................................................................... 67
12 Bibliography ........................................................................................................................ 71
13 Abbreviations ...................................................................................................................... 90
Smart Grid Security
2
Annex V. Related initiatives
1
Introduction
The aim of this section is to highlight a number of security initiatives and organisations that
are important for the cyber security of smart grids. These initiatives have been classified
according to their geographical origin and type. Furthermore, their mission/objectives and
primary activities related to smart grid cyber security are also described.
There are two groups of initiatives that have been excluded in this annex. On one side, all
those initiatives which addressed safety and security aspects of power generation and the
electricity grid, but not directly addressing cyber security are not included. Only those major
initiatives at the EU-level, which in the near term might also address cyber security, are
included. In the following lines we provide a list of these initiatives:
ETPIS
E-Energy
BDEW
Smart Grid Network
Electricity Regulatory Forum
ESIA Smart Grid Task Force
EUTC - ICT4SDG ICT for Smart Distributed Generation
More Microgrids
ELECPOR
Slovenian Technology Platform SmartGrids
FUTURED
e-CIP
HiperDNO
On the other hand, there is another group of initiatives which address cyber security issues of
general Industrial Control Systems (ICS). However, these documents could be an important
source of information for any stakeholder of the smart grid which needs to deal with
industrial automation or control systems security. For a detailed outlook on all these
documents we refer the reader to annex IV of ENISA’s report “Protecting Industrial Control
Systems - Recommendations for Europe and Member States” (1). What follows is a list of
these initiatives:
IFAC
IFIP
ISACA
MERIDIAN Conference
SANS
Smart Grid Security
3
Annex V. Related initiatives
TCG
EPCIP
IMG-S
Sixth Framework Programme
NAMUR
VDI
CPNI
Byres Security Blog
WIB
National Risk Assessment
CPNI.NL
OLF
AMETIC
CNPIC
GIPIC
Protect-IC
Test bed Framework for Critical Infrastructure Protection Exercise (Cloud CERT)
PESI
SEMA
The MSB Industrial Control System Security Program
ACC
AGA
API
DoE
DHS
Digital Bond- S4 workshop
TISP
SCADA hacker
SCADAsec
SCADA/Control System Security Professionals
Water Security
Cyber Security in Real-Time Systems
MPCSIE
Finally, the following lines provide a brief explanation of some of the key fields that will be
used for the classification of the initiatives/organisations which are presented in this chapter:
Smart Grid Security
4
Annex V. Related initiatives
Name: Name of the initiative/organisation.
Type: Type of organisation/initiative (see below).
Line of action: The activities the group is related to (i.e. policy, standards, information
sharing, dissemination and awareness, economic or financial, technical, training and
education, R&D).
Participants: Stakeholder types which participate in the organisation/initiative (i.e.
manufacturer or integrator, security tools and services provider, DSO, TSO, power
generation, smart grid services provider (e.g. marketer), academia and R&D, public
bodies, standardisation bodies).
Mission/Objectives: Purpose of the group.
Activities related to smart grid security: Describes all those activities that the
initiative or the organisation being described has undertaken or is currently
undertaken on the field of smart grid (cyber) security and resilience.
Results: Standards, Good Practices, Regulations, Technical Reports, Technical
Solutions, etc.
Comments: Additional information about the organisation/initiative.
URL: The reference URL for the initiative being described.
The values of the “Type” field can be one of the following:
International agency: An association of public bodies from different countries, which
support its members, seeks to achieve common goals and collaborates with other
similar agencies and even non-member countries.
Industry association: An association that supports and protects the rights of a
particular industry and the people who work in that industry, and which seeks to
achieve the common goals of its members. There may be a public entity within these
associations, but it does not have a leading role.
Public Private Partnership: A government service or private business venture which is
funded and operated through a partnership of government and one or more private
sector companies.
Public body: An organization whose work is part of the process of government, but is
not a government department. 2
Regular private organisation: An organisation which is privately run and does not rely
on money from the government and funds from charities. They get make their own
money by providing a service at a cost.
Professional association: Also called a professional body, professional organization, or
professional society. A professional association is usually a non-profit organization
seeking to represent a particular profession, the interests of individuals engaged in
that profession, and the public interest.
European Technology Platform (ETP): are industry-led stakeholder for a charged with
defining research priorities in a broad range of technological areas where achieving EU
Smart Grid Security
5
Annex V. Related initiatives
growth, competitiveness and sustainability requires major research and technological
advances in the medium to long term.
Specialized event: Workshops, forums, conferences or summits focusing on ICS
security and CIP.
Online resource: A specialised website, blog, e-forum, online group, and similar
resources.
Project: Projects made by European Union countries and related to the security of
smart grids.
Other: When an initiative or an organisation does not match with any of the previously
defined types, it will be classified with this value.
Smart Grid Security
6
Annex V. Related initiatives
2
Europe
Name
Action plan on CIIP
Type
Other
Line of action
Organisational and Policy, Dissemination and awareness, Information
sharing, Technical, Economic or financial.
Participants
Public bodies, Manufacturers, Integrators, Operators, Security tools
and services providers.
Mission/Objectives
In order to enhance the security and resilience of CIIs, this integrated
EU action plan was devised by the European Commission to
complement and add value to existing national programmes as well as
to the existing bilateral and multilateral cooperation schemes
between Member States.This action plan was firstly introduced in
COM(2009)149 (19) and consisted of five main pillars:
Preparedness and prevention:
Baseline of capabilities and services for pan-European cooperation.
The Commission invites Member States and concerned stakeholders
to: define, with the support of ENISA, a minimum level of capabilities
and services for National/Governmental CERTs and incident response
operations in support to pan-European cooperation; make sure
National/Governmental CERTs act as the key component of national
capability for preparedness, information sharing, coordination and
response.
European Public Private Partnership for Resilience (EP3R). The
Commission will foster the cooperation between the public and the
private sector on security and resilience objectives, baseline
requirements, good policy practices and measures.
European Forum for information sharing between Member States
(EFMS). The Commission will establish a European Forum for Member
States to share information and good policy practices on security and
resilience of CIIs.
Detection and response:
European Information Sharing and Alert System (EISAS). The
Commission supports the development and deployment of EISAS,
reaching out to citizens and SMEs and being based on national and
private sector information and alert sharing systems.
Mitigation and recovery:
National contingency planning and exercises. The Commission invites
Smart Grid Security
7
Annex V. Related initiatives
Member States to develop national contingency plans and organise
regular exercises for large scale networks security incident response
and disaster recovery, as a step towards closer pan-European
coordination.
Pan-European exercises on large-scale network security incidents. The
Commission will financially support the development of pan-European
exercises on Internet security incidents, which may also constitute the
operational platform for pan-European participation in international
network security incidents exercises, like the US Cyber Storm.
Reinforced cooperation between National/Governmental CERTs. The
Commission invites Member States to strengthen the cooperation
between National/Governmental CERTs, also by leveraging and
expanding existing cooperation mechanisms like the EGC.29.
International cooperation:
Internet resilience and stability. Three complementary activities are
envisaged: A Europe-wide debate, involving all relevant public and
private stakeholders, to define EU priorities for the long term
resilience and stability of the Internet; the definition of guidelines for
the resilience and stability of the Internet, focusing inter alia on
regional remedial actions, mutual assistance agreements, coordinated
recovery and continuity strategies, geographical distribution of critical
Internet resources, technological safeguards in the architecture and
protocols of the Internet, replication and diversity of services and
data; work o na roadmap to promote principles and guidelines at the
global level.
Global exercises on recovery and mitigation of large scale Internet
incidents. The Commission invites European stakeholders to reflect on
a practical way to extend at the global level the exercises being
conducted under the mitigation and recovery pillar, building upon
regional contingency plans and capabilities.
Criteria for European Critical Infrastructures in the ICT sector:
ICT sector specific criteria. By building on the initial activity carried out
in 2008, the Commission will continue to develop, in cooperation with
Member States and all relevant stakeholders, the criteria for
identifying European critical infrastructures for the ICT sector.
The EP3R, the EFMS and EISAS can be interesting platforms for any
future action plan on ICS security at the European level.
Activities related to
smart grid security
Future activities of EP3R will also address cyber security challenges of
smart grids, building on the preparatory work being carried out by the
Commission and ENISA.
Smart Grid Security
8
Annex V. Related initiatives
Results
Policies
Comments
N/A
URL
http://ec.europa.eu/information_society/policy/nis/strategy/activities
/ciip/index_en.htm
Name
CEN/CENELEC/ETSI JWG and SG-CG
Type
International agency
Line of action
Standards
Participants
public bodies, standardization bodies
Mission/Objectives
The Smart Grids Task Force highlighted the importance of new
standards for a successful deployment of smart grids together with a
need for change and improvement of the existing standards. In
addition, this group of experts identified the risk of too many
standardization bodies providing an inconsistent set of standards. As
a result, the Expert Group 1 of the EC Smart Grid Task Force
concluded there was a need for a joint CEN/CENELEC/ETSI group on
standards for smart grids, to deal more intensively with establishing
detailed recommendations to selected standardization bodies. For
this reason the CEN/CENELEC/ETSI Joint Working Group (JWG) on
standards for the smart grid was established. It worked between June
2010 and March 2011 on the production of a report addressing
standards for smart grids. This document was called ‘final report of
CEN/CENELEC/ETSI JWG on standards for smart grids’.
In M/490 the European Commission requested ESOs to develop a
framework to enable ESOs to perform continuous standard
enhancement and development in the field of smart grids, while
maintaining transverse consistency and promote continuous
innovation. The focal point addressing the ESO's response to M/490 is
the CEN/CENELEC/ETSI Smart Grids Coordination Group (SG-CG)
which was built around the membership of the previous JWG.
Besides, M/490 requires the work to build on already existing
material delivered through other mandates such as the M/441 and
M/468. The SG-CG is the main and visible body of a larger structure
which includes four Working Groups (WG) which are coordinated by
the SG-CG. These working groups include:
Reference architecture WG.
First set of standards WG.
Sustainable processes WG.
Security WG (also referred sometimes as Smart Grid
Information Security Working Group - SGIS WG).
Smart Grid Security
9
Annex V. Related initiatives
Activities related to
smart grid security
In addition to other standardisation aspects (e.g. reference
architecture, communication interfaces, generation, transmission,
distribution, smart metering, etc.), the CEN/CELEC/ETSI JWG final
report on standards for smart grids includes a number of
recommendations for smart grid standarisation on the field of
information security.
On the other hand, the SGIS WG of the SG-CG is defining a number of
essential security requirements for smart grids based on
confidentiality, integrity, availability, reliability/resiliency, privacy and
interoperability criteria. Moreover, this WG is working on the
establishment of different security levels to classify the
infrastructures that the smart grid will comprise. Besides, it is also
revising international standars onsmart grid security, identifying gaps
and differences in current European regulations and standards.
Finally, the working group is also defining a set of tools and
methodologies to help clasiffying assets, assessing risks and filling the
aforementioned gaps and other requirements.
Results
Standard recommendations, Standards, Policies.
Comments
SG-CG is built upon the previous JWG
URL
http://www.cen.eu/cen/Sectors/Sectors/UtilitiesAndEnergy
/SmartGrids/Pages/default.aspx
Name
CEN/CENELEC/ETSI SM-CG
Type
International agency
Line of action
Standards
Participants
All stakeholders
Mission/Objectives
The European Commission and EFTA addressed Mandate M/441 to
CEN, CENELEC and ETSI and a Smart Meters Coordination Group (SMCG) was set up to answer this request. This group provides a focal
point concerning smart metering standardization issues in respect to
Mandate M/441 (20).
Mandate M/441 has two phases. The first requests the European
Standards Organizations to develop a European standard comprising
a software and hardware open architecture for utility meters that
supports secure bidirectional communication and allows advanced
information, management, and control systems for consumers and
service suppliers. In this context, the SM-CG identified the main
possible functional communication implementations relevant for
smart metering systems and the standards relevant to meeting the
requirements of mandate M/441, in particular to assist the active
participation of consumers in the energy markets.
Smart Grid Security
10
Annex V. Related initiatives
The second phase of Mandate M/441 requests the European
Standards Organizations to develop European Standards containing
harmonized solutions for additional meter functionalities within an
interoperable framework, using where needed the open architecture
developed under the first phase of Mandate M/441. To clarify
standardization requirements and to ensure consistency in the smart
meter dataflow, it is helpful to consider functionalities in details
through Use Cases.
Activities related to
smart grid security
The SM-CG produced a technical report, CEN-CLC-ETSI TR 50572:2011
'Functional reference architecture for communications in smart
metering systems'(21). This technical report identifies a functional
reference architecture for communications relevant for smart
metering systems and the standards relevant to meeting the
technical/data communications requirements of Mandate M/441, in
particular to assist the active participation of consumers in the energy
markets. Particularly, it addresses privacy and data security aspects
for the definition of the functional reference architecture,
emphasising also general security principles for smart meters.
Results
Technical Report
Comments
CENELEC Smart Meter Coordination Group
URL
http://www.cenelec.eu
Name
DG CONNECT’s Ad-hoc Expert Group on the Security and Resilience of
Communication Networks and Information Systems for Smart Grids
Type
Public Private Platform
Line of action
Policy, standards, technical, dissemination and awareness
Participants
All stakeholders
Mission/Objectives
The European Commission created the Ad-hoc Expert Group to better
understand the views and objectives of the private and public sectors
on the ICT security and resilience challenges for the smart grids as
well as to identify and discuss about the related policies at EU level.
COM(2011) 163(22) on Critical Information Infrastructure Protection
as well as COM(2011) 202 (23) on smart grids were presented are the
two main pillars backin up this initiative. Specifically, COM (2011) 202
declares that the Commission should continue bringing together the
energy and ICT communities within an expert group to assess the
network and information security and resilience of smart grids.
The two main objectives of the Expert Group are:
The identification of European priority areas for which action
should be undertaken to address the security and resilience of
Smart Grid Security
11
Annex V. Related initiatives
communication networks and information systems for smart
grids, as well as the definition of recommendations on how to
progress on each of these areas at the European level.
Activities related to
smart grid security
The identification of which elements of the smart grid should
be addressed by the EG (e.g. smart appliances, smart
metering, smart distribution, smart (local) generation, smart
transmission) as well as the identification of key strategic and
high level security requirements, good practices based on
learned lessons and the proposition of mechanisms to raise
awareness among decision makers.
Based on the aforementioned two main objectives, a ‘Programme of
Work’(24) was defined with the mission of contributing to a coherent
and increased effort to improve the cyber security of the smart grids
and which focuses on the security and resilience of communication
and information systems that are critical for the performance of the
physical electricity infrastructure. This programme of work includes
four main areas, divided into twelve work packages. The areas and
WPs are the following:
I. Area 1. Risks, threats and vulnerabilities
a. WP 1.1 Identify and categorize all relevant smart grid
assets
b. WP 1.2 Develop an attach/threat taxonomy for
relevant assets
c. WP 1.3 Develop a countermeasure taxonomy for
relevant assets
d. WP 1.4 Develop a high-level security risk assessment
methodology for relevant assets
II. Area 2. Requirements and technology
a. WP 2.1 Security requirements
b. WP 2.2 Extend smart grid requirements to include
effective security measures
c. WP 2.3 Research smart grid communication protocols
and infrastructures to incorporate data security
measures
d. WP 2.4 (Public) procurement
III. Area 3. Information and knowledge sharing
a. WP 3.1 Develop a cross-border alliance between
Member States (MS) and relevant competent bodies
IV. Area 4. Awareness, education and training
a. WP 4.1 High level conference for strategic leaders
Smart Grid Security
12
Annex V. Related initiatives
b. WP 4.2 Propose initiatives to increase stakeholder
awareness on data security
c. WP 4.3 Skilled personnel on cyber security in energy
industry
Results
Technical reports, Recommendations
Comments
The first conclusions of the group will be made public in the second
quarter of 2012
URL
http://ec.europa.eu/dgs/information_society/index_en.htm
Name
Smart Grid Task Force
Type
Public Body
Line of action
Policy, Regulation
Participants
public bodies, standardization bodies
Mission/Objectives
To facilitate and support the process of an European Union-wide
smart grid implementation, the European Commission decided to set
up a Task Force on Smart Grids. The Task Force Smart Grids was
designed to provide a joint regulatory, technological and commercial
vision on smart grids taking into account accumulated experiences
worldwide and the technological challenges to be faced mainly during
next decade/s, so as to coordinate the first steps towards the
implementation of smart grids under the provision of the Third
Energy Package.
The Task Force aims to jointly agree among the regulatory
authorities, regulated companies and end users on key issues such as
the estimated cost/benefits, the associated risks and the incentives
needed. The ultimate goal of the initial work programme of the task
force is to identify and produce a set of regulatory recommendations
to ensure European Union -wide consistent, cost-effective, efficient
and fair implementation of smart grids, while achieving the expected
Smart Grids' services and benefits for the network users. The planned
efforts of this Work Programme are focussed on:
Functionalities of smart grid and smart meters: The key
deliverable is to provide an agreement among all actors
involved on a set of minimum functionalities for smart grids
and smart meters.
Regulatory recommendations for data safety, data handling
and data protection: The key deliverable is to identify the
appropriate regulatory scenario and recommendations for
data handling, safety and consumer protection.
Roles and responsibilities of actors involved in the smart
Smart Grid Security
13
Annex V. Related initiatives
grids deployment: The key deliverable is the development of
recommendations on the roles and responsibilities of all
involved actors in the implementation of the smart grids as
well as the definition of criteria and recommendations for
funding of smart grid deployment.
In the beginnning the Smart Grid Task Force comprised three Expert
Groups (EG) to which a fourth one was added afterwards. These EGs
are the following:
Activities related to
smart grid security
Expert Group 1: Functionalities of smart grids and smart
meters.
Expert Group 2: Regulatory recommendations for data safety,
data handling and data protection.
Expert Group 3: Roles and Responsibilities of Actors involved
in the smart grids deployment.
Expert Group 4: Smart grid aspects related to gas.
The EG2 is involved directly insmart grid security. This group aims to:
Identify the benefits and concerns of customers with regard to
smart grids.
Provide an overview of European legislation on data
protection, privacy and its enforcement.
Recommend whether further protective measures should be
put in place.
Identify possible risks in the handling of data, safety and data
protection.
Identify ownership of data and access rights.
Identify responsible parties for data protection
enforcement mechanisms.
Develop a framework in which way data can be used.
Provide recommendations on the Communication of Smart
Grid benefits to consumers, citizens and politicians.
and
The EG2 issued in February 2011 a report titled ‘Regulatory
recommendations for data safety, data handling and data
protection’(25) which focuses on identifying the appropriate
regulatory scenario and recommendations for data handling, security
and data protection.
Results
Regulations, policies, and policy recommendations.
Comments
The initial duration of the task force was 20 months, till May 2011
Smart Grid Security
14
Annex V. Related initiatives
URL
http://ec.europa.eu/energy/gas_electricity/smartgrids/
taskforce_en.htm
Name
Seventh Framework Programme (FP7)
Type
Other (Research and development programme)
Line of action
information sharing, dissemination and awareness.
Participants
All stakeholders
Mission/Objectives
The FP7 is the main Euroepan research programme with a 7 year
duration (2007-2013). The programme has a total budget of over € 50
billion and its main objectives are to strengthen the scientific and
technological base of European industry, encouraging its international
competitiveness, while promoting research that supports EU policies.
The five main Specific Programmes that constitute FP7 are:
Cooperation, Ideas, People, Capacities and Nuclear Research.
The ‘Funding schemes’ are the types of projects, by which FP7 is
implemented. They are the following:
Collaborative projects: collaborative projects are focused on
research projects with clearly defined scientific and
technological objectives and specific expected results (such as
developing new knowledge or technology to improve
European competitiveness). They are carried out by consortia
made up of participants from different countries, and from
industry and academia.
Networks of excellence: the Networks of Excellence are
designed for research institutions willing to combine and
functionally integrate a substantial part of their activities and
capacities in a given field, in order to create a European ‘virtual
research centre’ in this field. This is achieved through a ‘Joint
Programme of Activities’ based on the integrated and
complementary use of resources from entire research units,
departments, laboratories or large teams. The implementation
of this Joint Programme of Activities will require a formal
commitment from the organisations integrating part of their
resources and their activities.
Coordination and support actions: these are actions that
Smart Grid Security
15
Annex V. Related initiatives
cover not the research itself, but the coordination and
networking of projects, programmes and policies. This
includes, for example:
o Coordination and networking activities, dissemination
and use of knowledge
o Studies or expert groups assisting the implementation
of the FP.
o Support for transnational access to major research
infrastructures.
o Actions to stimulate the participation of SMEs, civil
society and their networks.
o Support for cooperation with other European research
schemes (e.g. ‘frontier research’).
Activities related to
smart grid security
There are some projects under the scope of the FP7 which are related
to smart grid security. The following sets out a number of them:
ELVIRE(26): It is an Information and Communication
Technologies (ICT) research project. Its purpose is to develop
an effective system which is able to neutralize the driver’s
’range anxiety’. In order to ease and optimize energy
management of Electric Vehicles (EV) and to cope with the
sparse distribution of electrical supply points during the rampup phase, innovative Information and Communications
Technologies and service concepts are being developed. The
participants of this project are working on procedures to
secure data transmission between vehicles and external
services, sending the information in real time.
AFTER (27): This project addresses vulnerability evaluation and
contingency planning of the energy grids and energy plants,
considering also the ICT systems used in protection and
control. It aims to develop a methodology and a tool for
vulnerability analysis and risk assessment of interconnected
electrical power systems considering their interdependencies.
Moreover, it also aims at developing develop algorithms and
tools supporting contingency planning in a two-fold approach:
preventing or limiting system disruption, by means of physical
security techniques and defence plans; and re-establishing the
Smart Grid Security
16
Annex V. Related initiatives
system after a major disruption, by means of restoration plans.
Open Meter (28): The main objective of the OPEN meter
project is to specify a comprehensive set of open and public
standards for Advanced Metering Infrastructure
(AMI)
supporting multi commodities (Electricity, Gas, Water and
Heat), based on the agreement of the most relevant
stakeholders in the area. The general requirements include
aspects such as security, interoperability, robustness,
scalability, maintenance, performance and management. Part
of its work focuses on the identification and specification of
security requirements and on the determination of security
clauses. The project includes specific tasks devoted to cyber
security in smart grid environments. Besides, a series of
deliverables providing an overview on the steps to be
implemented to achieve a secure smart grid.
Internet of Energy (29) (30): The objective of this project is to
develop hardware, software and middleware for seamless,
secure connectivity and interoperability achieved by
connecting the Internet with the energy grids. The project will
evaluate and develop the needed ICT for the efficient
implementation in future smart grid structures, including
security capabilities.
DLC+VIT4IP: this project will develop, verify and test a highspeed narrow-band power line communications infrastructure
using the Internet Protocol (IP) which is capable of supporting
existing and extending new and multiple communication
applications. These shall include the existing power
distribution network for novel services in smart electricity
distribution networks such as demand side management,
control of distributed generation and customer integration.
This projects develops, among other things, reference designs
and embedded systems architectures for the high efficiency
and secure smart network systems addressing requirements
on compatibility, networking, security, robustness, diagnosis,
maintenance, integrated resource management and selforganization.
Results
Technical reports, good practices.
Comments
FP7 is the short version for Seventh Framework Programme
Smart Grid Security
17
Annex V. Related initiatives
URL
http://cordis.europa.eu/fp7/home_en.html
Name
Smartgrids ETP
Type
European Technology Platform
Line of action
Dissemination and awareness, Policy, R&D
Participants
All smart grid stakeholders
Mission/Objectives
The Smartgrids ETP is the European Technology Platform for
Electricity Networks of the Future. It is the key European forum for
the crystallisation of policy and technology research and the
development of pathways for the smart grids sector, as well as the
linking glue between EU-Level related initiatives.
The mission of the Smartgrids ETP includes:
To foster and support the deployment of SmartGrids in
Europe by advising and coordinating the stakeholders:
European Commission, TSO, DSO, Energy System and
Component vendors, Energy Research Centres, Smart
Metering Industry, Energy Consumers, Utilities Telecom
Providers and Grid Regulators.
To ensure the strategic relevance of the Platform and its
consistency with EU policy.
To link with relevant technology platforms dealing with
energy matters that have an impact both at the generation
and the demand side, on the future of the grid.
To provide relevant input to the EU initiatives such as the SETplan and its European Industrial Initiatives.
The Smartgrids ETP main objectives are:
To ensure that the vision and its implementation remain
focused on responding to the needs of customers and the
delivery of European policy.
To maintain a high level strategic overview of sector
developments, opportunities and threats, bringing forward
issues of priority for attention.
To be a facilitator, working with the grain of sustainable
energy policy for a competitive Europe.
To
promote
SmartGrids
research,
demonstration and deployment projects.
To build and maintain a shared vision for the future of
Europe’s electricity networks and to be a catalyst for its
development,
Smart Grid Security
18
Annex V. Related initiatives
implementation.
The European Technology Platform for Electricity Networks of the
Future actively engages with smart grids stakeholders (researchers,
academia, civil societies, industry), European Commission-funded
research projects and initiatives, related European Technology
Platforms and global grids organisations in a wide range of activities
relevant to the R&D&I of electricity networks in Europe:
Activities related to
smart grid security
Publishing the following documents: vision paper, strategic
research agenda, strategic deployment document
Formulating proposals and recommendations for the
European Electricity Grid Initiative under the framework of
the SET-Plan
Monitoring Research, Studies, Pilot Plants and Demonstration
Responding and disseminating relevant public consultations
Organising Workshops of stakeholders to engage them in its
activities
Taking awareness and communication actions, including the
organisation general assemblies, and development of a
website. A video to disseminate the concept of the ETP vision
for the future was also released in 2007.
In the Smartgrid ETP’s document ‘Strategic research agenda for
Europe’s electricity networks of the future’(31), the security
dimenssion, in its broadest sense, is considered one of the strategic
pillars. Besides, it defines several research areas which acknowledge
the importance of ICT in the new smart grid and the reliability and
security factors. Other research areas consider security from the
point of view of performance expectations, including topics such as
graceful degradation to maximize reliability, availability and resilience
of the grid. In any case cyber security or privacy aspects related to
Information and communication technology are not directly
addressed.
The strategic deployment document of 2010 describes the priorities
for the deployment of innovation in the electricity networks and the
benefits that such innovations will deliver for all takeholders. As it
happens with the strategic research agenda, security is at the
fundamentals of the document. However it is mainly focused on
operational security, relience, reliability and availability, leaving out
cyber security or privacy issues.
Results
Research plans, Recommendations on future strategies
Comments
N/A
URL
http://www.smartgrids.eu
Smart Grid Security
19
Annex V. Related initiatives
Name
EU-US Working Group on Cyber-security and Cybercrime
Type
Other
Line of action
Information sharing, dissemination and awareness, training and
education, organisational and policy.
Participants
Public Bodies
Mission/Objectives
The EU-US Working Group (EU-US WG) on Cyber-security and
Cybercrime was established in the context of the EU-US summit of
20th of November 2010 held in Lisbon. Its main objective is to tackle
new threats to the global networks upon which the security and
prosperity of our free societies increasingly depend. The EU-US WG
addresses a number of specific priority areas and was planned to
report progress within a year time after its establishment. The efforts
include:
Activities related to
smart grid security
Expanding incident management response capabilities jointly
and globally, through a cooperation programme culminating
in a joint EU-US cyber-incident exercise by 2012.
A broad commitment to engage the private sector, sharing of
good practices on collaboration with industry, and pursuing
specific engagement on key issue areas such as fighting
botnets, securing industrial control systems and smart grid
(such as water treatment and power generation), and
enhancing the resilience and stability of the Internet.
A programme of immediate joint awareness raising activities,
sharing messages and models across the Atlantic, as well as a
roadmap towards synchronised annual awareness efforts and
a conference on child protection online in Silicon Valley by
end 2011.
Continuing EU/US cooperation to remove child pornography
from the Internet, including through work with domain-name
registrars and registries.
Advancing the Council of Europe Convention on Cybercrime,
including a programme to expand accession by all EU Member
States, and collaboration to assist states outside the region in
meeting its standards and become parties.
With respect to ICS andsmart grid security the proposed tasks include
the stock taking and comparative analysis of existing initiatives,
pilots, good practices and methods addressing ICT risks, privacy and
security. The input from the EU side includes:
Activities at national level (NL, DE, UK, SE…) as well as at
European level (Euro-SCSIE, possibly via Member States
Smart Grid Security
20
Annex V. Related initiatives
experts in the WG and during the stock taking of the ENISA
studies on ICS and smart grids security)
Ongoing ENISA studies on industrial control systems and
interdependencies of ICT sector to energy
Activities of the Expert Group on the Security and Resilience
of Communication Networks and Information Systems for
Smart Grids, composed of European public and private
stakeholders and coordinated by DG CONNECT.
The input from the US side includes:
Experiences in international public-private coordination to
mature acceptance of voluntary security standards.
Specific methodology and mechanisms to engage with the
private sector to achieve cooperation and mutual engagement
in public-private control system security coordination.
The deliverables expected from this cooperation include:
Strategy for EU and US engagement on the control
system/smart grid priority area;
Plan of Action for EU and US public private engagement on
cyber security of industrial control systems and smart grids;
this will also draw on an analysis of existing coordination
bodies for security of industrial control systems and
highlighting best practices for voluntary participation
developed within them.
Results
Good practices
Comments
N/A
URL
http://europa.eu/rapid/pressReleasesAction.do?reference=
MEMO/10/658&type=HTML
Name
JRC, Smart Electricity Systems Group (SES)
Type
Public Platform
Line of action
Policy and standards
Participants
All stakeholders
Mission/Objectives
The Smart Electricity Systems (SES) group of the JRC provides
scientific support to Directorates-General of the European
Commission on policies and initiatives on smart electricity grids. SES
supports the policy-making process on the developments of the
trans-European and power distribution networks, focusing also on
advances towards super and smart grids architectures. The SES Action
Smart Grid Security
21
Annex V. Related initiatives
concentrates on the following activities:
Design, set up and run the first JRC experimental activities on
smart grids to assess the adequacy and reliability of micro grid
systems embedding renewables and Distributed Energy
Resources, including storage.
Provide technical and policy support to customer DGs on
initiatives related to the development and the operation of
the current and future transmission and distribution
networks, taking into account advances in smart and super
grids concepts; this will be done particularly with relation to
the Strategic Energy Technology Plan (SET-Plan) and the
Energy Infrastructure Package.
Further develop and improve dedicated models and tools to
assess the vulnerability, reliability and security of supply
challenges of the EU electricity transmission and distribution
systems, during both normal and special operational
conditions. The models will be combined with an energy
security Geographic Information System (GIS) framework and
database, especially designed to communicate results in a
user-friendly and geo-referenced manner.
Strengthen cooperation on research and demonstration on
smart transmission and distribution grids with key
stakeholders at the EU, Member State and international level.
Contribute assessing the interdependencies of the ICT and
power systems and to implement the work plan of the new
FP7 AFTER competitive project on power systems vulnerability
identification, defence and restoration.
Activities related to
smart grid security
As it has already been mentioned in the mission/objectives section,
the SES group of the JRC aims to further develop and improve
dedicated models and tools to assess the vulnerability, reliability and
security of supply challenges of the EU electricity transmission and
distribution systems, during both normal and special operational
conditions. The models are envisioned to be combined with an
energy security Geographic Information System (GIS) framework and
database, especially designed to communicate results in a userfriendly and geo-referenced manner.
Results
Good Practices, Technical Reports.
Comments
Following a request from DG ENER, the JRC Smart Electricity Systems
Action carried out an independent assessment of smart grid projects
throughout Europe. They launched a survey to collect smart grid
experiences in Europe and support analysis on trends and
developments in smart grids implementation.
URL
http://ses.jrc.ec.europa.eu
Smart Grid Security
22
Annex V. Related initiatives
Name
CEER
Type
International Agency
Line of action
Policy, standards
Participants
Europe's national regulators of electricity and gas at EU and
international level.
Mission/Objectives
The Council of European Energy Regulators (CEER) is the voice of
Europe's national regulators of electricity and gas at EU and
international level. Through CEER, a non-for-profit association, the
national regulators cooperate and exchange best practice. A key
objective of the CEER is to facilitate the creation of a single,
competitive, efficient and sustainable EU internal energy market that
works in the public interest. Besides, CEER works closely with and
supports the work of the Agency for the Cooperation of Energy
Regulators (ACER).
The Electricity Working Group (EWG) of
related to the European electricity grids
market. According to them, in 2012, the
following areas of work: quality of supply,
development, security of supply.
Activities related to
smart grid security
CEER deals with issues
and the EU electricity
EWG will focus on the
smart grids, sustainable
During 2012 CEER will see the continuation of the previous efforts to
address the challenges of security of supply from the viewpoint of
generation adequacy, elaborating guidelines of good practices.
Three task forces have been defined, from which two of them are
directly related to security aspects of the smart grid. These task
forces are:
Electricity Quality of Supply and Smart Grids (EQS) Task Force, which
is working on quality issues and the regulatory aspects of ’smart
grids’.
Electricity Security of Supply (ESS) Task Force which is addressing the
challenges of security of supply from the viewpoint of generation
adequacy.
Even though security and reliability of the grid are the focus of many
of the efforts of this agency, cyber security issues are not still being
considered as a key aspect.
Results
Annual overview and future work programme documents; Annual
national reports for each EU country; Regulatory guidelines and good
practices; Newsletter
Comments
Council of European Energy Regulators
Smart Grid Security
23
Annex V. Related initiatives
URL
http://www.energy-regulators.eu
Name
ANEC
Type
Other
Line of action
Standardisation
Participants
Represents the European consumer
Mission/Objectives
ANEC is the European consumer voice in standardisation. This
association represents the European consumer interest in the
creation of technical standards, especially those developed to
support the implementation of European laws and public policies.
ANEC participates principally through its voluntary experts in the
standards development work of the three European Standards
Organisations (ESOs) recognised by the European Union and EFTA:
CEN, CENELEC, and ETSI.
ANEC is governed by a general assembly which comprises one one
individual from each of the 30 countries of the European Union and
EFTA. The individual is nominated through a collective decision of the
national consumer organisations in each country and acts as the
interlocutor between them and ANEC.
Activities related to
smart grid security
ANEC was invited by ESOs to participate in both, Smart Meter Coordination Group (SM-CG) established to execute Mandate
M/441(20) on Measuring Instruments and Smart Grid Coordination
Group (SG-CG) established to execute M/490(32) to support
European smart grid deployment.
Additionally, and in order to defend the consumer interests in the
policy and standardisation activities related to the implementation of
the third EU Energy Package, ANEC has joined the European
Commission Smart Grid Task Force where it helps identifying
regulatory recommendations for implementing Smart Grids.
As a result of the participation of ANEC in such initiatives, several
documents were developed. These documents include a number of
aspects considered key by consumers on data privacy and security,
mostly referring to keep data confidential and secure both during
their transmission and storage. Besides, some of these documents
have been a basis for developing COM (2011) 202(23) and SEC (2011)
463(33).
Results
Papers and annual technical reports
Comments
N/A
URL
www.anec.eu
Smart Grid Security
24
Annex V. Related initiatives
Name
DIGITALEUROPE
Type
Industry Association
Line of action
Policy, information sharing, dissemination and awareness
Participants
Integrators and services providers
Mission/Objectives
DIGITALEUROPE represents the digital technology industry in Europe.
This initiative has more than 100 members and include some of the
world's largest IT, telecoms and consumer electronics companies and
national associations from every part of Europe. Digital Europe wants
European businesses and citizens to benefit fully from digital
technologies and for Europe to grow, attract and sustain the world's
best digital technology companies.
DIGITALEUROPE aims to facilitate non-commercial collaboration and
coordination between member companies and national trade
associations across the European Union, and assist them in sharing
best-practices in many business operations and facilitating the
agreement of international standards in close collaboration with
international standards bodies. DIGITALEUROPE provides a full range
of services to its membership and generally to stakeholders in the
digital economy. Including:
Promoting the development of best practices and
benchmarking within the DIGITALEOPE membership
Providing up-to-date, high-value industry data and
information to members on all aspects of the Digital Economy
in Europe and around the world
Delivering a forum for knowledge exchange and information
sharing between members through industry programmes and
pan European events.
Monitoring all relevant initiatives to industring, informing
members through regular mailings, emails, newsletters and
information transfer, as well as the hosting and and
organisation of meetings and events.
The organisation is dedicated to improving business environment for
the European digital technology industry and to promoting their
sector’s contribution to economic growth and social progress in the
European Union. It represents the interests of both, national
associations and corporate organisations, operating in the
Smart Grid Security
25
Annex V. Related initiatives
information technology and consumer electronics sector in European
towards.The European parliament and the European Commission.
Activities related to
smart grid security
DIGITALEUROPE is one of 25 European Associations representing all
European Stakeholders that are assumed to play a role in the
implementation of smart grids. It participates actively in the Smart
Grids Task Force through the participation in the 3 working groups
that have been setup, the Steering Committee and the issue of the
present position paper representing the position of DIGITALEUROPE
members.
DIGITALEUROPE have grouped some experts on smart grids to create
a technical and regulatory group on privacy and security.
DIGITALEUROPE‘s Privacy & Security group is focusing on three key
areas:
Data protection: the group is actively engaged in developing
common industry agreements on how to balance the
opportunities and challenges to harmonisation to enable
businesses take a Europe-wide and global view of data
protection compliance.
Online advertising: the group is contributing to discussions on
the benefits and potential risks of monitoring consumer
behaviour for commercial purposes, as well as the
technologies used for such purposes.
Network Information and Security (NIS): the Privacy &
Security group is contributing its expertise to initiatives and
consultations lead by the Commission and the European
Network Information Security Agency (ENISA).
Results
Technical reports
Comments
N/A
URL
http://www.digitaleurope.org
Name
EDSO-SG
Type
Industry Association
Line of action
Awareness and dissemination, training and education
Participants
DSOs
Mission/Objectives
EDSO for smart grids aims to be the key reference point in the
coordination of all European DSOs efforts.
The purpose of the Association is to structure, lead and enhance, not
for profit cooperation between European distribution system
Smart Grid Security
26
Annex V. Related initiatives
operators for electricity as well as assure, manage, represent and
promote their common interests, specifically on smart grids
development and implementation.
Together with ENTSO-E and European Technology Platform
SmartGrids (ETP Smart Grids), they play an important role in the
planning, monitoring and dissemination of the European Electricity
Grid Initiative.
Activities related to
smart grid security
EDSO for smart grids plays an active role in the European regulatory
process on smart grids development and implementation.
Some of its goals include the security of supply and the promotion of
the reliability of electricity distribution grids.
Results
Technical reports
Comments
EDSO-SG stands for European Distribution System Operators for
Smart Grids
URL
http://edsoforsmartgrids.eu
Name
ENTSO-E
Type
International Agency
Line of action
Standards, policy, dissemination and awareness,
economical/financial, technical.
Participants
TSO
Mission/Objectives
The European Network of Transmission System Operators for
Electricity represents all electric TSOs in the EU and others connected
to their networks, with one voice for all regions, and for all their
technical and market issues.
ENTSO-E's mission is to promote important aspects of energy policy
in the face of significant challenges:
Security: it pursues coordinated, reliable and secure
operations of the electricity transmission network.
Adequacy: it promotes the development of the
interconnected European grid and investments for a
sustainable power system.
Market: it offers a platform for the market by proposing and
implementing standardized market integration and
transparency frameworks that facilitate competitive and truly
integrated continental-scale wholesale and retail markets.
Sustainability: it facilitates secure integration of new
generation sources, particularly growing amounts of
Smart Grid Security
27
Annex V. Related initiatives
renewable energy and thus the achievement of the EU's
greenhouse gases reduction goals.
Activities related to
smart grid security
WG European operational standards (WG EOS) (34): The WG EOS
provides proposals for the harmonization of operational standards on
the pan-European level and for the promotion of operational
coherence among regions, thus facilitating the market processes. It
contributes to ensure compatibility between system operation,
market solutions and system development issues. The WG EOS
analyses proposals for definitions and updating of technical and
operational standards for implementation by regions and individual
TSOs.
WG Critical System Protection (WG CSP) (35): The WG CSP copes
with the development of critical system and infrastructure protection
on European level. The WG CSP is responsible for coordinating critical
system protection issues regarding electricity transmission. The main
function of the WG CSP is to follow the development of the critical
infrastructure protection at European level, and to contribute to the
dialog with the European Commission on critical infrastructure
protection.
WG Electronic Highway (WG EH) (36): The WG EH coordinates the
usage and extension of the electronic highway in order to provide a
secure and reliable information exchange for system operations
throughout Europe.
Results
Technical reports, recommendations.
Comments
ENTSO-E stands for European network of transmission system
operators for electricity
URL
https://www.entsoe.eu/
Name
EEGI
Type
Other
Line of action
R&D
Participants
TSOs and DSOs
Mission/Objectives
The EEGI is one of the European Industrial Initiatives under the
Strategic Energy Technologies Plan (SET Plan) and proposes a 9 years
European research, development and demonstration (RD&D)
programme initiated by electricity transmission and distribution
network operators (ENTSO) to accelerate innovation and the
development of the electricity networks of the future in EU.
Both ENTSO-E and EDSO-SG are the main two organisations behind
Smart Grid Security
28
Annex V. Related initiatives
the EEGI.
The programme focuses on system innovation rather than on
technology innovation, and addresses the challenge of integrating
new technologies under real life working conditions and validating
the results.
The strategic objectives of the EEGI are:
Activities related to
smart grid security
To transmit and distribute up to 35% of electricity from
dispersed and concentrated renewable sources by 2020 and a
completely decarbonized electricity production by 2050.
To integrate national networks into a market-based, truly panEuropean network, to guarantee a high-quality of electricity
supply to all customers and to engage them as active
participants in energy efficiency.
To anticipate new developments such as the electrification of
transport.
To substantially reduce capital and operational expenditure
for the operation of the networks while fulfilling the
objectives of a high-quality, low-carbon, pan-European,
market based electricity system.
The EEGI’s Research, Development and Demonstration (RD&D)
programme defines 4 barriers: Technology barriers,
RD&D
organisation barriers, Market failures and distortions, Public
barriers. Technology barrier includes aspects such as cyber security
and data privacy on smart grid.
All project inside EEGi need to include a cyber secutiry policy besides
other policies or strategies.
Results
N/A
Comments
EEGI stands for European Electricity Grid Initiative
URL
https://www.entsoe.eu/rd/eegi/
Name
ENCS
Type
Public Private Partnership
Line of action
Technical, information sharing, dissemination and awareness
Participants
DSO, Academia and R&D, public bodies, standardization bodies
Mission/Objectives
The ENCS aims to be the partner for organisations working on the
security and protection of critical digital infrastructures, to help them
to make accurate risk assessments and to take the appropriate
measures to safeguard these infrastructures and guaranteeing the
Smart Grid Security
29
Annex V. Related initiatives
continuity and smooth running of the systems. ENCS is the evolution
of CyberTECH group.
ENCS is an independent European public-private collaboration. Their
Founding members are Alliander (Dutch DSO), City of The Hague,
CPNI.NL, KEMA, KPN (Biggest Dutch Telecom provider), Radboud
University Nijmegen and TNO. The idea of ENCS is that it contributes
to the resilience of CI by connecting people and organizations, being
an information and knowledge sharing catalyst and educating people
to the highest management levels. The ENCS will not only focus on
the technical, but also on physical and personnel security.
Activities related to
smart grid security
The ENCS focuses primarily on the protection of smart grids and
critical infrastructures’ Process Control Domains, which still present
substantial cyber security issues and challenges. To address them, the
ENCS connects existing organisations. The ENCS is planned to
constantly scan the international arena for relevant developments,
innovating and creating new initiatives to enable others. Besides the
public-private network of experts and organizations, the ENCS will
focus on four main areas:
Research & Development
Test Bed
Information & Knowledge Sharing
Education & Training
All four focus areas are interconnected, providing collaborative input
and optimal synergy. The ENCS will start primarily on the protection
of smart grids and CI’s Process Control Domains. These still present
substantial cyber security issues and challenges. To address them, the
ENCS will connect existing organisations as the European
Commission, ENISA, Joint Research Centre and national public and
private initiatives across Europe and beyond – collaboration with the
DHS Control Systems’ Security Program and Idaho National Labs are
prime examples.
Results
Research & development reports, Test beds, Information &
Knowledge Sharing platform, Education & training courses
Comments
ENCS stands for European Network for Cyber Security
ENCS was formerly known as Cyber-TECH
URL
N/A
Smart Grid Security
30
Annex V. Related initiatives
Name
ESMIG
Type
Public Body
Line of action
policy, standards, information sharing, technical…
Participants
All stakeholders
Mission/Objectives
The European Smart Metering Industry Group (ESMIG) has the
objective to deliver the benefits of Smart Metering across Europe.
The association and membership, through their internal working
groups and involvement in several stakeholder groups, are providing
expertise and advice to European institutions and organisations on
the key issues for a European-wide implementation and roll-out of
Smart Metering technologies.
There are four working groups:
Activities related to
smart grid security
ESMIG - European Business Systems Integration and
Interoperability Group (EBSII)
ESMIG - Communications Technology Group (CTG)
ESMIG - Regulation And Policy Group (RPG)
ESMIG - Multi Utility Metering Group (MUM)
External activities of ESMIG supports the SM-CG (Smart Meter
Coordination Group) with the definition of a functional reference
architecture of the Advanced Metering Infrastructure (AMI), the
definition of a glossary of commonly used terms and finally, with the
definition of functional requirements by Use Cases.
ESMIG is represented in the steering committee and in the various
working Groups of the SG-CG (Smart Grid Coordination Group).
ESMIG ensures that the work of the Smart Grid Expert Groups and
the SM-CG is taken into consideration and finds its way in the work
packages and the results of the SG-CG. ESMIG is one of the industry
associations represented in this group. Proposals for changes in the
MID are reviewed by the MUM group of ESMIG while its comments
are taken into account and discussed by the WGMI (Working Group
Measuring Instruments).
ESMIG is represented in the European Electricity Grid Initiative (EEGI),
which is one of the six European Industrial Initiatives (EII) laid down in
the Strategic Energy Technology Plan (SET).
ESMIG's RPG group formulates responses to the public consultations
of
the
EEGI(37).http://www.esmig.eu/about-us/smart-metercoordination-group-sm-cg-new
Since its foundation in July 2008, ESMIG has achieved in a short time
a very high level of recognition and visibility at EU-level and is
recognised as an honest broker of industry’s interest in the energy
area with a specific focus on smart metering and smart grid.
Smart Grid Security
31
Annex V. Related initiatives
Results
Technical reports
Comments
ESMIG stands for European Smart Metering Industry Group
URL
http://www.esmig.eu/
Name
EURELECTRIC
Type
Electricity Industry
Line of action
policy making level
Participants
Operators, DSO, TSO, Public Bodies
Mission/Objectives
The Union of the Electricity Industry - EURELECTRIC is also the
association of the electricity industry within the European Union,
representing it in public affairs, in particular in relation to the
institutions of the EU and other international organisations.
Its mission is to contribute to the development and competitiveness
of the electricity industry and to promote the role of electricity in the
advancement of society. As a centre of strategic expertise, The Union
of the Electricity Industry - EURELECTRIC identifies and represents the
common interests of its members and assists them in formulating
common solutions to be implemented and in coordinating and
carrying out the necessary actions. To that end it also acts in liaison
with other international associations and organisations, respecting
the specific missions and responsibilities of these organisations.
EURELECTRIC identifies and represents the common interests of its
members and assists them in formulating common solutions to be
implemented and in coordinating and carrying out the necessary
actions. To that end it also acts in liaison with other international
associations and organisations, respecting the specific missions and
responsibilities of these organisations.
Activities related to
smart grid security
This initiative develops many projects and one of them is a project
about smart grids, ‘10StepsTosmartGrids’(38). One of this project
steps is focused on DSO Ensuring security and reliability of supply for
good practices on a regulation environment.
Results
White Paper, Events
Comments
N/A
URL
http://www2.eurelectric.org/
Name
EuroSCSIE
Smart Grid Security
32
Annex V. Related initiatives
Type
Public Private Partnership
Line of action
Dissemination and Awareness, Technical.
Participants
Academia and R&D, Public bodies, Standardisation bodies
Mission/Objectives
The EuroSCSIE aim is from European industry, government, and
research to benefit from the ability to collaborate on a range of
common issues, and to focus effort and share resource where
appropriate. Its main focus is Information Sharing and the
expectations are to raise the level of protection adopted across
Europe’s SCADA and Control Systems (SCADA/CS).
Among its objectives, we highlight the following ones:
Activities related to
smart grid security
To define a European information exchange system for
security-related information about SCADA and control
systems.
To share and exchange information using the Traffic Light
Protocol.
To cultivate a network of relevant government, industrial and
research actors.
To establish the basis for a pan-European system for the
exchange of security-related information concerning SCADA
and control systems.
Some of the activities carried out by EuroSCSIE related with smart
grid include:
Sharing of incidents and good practices
Questionnaire on Control System Cyber-Security (aimed at
vendors) 2008/2009
Standards and requirements (e.g. ‘WIB Process Control
Domain Security Requirements for Vendors’ (39))
Self Assessment tools (like the one from CPNI UK)
Smart Grids (e.g. Smart Grid Conference in Baarn - 2010)
Results
Information exchange, technical report, reference manuals
Comments
EuroSCSIE stands for European SCADA and Control Systems
Information Exchange
URL
sta.jrc.ec.europa.eu/index.php/competitive-projects-/21-scni/8-escsie
http://www.cpni.nl/informatieknooppunt/internationaal/euroscsie
Smart Grid Security
33
Annex V. Related initiatives
Name
GEODE
Type
Industry association
Line of action
Information sharing
Participants
DSO
Mission/Objectives
Founded in 1991, this association represents more than 600
companies in 12 countries, both privately & publicly owned. GEODE
defends the interest of the local distributors in front of energy
authorities on national and international level and allows the
exchange of expertise, the share of data and competence.
The mission statement of GEODE is to establish equal opportunity
access to European energy infrastrutures for all those involved in
serving the customer needs on energy, with the aim to create a truly
competitive European energy market.
Activities related to
smart grid security
GEODE has created a questionaire where question to stakeholders on
issues of energy efficiency, renewable energy sources and energy
awareness, and some question about smart grid security
Results
Technical report, questionaire
Comments
GEODE stands for Groupment Européen des Entreprises et
Organismes de Distribution d’Energie (European Group of Energy
Distribution Companies and Organizations).
URL
http://www.geode-eu.org/
Name
PRIME Alliance
Type
Industry association
Line of action
technical
Participants
DSO, TSO, Manufacturers
Mission/Objectives
The PRIME Alliance provides a forum for the creation of an open,
single specification and standard for narrowband power line for
smart grid products and services. The mission of the Alliance is to
accelerate the demand for products and services based on the
worldwide standard and promote the broad adoption and use of the
specification while promoting multi-vendor interoperability and
compatibility with the global standard.
The main goals are:
To provide a forum for the creation (definition, establishment
and support) of an open single specification and standard for
Smart Grid Security
34
Annex V. Related initiatives
narrowband powerline for SmartGrid products and services;
To accelerate the demand for products and services based on
the worldwide standard through the sponsorship of the
market and user education programs;
To encourage and to promote broad and open industry
adoption and use of such specification; and
To promote PRIME as a global powerline standard and to
promote multi-vendor interoperability for markets/equipment
and compatibility under the PRIME standard.
The PRIME (PoweRline Intelligent Metering Evolution) specification
represents a
new
public,
open
and
non-proprietary
telecommunications architecture which will support present and
future AMM functionalities and enable the building of the electricity
networks of the future, or smart grids.
PRIME technology uses Orthogonal Frequency Division Multiplexing
(OFDM) in CENELEC A-band. The final target of PRIME is to establish a
complete set of international standards which will allow for
interoperability among equipment and systems from different
manufacturers. Thus, competition in the metering market will benefit
consumers.
Unlike other commercially available solutions, the components of this
new architecture (modulation and coding techniques, protocols, data
formats, etc.) will not be subject to any Intellectual Property Right.
Thanks to PRIME, specifications of an AMM system will be
comprehensive and detailed enough so that any new entrant will be
able to provide interoperable solutions to the market.
Activities related to
smart grid security
PRIME defines lower OSI layers of a PLC narrowband data
transmission system over the electricity grid. The whole system has
been designed to be low cost and high performance.
The PRIME protocol specifications includes varoius security profiles.
The security functionality provides privacy, authentication and data
integrity to the MAC layer through a secure connection method and a
key management policy. Several security profiles are provided to
manage different security needs, which can arise in different network
environments. The current version of the specification enumerates
two security profiles and leaves scope for adding up to two new
security profiles in future versions.
Smart Grid Security
35
Annex V. Related initiatives
Results
Protocols , standard, technical report
Comments
N/A
URL
http://www.prime-alliance.org/
Name
DLMS User Association
Type
Public Private Partnership
Line of action
Standard
Participants
DSO, Manufacturers, System provide, Utilities, Public Bodies,
Standardisation Bodies
Mission/Objectives
The DLMS Use Association is a non-profit organisation, located in
Geneva, Switzerland. Its mission is to develop, promote and maintain
the DLMS/COSEM specification. It provides an information exchange
forum for users, manufacturers and system providers, test houses
and standardisation bodies. It also provides a conformance testing
and certification scheme for metering equipment implementing the
specification. The DLMS UA is formally liased with IEC TC 13 WG 14.
DLMS stands for Distribution Line Message Specification. It is an
application layer specification, independent of the lower layers and
thus of the communication channel, designed to support messaging
to and from (energy) distribution devices in a computer-integrated
environment. It is an international standards established by IEC TC 57
and published as IEC 61334-4-41.
COSEM stands for COmpanion Specification for Energy Metering. It is
an interface model of communicating energy metering equipment,
providing a view of the functionality available through the
communication interfaces. The modelling uses an object-oriented
approach.
Activities related to
smart grid security
DLMS/COSEM is used in metering systems for electricity, gas, water
and heat. Strong and growing interest from all continents provide a
positive feedback on the achievement of the objectives set by the
DLMS UA. Some countries have already included DLMS/COSEM in
their national regulations. Others are considering it.
The DLMS/COSEM specification devotes several sections to privacy,
security and non-repudiation of the metering communications.
Results
Standard, technical report, protocol
Smart Grid Security
36
Annex V. Related initiatives
Comments
N/A
URL
http://www.dlms.com/organization/index.html
Smart Grid Security
37
Annex V. Related initiatives
3
Belgium
Name
Smartgrids Flanders
Type
Public body
Line of action
R&D, information sharing.
Participants
All stakeholders
Mission/Objectives
Smart Grids Flanders is the driving force behind the deployment of
smart grids, not only in Flanders but also abroad. The involvement
and participation of members are important, as a good relationship
with the government, which determines the rules.
The objective of the Smartgirds Flanders is to establish and suppor a
multidisciplinary long-term collaboration across sectors between
Flemish smart grid operators, in order to develop, maintain and
valorize an international competitive advantage by a large group of
Flemish
companies
(commercial
breakthroughs)
through
differentiated support depending on the breakthrough and
collaborative potential of the identified smart grid domains.
Activities related to
smart grid security
Thematic Groups and seminars bring together participants around
different themes, where cyber security is an incipient topic. Besides,
SmartGrid Flanders organizes several (network) events every year
with international speakers and, in order to increase the know-how
about smart grids, they distribute a newsletter about Flemish and
European projects and initiatives. Finally, SmartGrid Flanders help its
members to find the appropriate test infrastructure for their projects.
Results
Projects. Theme groupes and seminars. Events. Newsletters. Blogs.
Comments
Smart Grids Flanders is continuously seeking for suitable experts to
speak.
URL
www.smartgridsflanders.be
Smart Grid Security
38
Annex V. Related initiatives
4
Denmark
Name
Second1 - Security concept for DER
Type
Project
Line of action
Technical, R&D
Participants
Manufacturers and Integrators, academia and R&D, security tools and
services providers
Mission/Objectives
The project objective is to analyze and implement a security concept
that can be used in a power system with a high degree of
decentralized production and with many actors in an unbundled
market. It will also investigate various forms of role based access
control (RBAC).
Activities related to
smart grid security
Secure communication is becoming increasingly more relevant in an
electricity system with great volumes of distributed energy resources
(DER). This project aimed to analyse and implement a security
concept that can be used in electricity systems with a high degree of
local production and with many players.
The project analysed the needs for communication between energy
operators and matched these needs with a design for secure role
based access control.
Results
Technical reports.
Comments
Mar 2010 - Jul 2011
URL
http://www.second1.dk/
Smart Grid Security
39
Annex V. Related initiatives
5
Germany
Name
DIN
Type
Regular private organisation
Line of action
Policy, standardization
Participants
All
Mission/Objectives
DIN, the German Institute for Standardization, offers stakeholders a
platform for the development of standards as a service to industry,
the state and society as a whole. A registered non-profit association,
DIN has been based in Berlin since 1917.
DIN's primary task is to work closely with its stakeholders to develop
consensus-based standards that meet market requirements. Some
26,000 experts contribute their skills and experience to the
standardization process. By agreement with the German Federal
Government, DIN is the acknowledged national standards body that
represents German interests in European and international standards
organizations. Ninety percent of the standards work now carried out
by DIN is international in nature.
Tasks and objectives of DIN:
Ensuring the participation of all stakeholders regardless of
their economic position and language skills.
Promoting the free movement of goods through active
involvement in international and European standardization.
Holding the secretariats of international committees.
Adopting European and international standards at national
level.
Maintaining the uniformity and consistency of the standards
collection.
Actively contributing to consensus building.
Taking legal regulations into consideration.
Providing an
development.
Avoiding duplication of work.
electronic
infrastructure
for
standards
DIN represents Germany’s standardization interests as a member of
the European Committee for Standardization (CEN). DIN holds
almost 30% of all CEN working committee secretariats.
Activities related to
smart grid security
DIN has published several papers on ‘Electromobility’(40) systems
dealing with the security of the managed data, potential threats and
Smart Grid Security
40
Annex V. Related initiatives
standards to be followed to avoid such problems.
Another topic covered by this initiative is the roadmap
recommendations for standardization, which provides a series of
recommendations on IT security and data protection.
Results
Standards, reports
Comments
Deutsches Institut für Normung or The German Engineering Society
URL
http://www.din.de
Name
VGB
Type
Industry association
Line of action
Technical, Information sharing
Participants
Operators
Mission/Objectives
VGB was already founded as the federation of the owners of large
boilers. During its course of 80 years VGB has set off a range of
activities in own companies. These companies are dealing with:
Training of power plant personnel.
Research activities.
The production and distribution of media.
VGB represents the German power plant operators in the WANO
(World Association of Nuclear Operators). VGB’s technical
committees on nuclear power plant engineering and operation and
nuclear fuel cycle are actively taking part in the world-wide exchange
of experience as well as in the analysis of particular events in nuclear
power plants. For this purpose, VGB is operating a reporting and
evaluation centre (ZMA - Zentrale Melde- und Auswertestelle) to
collect, evaluate and forward the occurrences of nuclear power
plants.
Activities related to
smart grid security
They have made contributions to the security of smart grid by
publishing guidelines and instructions sheets, organising forums and
training experts.
One of the most important results is the ‘VGB R175 guideline on IT
security for generating plants’(41).
Results
Standard, technical reports, good practices, conferences
Comments
VGB means Verband der Großkraftwerks-Betreiber.
As an international technical association for power and heat
generation VGB is working - on European level - in close co-operation
with EURELECTRIC, the umbrella association of the European
Smart Grid Security
41
Annex V. Related initiatives
electricity industry. Within the framework of a memorandum of
understanding association agreement between EURELECTRIC and
VGB, VGB's professional competence is integrated into the
political/strategic work of EURELECTRIC in all questions regarding the
generation of power and heat including issues of environmental
protection.
URL
http://www.vgb.org
Smart Grid Security
42
Annex V. Related initiatives
6
Italy
Name
ASTROM
Type
Project
Line of action
Technical
Participants
R&D
Mission/Objectives
ASTROM Project was funded by European Union FP6 programme.
The main objectives of this project are:
Activities related to
smart grid security
Identification of the boundaries of
Control & Data
Management Systems (C&DM) in electrical transmission
networks.
Determination of the properties of C&DM systems of
electrical transmission networks, in particular those relevant
for resilience assessment.
Identification of external threats to C&DM system, such as ICT
and physical attacks, and vulnerabilities.
Definition of a method and a metric for AoR of C&DM system.
The activity will be performed by modeling system behavior.
Evaluation of the framework application to an EU context and
dissemination activities. The feasibility of policies and
recommendations definition will be investigated in details.
This project aimed to identify, analyze and evaluate the external
threats and vulnerabilities applicable to Control & Data Management
System in order to define an innovative methodological framework
for the quantitative assessment of the resilience (AoR) of Control &
Data Management System (C&DM) in electrical transmission network
(ETN) towards external threats. The need for such a methodological
framework stems from the fact that, although the resilience of this
critical system is becoming more important than just securing it,
there are not many frameworks covering this topic in a well
structured way.
Definition of the architecture, properties, functionalities and Mission
requirements of a complex Power System’s C&DM that it is coherent
with the majority of the SCADA systems built in Europe;
Definition of a methodology to assess the resilience of a C&DM
system for its external threats (physical and ICT threats) at any level
(component, subsystem and system level); Development of a
software tool to allow improving the previous topics.
Results
Technical Paper, Methodology, Software, ASTROM Final Workshop
Smart Grid Security
43
Annex V. Related initiatives
Comments
Mar 2009-Mar 2011
ASTROM stands for Assessment of resilience to Treats of cOntrol and
data Management systems of electrical transmission network
URL
http://utmea.enea.it/projects/int/#astrom
Smart Grid Security
44
Annex V. Related initiatives
7
The Netherlands
Name
ESNA
Type
Asociation
Line of action
Dissemination, technical
Participants
Manufacturers, DSO, Power Plant, services providers
Mission/Objectives
ESNA is an association by Dutch law, established in 2006.
The main objective of ESNA is to bring together and form a
platform for all those who in one way or another deal with
NES technology in their day to day operations.
This initiative promotes the application of advanced energy
management systems, including AMR/AMM, based on the NES AMI
architecture and its value added chain in order to build and expand
the interoperability standard for utility networks. ESNA promotes the
change in perspective of the current metering business.
Activities related to
smart grid security
ESNA represents its members by being active in standardisation
activities across Europe and the rest of the world to promote the use
of open interoperable standards for the smart grid and smart
metering. This initiative organizes conferences and workshops to
share the technical security aspects and the Network Energy Services
(NES) in the smart grid value chain, which goes far beyond metering
and invoicing only. It also organices events where the international
leaders of both EU and USA have a disscussion depth review of
current security and landscape surrounding the Global Emergence of
the smart grid initiative. ESNA also does monthly abstracts where
certain items are related to cybersecurity in smart grid.
ESNA represents its members in the most important European
organizations such as CEN/CENELEC/ETSI or the Smart Grid Task
Force.
Results
organising various conferences and workshops
Comments
ESNA stands for Energy Services Network Association
URL
http://www.esna.org
Name
Working Group Privacy and Security of Smart Grids of Netbeheer
Nederland
Type
Industry association
Line of action
Technical
Participants
All stakeholders
Smart Grid Security
45
Annex V. Related initiatives
Mission/Objectives
This initiative is the point of contact for matters affecting the energy
market, such as environmental issues, free market performance and
security of supply. EnergieNed is the forum in which energy
producers consult each other on issues such as the environment and
investment conditions, traders consult each other on the functioning
of the wholesale market and the integration of European markets,
and retailers discuss a wide range of topics varying from stimulation
of energy saving to consumer protection.
Activities related to
smart grid security
This working group has written several good guides papers and use a
clear example is ‘Privacy and Security of the Advanced Metering
Infrastructure(42)’.
Results
Information exchange, good practices, technical reports
Comments
This working group is very active on this topic on a European level.
URL
N/A
Smart Grid Security
46
Annex V. Related initiatives
8
United Kingdom
Name
DECC
Type
Public Body
Line of action
Standardisation, policy
Participants
public bodies
Mission/Objectives
Department of Energy and Climate Change is a small department of
the United Kingdom government.
The four key priorities of the department are:
Activities related to
smart grid security
Save energy with the Green Deal and support vulnerable
consumers: Reduce energy use by households, businesses and
the public sector, and help to protect the fuel poor.
Deliver secure energy on the way to a low carbon energy
future: Reform the energy market to ensure that the UK has a
diverse, safe, secure and affordable energy system and
incentivise low carbon investment and deployment.
Drive ambitious action on climate change at home and abroad:
Work for international action to tackle climate change, and
work with other government departments to ensure that we
meet UK carbon budgets efficiently and effectively.
Manage our energy legacy responsibly and cost-effectively:
Ensure public safety and value for money in the way we
manage our nuclear, coal and other energy liabilities.
DECC is divided into many experts groups and task forces. Some of the
most important are the following.
STEG (Smart Meter Design Security Technical Experts Group): This is
an advisory group of technical security specialists formed in
November 2010 to provide advice and support to the programme on
security issues. The STEG membership includes experts from industry
and other sectors such as energy suppliers, trade associations, meter
manufacturers, system integrators and telecommunications
providers. Government is also represented through the Centre for
Protection of National Infrastructure, CESG (National Technical
Authority for Information Assurance) and technical security specialists
working in the programme team. Consumer representatives were also
invited to join.
Smart grid policy in the UK: DECC published a vision document,
‘Smarter Grids: the opportunity’ in December 2010. DECC is rolling out
Smart electricty and gas meters to all GB homes by 2020.
UK Smart Grid Cyber Security Report: The Energy Networks
Smart Grid Security
47
Annex V. Related initiatives
Association (ENA) published an independent report into smart grid
cyber security on 29 June 2011. The report commissioned by ENA for
DECC considered how government and networks should develop a
strategy to secure the future UK electricity infrastructure together.
Smart Grids Forum: Identify future challenges for electricity networks
and system balancing, including current and potential barriers to
efficient deployment of smart grids. Guide the actions that
DECC/Ofgem are taking to address future challenges, remove barriers
and aid efficient deployment. Identify actions that DECC/Ofgem, the
industry or other parties could be taking to facilitate the deployment
of smart grids
DECC realized a series of security related report, such as ‘Smarter
Grids: the opportunity’(43) and ‘UK Smart Grid Cyber Security
Report’(44).
Results
N/A
Comments
DECC stands for Department of Energy and Climate Change
URL
http://www.decc.gov.uk/
Smart Grid Security
48
Annex V. Related initiatives
9
USA
Name
ANSI
Type
International agency
Line of action
Standard
Participants
Standardisation Bodies
Mission/Objectives
ANSI was founded on 1918 by five engineering societies and three
government agencies; the Institute remains a private, non-profit
membership organization supported by a diverse constituency of
private and public sector organizations.
ANSI accredits standards that are developed by representatives of
standards developing organizations, government agencies, consumer
groups, companies, and others. These standards ensure that the
characteristics and performance of products are consistent, that
people use the same definitions and terms, and that products are
tested the same way.
Activities related to
smart grid security
ANSI has develop and standard series related to smart grid:
ANSI C12.18: used for two-way communications with an
electricity meter, mostly used in North American markets.
ANSI C12.19: This includes encryption, authentication,
credential management (through the security tables in
Decade4)
ANSI C12.22: security and authentication services, combined
with the event logger of ANSI C12.19.
Results
Stasndards
Comments
ANSI stands for American National Standard Institute
URL
http://www.ansi.org/
Name
NERC
Type
Public Private Partnership
Line of action
Standards, Dissemination and Awareness, Technical
Participants
Manufacturers and Integrators, Security Tools and services providers,
Operators, Public bodies, Standardisation bodies
Mission/Objectives
NERC was founded in 1968 by the electric utility industry to develop
and promote rules and protocols for the reliable operation of the
bulk power electric transmission systems of North America.
Smart Grid Security
49
Annex V. Related initiatives
The North American Electric Reliability Corporation’s (NERC) mission
is to ensure the reliability of the North American bulk power system.
NERC is the electric reliability organization (ERO) certified by the
Federal Energy Regulatory Commission to establish and enforce
reliability standards for the bulk-power system.
Among other activities, NERC:
Activities related to
smart grid security
Works with the industry to develop reliability standards
Enforces compliance with those reliability standards and
assesses monetary and non-monetary penalties for
noncompliance.
Assesses future bulk power system reliability via annual
summer, winter and 10-year forecasts.
Analyzes system events.
Promotes a culture of excellence by identifying areas for
improvement and Examples of Excellence during regular
‘readiness’ evaluations.
Monitors the status of the bulk power system.
Coordinates physical and cyber security needs.
Identifies trends and potential reliability issues.
Helps the industry train and educate system operators.
Certifies system operators.
NERC has developed the NERC-CIP Standards, a nine documents
series about security and cyber security aspects of the Bulk Electric
System in the USA. Two new documents are being developed.
Based on these documents, NERC provides specific guidelines and
concept papers. This is the case of the ‘Categorization system based
on Bulk Electric System Reliability Functions’ (45).
Inside de NERC there are some working groups related to smart grid
security such as:
NERC SGTF (Smart Grid Task Force)(46): Their work review smart grid
characteristics, identifies reliability concerns including cyber-security
vulnerability, and provides recommendations to NERC and to the
industry.
NERC SGWG (Smart Grid Working Group) (47): NERC SGWG is tasked
to review existing and new CIPC initiated security guidelines and
coordinate their development with electric industry personnel and
committees and to promote awareness and application of these
guidelines.
Results
Technical reports, Regulatory documents
Smart Grid Security
50
Annex V. Related initiatives
Comments
North American Electric Reliability Corporation
URL
http://www.nerc.com
Name
NIST
Type
Public body
Line of action
Organizational and Policy, Standards, Dissemination and Awareness,
Economic or Financial, Technical
Participants
Public bodies
Mission/Objectives
NIST, an agency of the U.S. Department of Commerce, was founded
in 1901 as the nation's first federal physical science research
laboratory
Its mission is to promote U.S. innovation and industrial
competitiveness by advancing measurement science, standards, and
technology in ways that enhance economic security and improve our
quality of life.
NIST is one of the most important standardisation organizations in
the USA. They have developed several standards on ICS security. We
highlight the following ones:
NIST SP 800-82, Guide to Industrial Control Systems (ICS)
Security (48).
NIST SP 800-53, Recommended Security Controls for Federal
Information Systems (49).
Field Device Protection Profile for SCADA Systems in Medium
Robustness Environments.
NIST has also defined a security smart grid workgroup to develop an
overall cyber security strategy for the smart grid. This overall strategy
includes a risk mitigation strategy to ensure interoperability of
solutions across different domains/components of the infrastructure.
This group has created the following document of interest:
Activities related to
smart grid security
NIST IR 7176, System Protection Profile – Industrial Control
Systems (50).
NIST has also defined a security smart grid workgroup to develop an
overall cyber security strategy for the smart grid. This overall strategy
includes a risk mitigation strategy to ensure interoperability of
solutions across different domains/components of the infrastructure.
This group has created the following document of interest:
NISTIR 7628, Guidelines for Smart Grid Cyber Security (51).
Smart Grid Security
51
Annex V. Related initiatives
NIST works together other groups:
NIST ASAP-SG(52): The goal of this group is to develop system-level
security requirements for smart grid applications such as advanced
metering, third-party access for customer usage data, distribution
automation, home area networks, synchrophasors, etc. NIST ASAP-SG
was responsible for developing ‘AMI Security Profile v2.0’ (53) and
‘AMI security implementation Guide’ (54), documents directly related
to smart grid.
NIST Smart Grid Federal Advisory Commitee(55): The Committee
provides input to NIST on the smart grid standards, priorities and
gaps, and on the overall direction, status and health of the smart grid
implementation by the smart grid industry including identification of
issues and needs. Input to NIST will be used to help guide Smart Grid
Interoperability Panel activities and also assist NIST in directing
research and standards activities.
NIST initiated in 2009 the Smart Grid Interoperability Panel (SGIP) to
carry out a variety of tasks related to the development of a smart grid
framework for interoperability and cybersecurity standards. It plays a
leadership role in facilitating and developing the national policy for
the transformation of the power system to the smart grid. The SGIP
supports NIST in fulfilling its responsibilities under the 2007 Energy
Independence and Security Act
The SGIP has several priority-specific committees and working
groups.
Smart Grid Architecture Committee (SGAC) (56): Maintains a
conceptual reference model for the smart grid and develops
corresponding high-level architectural principles and requirements. It
is responsible for creating and refining a conceptual reference model,
including lists of the standards and profiles necessary to implement
the vision of the smart grid. It has developed a new reference
framwork for the smart grid.
Smart Grid Testing and Certification Committee (SGTCC): Creates
and maintains the necessary framework for compliance,
interoperability and cyber security testing and certification for
recommended smart grid standards.
Cyber Security Working Group (CSWG) (57): Identifies and analyzes
security requirements and develops a risk mitigation strategy to
ensure the security and integrity of the smart grid. It was formerly
known as the Cyber Security Coordination Task Group (CSCTG) (58).
This group has developed the document ‘NIST IR 7628’ (51).
It was formerly known as the Cyber Security Coordination Task Group
Smart Grid Security
52
Annex V. Related initiatives
(CSCTG) and was founded by NIST and SGIP organizations. The
primary goal of this group is to develop an overall cyber security
strategy for the smart grid that includes a risk mitigation strategy to
ensure
interoperability
of
solutions
across
different
domains/components of the infrastructure. NIST SGIP/CSWG
developed the document ‘NIST IR 7628’ (51).
Priority Action Plans (PAPs) (59): Currently totaling 16, PAPs address
specific standards-related gaps and issues for which resolution is
most urgently needed. New PAPs are added as necessary.
Domain Expert Working Groups (DEWGs)(60): DEWGs perform
analyses and provide expertise in specific application domains. There
are seven specific application domains. DEWG is organized by smart
grid domains. The six DEWGs are: transmission and distribution,
building to grid, industry to grid, home to grid, business and policy,
and a cross-cutting cyber security coordination task group.
Results
Technical reports, Standards, good practices
Comments
National Institute for Standards and Technology
URL
http://www.nist.gov
Name
FERC- NARUC smart response collaborative
Type
Specialized event
Line of action
Policy and standard
Participants
Public bodies (Federal and State Regulators (USA))
Mission/Objectives
The mission of the FERC-NARUC Collaborative on Smart Response is
to provide a forum for Federal and State Regulators to discuss Smart
Grid and Demand Response policies, share best practices and
technologies, and address issues that benefit from State and Federal
collaboration.
Educate Commissioners and staff on Smart Grid and Demand
Response in order to promote better Smart Grid and Demand
Response regulatory decisions and policy.
Promote consistency across State policies and awareness of
State and Federal policy; coordinate and harmonize policies
and procedures where possible.
Promote Federal
cooperation.
Provide a forum for consumer perspective and to shape the
Smart Grid and Demand Response value proposition to ensure
that the policies benefit consumers.
and State
regulatory dialogue and
Smart Grid Security
53
Annex V. Related initiatives
Activities related to
smart grid security
Create a forum for communication to and with stakeholderssignaling areas of regulatory interest.
Compile research where needed and communicate best
practices.
Gather updates from other Federal agencies working on
related issues.
This initiative makes a series of reference guides, providing support
for members to have key knowledge about the smart grid. Note that
in addition to reference guides also make webinar where one of his
themes is the security and privacy. The reference guides in a matter
of security are still not published but the volume of privacy is now
available.
Projects under this collaborative union must explain how the project
will address cyber security and must highlight cybersecurity
attributes.
Results
Technical reports, webinar
Comments
FERC-NARUC stands for Federal Energy Regulatory Commission National Association of Regulatory Utility Commissioners
URL
http://www.naruc.org/Ferc/default.cfm?c=3
Name
GridWise alliance
Type
Industry association
Line of action
Organization, standards, technical
Participants
All the stakeholders.
Mission/Objectives
Founded in 2003, they have developed into an organization that
represents a broad range of the energy supply chain from utilities to
large tech companies to academia to venture capitalists to emerging
tech companies. This variety of stakeholders gives the Alliance a
unique diversity of perspectives which enables interactive dialogue
between members.
Their main mission its transform the electric grid to archive a
sustainable energy future.
Activities related to
smart grid security
GridWise alliance works specially on smart grid. They have been
created a cyber security division to study the problems of US’ grid.
The five key principles endorsed by the Alliance for cyber security are:
1. Involve all stakeholders and take full advantage of and be
aligned with existing recognized processes and work.
Smart Grid Security
54
Annex V. Related initiatives
2. Utilize a comprehensive risk management approach.
3. Provide clarity to all stakeholders.
4. Construct a cyber security framework that is focused
specifically for electric grid applications.
5. Create and adopt uniform verification and test procedures for
standards and guidelines.
Results
Technical reports
Comments
N/A
URL
http://www.gridwise.org/gridwisealli_about.asp
Name
NEMA
Type
Standards
Line of action
Standards, dissemination and awareness
Participants
Manufacturers
Mission/Objectives
National Electrical Manufacturers Association (NEMA)(61) was
founded on 1926 and it is the trade association of choice for the
electrical manufacturing industry.
NEMA promotes the competitiveness of the U.S. electrical product
industry through the development of standards, advocacy in federal
and state legislatures and executive agencies, and the collection and
analysis of economic data.
NEMA members are leading the way in smart grid technologies by
encouraging investment in the national electricity grid and
developing new product standards.
Activities related to
smart grid security
The NEMA’s objectives for Cyber Security in smart grid are twofold:
the risk to business operations from security breaches
the risk to product development and marketing as the federal
government adopts preventive measures.
The NEMA member companies agree that first and foremost, security
must be part of the design consideration for any smart grid
component (and its corresponding interactions with other grid
elements) from its inception (62).
Results
Technical reports, Standards and policies
Comments
NEMA stands for National Electrical Manufacturers Association
URL
http://www.nema.org/gov/energy/smartgrid/index.cfm
Smart Grid Security
55
Annex V. Related initiatives
Name
NESCOR - Annual Conference & workshops
Type
Specialized event
Line of action
Dissemination and Awareness, training and education
Participants
All stakeholders
Mission/Objectives
Its primary purpose is to:
Activities related to
smart grid security
Bring together a broad spectrum of industry stakeholders to
meet face to face with the EPRI led National Electric Sector
Cyber Security Organization Resources team to discuss the
critical cyber security and data privacy issues facing the
electric sector
Share the research results already achieved by the three
technical working groups of the National Electric Sector Cyber
Security Organization Resources with the industry
Review the 12-month project plan for the National Electric
Sector Cyber Security Organization Resources in each of the
three technical working groups to make changes,
modifications, and additions with input from the industry
participants
Accelerate the technical deliberations of the three working
groups by having focused round table exercises in the
breakout sessions between the National Electric Sector Cyber
Security Organization Resource team and the industry
participants
Provide DoE a written report on the key findings from the
Summit including the 12-month National Electric Sector Cyber
Security Organization Resources project plan
NESCOR have defined three technical working groups to do their jobs:
Cyber security Requirements & Standards Assessment Group
Cyber security Technologies Testing & Validation Group
Threat & Vulnerability Assessment & Mitigation
The three Working Groups will focus their R&D efforts in Year 1 on
securing the following 6 critical grid functions end-to-end:
1. Advanced Metering Infrastructure
2. Demand Response
3. Electric Transportation
4. Distributed Energy Resources
Smart Grid Security
56
Annex V. Related initiatives
5. Distribution Grid Management
6. Wide Area Monitoring, Protection & Control
Results
Annual conference and workshops, Advisories, Technical reports(63)
Comments
National Electric Sector Cyber Security Organization Resources
URL
http://www.cvent.com/events/nescor-annual-conferenceworkshops/event-summaryff2fb887488c4af1aa572813885fd034.aspx
Name
TIA
Type
Industrial association
Line of action
Policy, standard, dissemination and awareness
Participants
Manufacturers, security tools and services providers
Mission/Objectives
Telecommunications Industry Association (TIA) was formally formed
in April 1988 after a merger of USTSA and the Information and
Telecommunications Technologies Group of EIA
The Telecommunications Industry Association is the leading trade
association representing the global informationand communications
technology (ICT) industries through :
Activities related to
smart grid security
Standards Development
Government Affairs
Market Intelligence
TR-51 Smart Utility Networks Standards Working Group develops
and maintains air-interface, network, and conformance standards in
support of Smart Utility Networks. The committee will focus on airinterface and network standards with wireless mesh network
topology, optimized for Smart Utility Network applications. TR-51
liaises with other TIA committees, international and national
standards bodies, and other appropriate organizations, as required,
to avoid duplication of work and to foster collaboration among
organizations addressing various aspects of smart device
communication networks.
TR45.5 has been participating in the Smart Grid Interoperability
Panel’s (SGIP) Priority Action 2 (Wireless Technologies for Smart Grid)
since early 2010, which is in charge of doing a new standard.
Results
Standard
Comments
Telecommunications Industry Association
URL
www.tiaonline.org
Smart Grid Security
57
Annex V. Related initiatives
Smart Grid Security
58
Annex V. Related initiatives
10 International
Name
CIGRE, Study Commitees B5 and D2
Type
Industry association
Line of action
Organizational and Policy, Standards, Economic or Financial,
Technical, Information sharing
Participants
Manufacturer or Integrator, DSO, TSO, Academia and R&D
Mission/Objectives
CIGRE (International Council on Large Electric Systems) is a
permanent international, non government, non-profit-making
Association, founded in France, in 1921. Its aim is to develop and
distribute technical knowledge in the field of the generation and
transmission of high voltage electricity. CIGRE deals with all the main
themes of the field of electricity, i.e. organisation of utilities,
development and adaptation of grids, optimisation of maintenance
and life expectancy of electrical equipment, as well as the analysis of
the impact on the environment, etc.
Activities related to
smart grid security
Study Committee B5 (SC B5) mission is to facilitate and promote the
progress of engineering and the international exchange of
information and knowledge in the field of protection and automation
and also to add value to this information and knowledge by means of
synthesising
state-of-the-art
practices
and
developing
recommendations. Study committee B5 covers principles, design,
applications, coordination, performance and asset management of
system protection, substation control and automation, remote
control systems and equipment and metering systems.
Study Committee D2 (SC D2) covers the specification, design,
engineering, performance, operation, maintenance, economic and
management aspects of the Information and the Telecommunication
systems in the EPI both for operational and business activities, as well
as the different devices, media and networks to support all that
services: speech, data, video, internet, specialised signalling for
teleprotection, SCADA, EMS, DSM. It also covers security aspects of
related Information Systems and Telecommunications.
The results are published as technical reports and summarised in the
bi-monthly CIGRE journal, ELECTRA. Some of its articles are related to
security in ICS environments. i.e.: ‘The Impact of Implementing Cyber
Security Requirements using IEC 61850’(2).
Results
Technical Reports
Comments
International Council on Large Electric Systems
URL
http://www.cigre-b5.org/
http://www.cigre-d2.org/
Smart Grid Security
59
Annex V. Related initiatives
Name
ITU, ITU-T FG on Smart Grid
Type
Public Private Partnership
Line of action
Policy, standards, technical
Participants
All stakeholders
Mission/Objectives
ITU (International Telecommunication Union) is the United Nations
specialized agency for information and communication technologies.
In February 2010, the Telecommunication Standardization sector of
the ITU, ITU-T, established a Focus Group on Smart Grids (FG Smart).
The Focus Group aims to:
Identify potential impacts on standards development.
Investigate future ITU-T study items and related actions.
Familiarize ITU-T and standardization communities with
emerging attributes of smart grid.
Encourage collaboration between ITU-T and smart grid
communities.
The objective of this group is to collect and document ideas that
would be helpful for developing recommendations to support the
smart grid from a telecommunication/ICT perspective. To achieve this
objective, the Focus Group:
Updates living list of standards bodies, forums, and consortia
dealing with smart grid.
Collects visions and value propositions for the smart grid.
Provide terminology and taxonomy necessary to support
smart grid.
Analyzes communication networking requirement functions
and capabilities to support smart grid.
Gathers new ideas relevant to and identify potential study
areas to support smart grid.
Identifies use cases of smart grid that can be used to derive
communication network requirements.
Suggests future itu-t study items and related actions.
Identifies potential impacts on standards development.
The Focus Group interacts with the various research activities in
order to familiarize ITU-T and standardization communities with the
emerging attributes of smart grid.
Activities related to
FG on Smart Grid identifies security and privacy issues that might
impact standards development. To this regard they have been
Smart Grid Security
60
Annex V. Related initiatives
smart grid security
working on a deliverable which analyses communications networking
requirement functions and capabilities to support smart grid,
including security and reliability aspects.
Results
Technical Reports, standards, good practices.
Comments
Focus Group on Smart Grid concluded in Decemer 2011
URL
http://www.itu.int/en/ITU-T/focusgroups/smart/Pages/Default.aspx
Name
IEC, TC 8, TC 57 and JTC1/SC27
Type
International agency
Line of action
Standards, Technical
Participants
Standardization bodies
Mission/Objectives
The International Electrotechnical Commission (IEC) is the world’s
leading organization that prepares and publishes International
Standards for all electrical, electronic and related technologies.
IEC provides a platform to companies, industries and governments for
meeting, discussing and developing the International Standards they
require.
All IEC International Standards are fully consensus-based and
represent the needs of key stakeholders of every nation participating
in IEC work. Every member country, no matter how large or small, has
one vote and a say in what goes into an IEC International Standard.
The IEC develops a lot of standards and technical reports, alone or in
collaboration with other organizations like ISO, on security and other
technical aspects.
IEC has several groups working for the implementation of security
measures in ICS and smart grid environments. The following points
highlight the most important ones:
IEC TC 8 prepares and coordinates, in cooperation with other
TC/SCs, the development of international standards and other
deliverables with emphasis on overall system aspects of
electricity supply systems and acceptable balance between
cost and quality for the users of electrical energy. Electricity
supply system encompasses transmission and distribution
networks and connected user installations (generators and
loads) with their network interfaces.
IEC TC 57 develops and maintains international standards for
power systems control equipment and systems including EMS
(Energy Management Systems), SCADA (Supervisory Control
And
Data
Acquisition),
distribution
automation,
Smart Grid Security
61
Annex V. Related initiatives
teleprotection, and associated information exchange for realtime and non-real-time information, used in the planning,
operation and maintenance of power systems.
On the other hand, the Joint Technical Committee ISO/IEC JTC 1 of
ISO and IEC is a standardization committee which main objective is
the creation of standards for general methods and techniques in the
area of information security.
Activities related to
smart grid security
IEC TC 8 WG AHG 4 works in smart grid requirements including
electrical system reliability (e.g. system security), as well as in
communication security, metering, etc.
IEC TC 57 WG 15 undertakes the development of standards for
security of the communication protocols defined by the IEC TC57,
specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC
61850 series, the IEC 61970 series, and the IEC 61968 series.
ISO/IEC JTC1/SC27 includes the development of standards for the
protection of information and ICT, including generic methods,
techniques and guidelines to address both security and privacy
aspects.
Some of the most relevant documents on ICS security of IEC are:
IEC 62351 series, Data and communication security (3),(4),
(5),(6),(7),(8) and(9).
IEC 62210, Power system control and associated
communications. Data and communication security (10).
Results
Standards, technical reports
Comments
IEC stands for International Electrotechnical Commission
URL
https://www.iec.ch
Name
IEEE, WGC1, WGC6, E7.1402 and other
Type
Professional association
Line of action
Standards
Participants
All stakeholders
Mission/Objectives
IEEE is the world’s largest professional association dedicated to
advancing technological innovation and excellence for the benefit of
humanity. IEEE and its members inspire a global community through
IEEE's highly cited publications, conferences, technology standards,
and professional and educational activities. In this way, the IEEE
develops standards and technical reports on security and other
technical-related aspects.
Smart Grid Security
62
Annex V. Related initiatives
Activities related to The IEEE is divided into several technical committees. One of the
smart grid security
most important is the standardization technical committee. This
Committee includes several work groups that are devoted to
defining security measures for ICS and smartgGrid environments.
Some of the most important workgroups are:
IEEE WGC1 - Application of Computer-Based Systems: This group
has been responsible for the document ‘1686-2007 IEEE Standard
for Substation Intelligent Electronic Devices (IEDs) Cyber Security
Capabilities Active Standard’ (11).
IEEE WGC6 - Trial Use Standard for a Cryptographic Protocol for
Cyber Security of Substation Serial Links: This group has been in
charge of the document ‘1711-2010 IEEE Trial-Use Standards for a
Cryptographic Protocol for Cyber Security of Substation Serial Links’
(12).
IEEE E7.1402 - Physical Security of Electric Power Substations:
Responsible for the treatment of all matters related to the secure
operation of electrical substations with respect to outside intrusions
into the substation. This group has developed the document ‘14022000 IEEE Guide for Electric Power Substation Physical and
Electronic Security’ (13).
Another technical committee which makes studies on security is the
IEEE Power & Energy Society (14) who is responsible for Smart Grid
Forum(15). It is worth highlighting workgroup IEES PSACE CAMS
(Power System Analysis, Computing, and Economics) (Computing
and Analytical Methods Subcommittee). The focus of the workgroup
is the cyber security of electric power infrastructures (16).
Results
Standards, technical reports, conferences, educational and training
activities
Comments
IEEE stands for Institute of Electrical and Electronics Engineers
URL
http://www.ieee.org/
Name
ISA, ISA99 and ISA67
Type
Professional association
Line of action
Dissemination and awareness, standards, and education and
training
Participants
All Stakeholders
Mission/Objectives
The International Society of Automation (ISA) is a leading, global,
non-profit organization that is setting the standard for automation
by helping over 30,000 worldwide members and other professionals
solve difficult technical problems, while enhancing their leadership
Smart Grid Security
63
Annex V. Related initiatives
and personal career capabilities.
ISA’s mission is to become the standard for automation globally by
certifying industry professionals; providing education and training;
publishing books and technical articles; hosting conferences and
exhibitions for automation professionals; and developing standards
for industry.
Some of the ISA objectives are to develop and establish standards,
recommended practices, technical reports, and related information
that will define procedures for implementing electronically secure
industrial automation and control systems and security practices
and assessing electronic security performance.
Activities related to The ISA is involved in the development of standards and technical
smart grid security
reports about ICS security and smart grid security.
The purpose of the ISA99 committee is to develop and establish
standards, recommended practices, technical reports, and related
information that will define procedures for implementing
electronically secure industrial automation and control systems and
security practices and assessing electronic security performance,
such as ISA99 standard (17) series.
The ISA67 16WG5 is in charge of organizing the cyber security for
the nuclear power industry (18).
Results
Standards, technical reports, good practices, events
Comments
It is not necessary to be a member of ISA in order to be a member of
an ISA committee.
URL
http://www.isa.org/
Name
UCA International Users Group
Type
Industry association
Line of action
Organizational and Policy, Standards, Information sharing.
Participants
Manufacturers, Integrators, Security tools and services providers,
Operators.
Mission/Objectives
The UCA International Users Group is a not-for-profit corporation
focused on assisting users and vendors in the deployment of
standards for real-time applications for several industries with related
requirements. The Users Group does not write standards, however
works closely with those bodies that have primary responsibility for
the completion of standards (notably IEC TC 57: Power Systems
Management and Associated Information Exchange).
The UCAIug as well as its member groups (CIMug, Open Smart Grid,
Smart Grid Security
64
Annex V. Related initiatives
and IEC 61850) draws its membership from utility user and supplier
companies. The mission of the UCA International Users Group is to
enable integration through the deployment of open standards by
providing a forum in which the various stakeholders in the energy
and utility industry can work cooperatively together as members of a
common organization to:
Activities related to
smart grid security
Influence, select, and/or endorse open and public standards
appropriate to the energy and utility market based upon the
needs of the membership.
Specify, develop and/or accredit product/system-testing
programs that facilitate the field interoperability of products
and systems based upon these standards.
Implement educational and promotional activities that
increase awareness and deployment of these standards in the
energy and utility industry.
Influence and promote the adoption of standards and
technologies specific to the ever-increasing smart grid
initiatives worldwide.
UCAIug works in security and in other aspects through its member
groups. For instance, the Open Smart Grid sub-technical committee is
responsible for developing security guidelines, recommendations,
and good practices for AMI system elements. This group fosters
enhanced functionality, lower costs and speed market adoption of
Advanced Metering networks and Demand Response solutions
through the development of an open standards-based
information/data model, reference design & interoperability
guidelines.
There are several task forces inside the UCA Ineternational Users
Group dealing to some extent with the security of smart grid
componentes and architectures. These are the following:
Usability Analysis Task Force
CyberSec-Interop Task Force
AMI-SEC Task Force
Embedded Systems Security Task Force
Among them, the AMI-SEC Task Force is the most directly related to
smart grid cyber security aspects. This task force was established
August 2007 to develop consistent security guidelines,
recommendations, and best practices for AMI system elements as
well as on design specifications. Moreover it tries to support vendors
to produce compliant and compatible security technologies. It
also provides a focus point for industry discussions on security
aspects related to AMI.
Smart Grid Security
65
Annex V. Related initiatives
Open Smart Grid subcommittee have four Working Groups. SG
Security is the charged on provide and study the security on the
smart grid.
Results
Standards, guidelines.
Comments
N/A
URL
http://www.ucaiug.org
Name
Zigbee Alliance
Type
Industry association
Line of action
Standard, Technical
Participants
All stakeholders
Mission/Objectives
The ZigBee Alliance is a non-profit industry consortium of leading
semiconductor manufacturers, technology providers, OEMs and endusers worldwide. Members aim at defining a global specification for
interoperable, cost-effective, low-power wireless applications based
on the IEEE 802.15.4 standard. Current membership is about 200 and
includes both heavyweights (such as Siemens and Texas Instruments)
and small start-ups.
The goal of the ZigBee Alliance is to create an open specification
defining mesh and tree network topologies with interoperable
application profiles for wireless control systems. Its focus is clearly on
standards-based, low-cost, low-power, and low-data rates
applications. Means to certify products are also within the scope of
the ZigBee Alliance.
Zigbee is envisioned as a promising technology in home automation,
due to the technical characteristics that differentiate it from other
technologies:
Its low power consumption.
Its mesh network topology.
Easy integration (nodes can be manufactured with very little
electronics).
Activities related to
smart grid security
Zigbee Alliance is working on a communication method based on
wireless technology. Low cost and low power have done Zigbee an
ideal protocol in industrial automation. The Zigbee Alliance works on
the definition of the security mechanism implemented in the protocol
definition.
Results
Standards, technical Report
Comments
N/A
Smart Grid Security
66
Annex V. Related initiatives
URL
www.zigbee.org
Smart Grid Security
67
Annex V. Related initiatives
11 Other web 2.0 initiatives
Name
Smart Grid Network
Type
Online resource (Social Network)
Line of action
Information sharing, dissemination and awareness, training and
education
Participants
Manufacturer or Integrator, Security tools and services Provider, DSO,
TSO, Retail Energy Provider
Mission/Objectives
The goal of Smart Grid Network is to accelerate the pace of smart grid
deployment by promoting dialog and information exchange among
stakeholders and connecting interested consumers with solution
providers.
The site helps consumers understand how a smarter grid can
empower them to better manage their energy usage and identify
trusted solution providers. Solution providers, big companies and
small start-ups alike, will be able to get the message out about their
innovative solutions to interested customers around the globe.
Smart Grid Network has two components; information from
authorized content providers on smart grid initiatives in a state or
country and a Facebook-style social network allowing:
Consumers, solution providers and enablers to communicate
on issues of interest.
Individuals to develop a network of trusted advisors for
identifying and selecting smart grid solutions.
Countries, states, and communities to highlight smart grid
projects and attract best of class solutions suitable for their
local requirements.
Utilities to learn about their customers’ needs, expectations
and demands; and inform customers of new offerings.
Universities and research centres to highlight ongoing smart
grid research and education programs.
Solutions providers to advertise their products and services.
Smart Grid Network, Inc. launched this site on October 18, 2011, with
a pilot test for Illinois (US) and is now expanding to other states and
countries.
Activities related to
smart grid security
This site provides information on security and privacy related issues
affecting the smart grid.
Results
Articles and discussions
Comments
Social network project
Smart Grid Security
68
Annex V. Related initiatives
URL
http://www.smartgrid.com/
Name
Smart grid security
Type
Online Resource
Line of action
Technical
Participants
All stakeholders
Mission/Objectives
The Smart Grid Security group is intended to facilitate the exchange
and discussion of ideas and concepts around the implementation of
smart applications and communications technology within the
electric power system.
Activities related to
smart grid security
All exposed in Mission/Objectives
Results
N/A
Comments
N/A
URL
http://www.linkedin.com/groups?home=&gid=
1842898&trk=anet_ug_hm&goback=.gdr_1332346537283_1
Name
Smart Grid Cyber Security (Exclusive Forum & Networking Group)
Type
Online Resource
Line of action
Technical
Participants
DSO, TSO, Security tools and services Provider
Mission/Objectives
The Smart Grid Cyber Security group is an exclusive memberscommunity, that’s brings together professionals from across the
International Smart Grid/Utilities sector involved with ‘Cyber and
Critical Infrastructure’ security. This community extends to both
those security professionals from within the Utilities Sector and their
IT security partners and vendors.
The objective of this group is to create a forum for its members to
discuss, share ideas, best practices, trends, strategies and create a
common community voice to further understand the dynamics
surrounding the global emergence of smart grid initiative and its
security risks.
Activities related to
smart grid security
All exposed in Mission/Objectives
Results
Forum
Smart Grid Security
69
Annex V. Related initiatives
Comments
N/A
URL
http://www.linkedin.com/groups?home=&gid=
4149740&trk=anet_ug_hm&goback=.gdr_1332346537283_1
http://www.smartgridcybersecurity.co.uk
Name
Energy Sector, Smart Grid, and Smart Meter Security
Type
Online Resource
Line of action
Technical
Participants
All stakeholders
Mission/Objectives
The Smart Grid initiative is perhaps the single largest worldwide
technological project mankind will ever witness. The design,
implementation, and maintenance of a secure system will be of
paramount importance in assuring success.
Activities related to
smart grid security
All exposed in Mission/Objectives
Results
N/A
Comments
It is mainly a discussion forum, where experts hare their opinion on
trending topics regarding cyber security.
URL
http://www.linkedin.com/groups?about=&gid=
2693507&trk=anet_ug_grppro
Name
European Smart-Grid Cyber-Security Forum
Type
Online Resource
Line of action
Technical
Participants
N/A
Mission/Objectives
The European Smart-Grid Cyber-Security Forum aims to provide a
much needed professional and open space for discussions,
knowledge sharing, innovation and ideas around Cyber-Security
aspects for Smart-Grids and Smart-Grid projects in Europe. It intends
to attract knowledge and expertise from anyone who has an insight
and experience in this exciting new industry.
All credible candidates are welcome to join and participate, either
individuals or organisations such as smart-energy/grid equipment
manufacturers, research organisations, consultancies, systems
integrators, security advisories, national regulatory bodies, telecoms
Smart Grid Security
70
Annex V. Related initiatives
providers, etc.
The ultimate objective being to foster and provide a centre of
excellence, collective balanced guidance and direction to all countries
and projects in Europe embarking on or already on their journey
towards Smart-Grids.
Activities related to
smart grid security
All exposed in Mission/Objectives
Results
N/A
Comments
N/A
URL
http://www.linkedin.com/groups?about=&gid=
3847044&trk=anet_ug_grppro
Smart Grid Security
71
Annex V. Related initiatives
12 Bibliography
1. European Network and Informations Security Agency (ENISA). Protecting Industrial Control
Systems - Recommendations for Europe and Member States. 2011.
2. CIGRÉ. The Impact of Implementing Cyber Security Requirements using IEC 61850. s.l. :
CIGRE Publication 427, 2010.
3. International Electrotechnical Commission (IEC). IEC TS 62351-1: Power systems
management and associated information exchange – Data and communications security. Part
1: Communication network and system security – Introduction to security issues. International
Electrotechnical Commission. 2007.
4. —. IEC TS 62351-2: Power systems management and associated information exchange –
Data and communications security – Part 2: Glossary of terms. International Electrotechnical
Commission. 2008.
5. —. IEC TS 62351-3: Power systems management and associated information exchange –
Data and communications security – Part 3: Communication network and system security –
Profiles including TCP/IP. International Electrotechnical Commission. 2007.
6. —. IEC TS 62351-4: Power systems management and associated information exchange –
Data and communications security – Part 4: Profiles including MMS. International
Electrotechnical Commission. 2007.
7. —. IEC TS 62351-5: Power systems management and associated information exchange –
Data and communications security – Part 5: Security for IEC 60870-5 and derivatives.
International Electrotechnical Commission. 2009.
8. —. IEC TS 62351-6: Power systems management and associated information exchange –
Data and communications security – Part 6: Security for IEC 61850. International
Electrotechnical Commission. 2007.
9. —. IEC TS 62351-7: Power systems management and associated information exchange –
Data and communications security. Part 7: Network and system management (NSM) data
object models. International Electrotechnical Commission. 2010.
10. —. IEC TR 62210: Power system control and associated communications – Data and
communication security. 2003-05.
11. Institute of Electrical and Electronics Engineers (IEEE). WGC1 - Application of ComputerBased Systems. s.l. : http://standards.ieee.org/develop/wg/WGC1.html, 2007.
12. —. WGC6 - Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation
Serial Links. s.l. : http://standards.ieee.org/develop/wg/WGC6.html, 2010.
13. —. E7.1402 - Physical Security of Electric
http://standards.ieee.org/develop/wg/E7_1402.html, 2000.
Power
14. —. IEEE Power & Energy Society. [Online] http://www.ieee-pes.org.
Substations.
s.l. :
72
Smart Grid Security
Annex V. Related initiatives
15. —. IEEE-PES Smart Grid Forum. [Online] tp://www.ieee-pes.org/smart-grid-forum.
16. —. IEEE PES Computer and Analytical Methods SubCommittee. [Online] 2000.
http://ewh.ieee.org/cmte/psace/CAMS_taskforce.html.
17. International Society of Automation (ISA). ISA99 Committee - Home. [Online]
http://isa99.isa.org/ISA99 Wiki/Home.aspx.
18. —. LISTSERV 15.5 bin/wa.exe?A0=ISA67-16WG5.
ISA67-16WG5.
[Online]
http://www.isa-online.org/cgi-
19. Commission of the European communities. Communication from the commission to the
European parliament. Protecting Europe from large scale cyber-attacks and disruptions:
enhancing preparedness, security and resilience. 2009.
20.
European
Commision.
M/441:
http://www.cen.eu/cen/Sectors/Sectors/Measurement/Documents/M441.pdf : s.n., 2009.
.
21. CEN/CENELEC/ETSI. CEN/CLC/ETSI/TR 50572. Functional reference architecture for
communications
in
smart
metering
systems.
s.l. :
ftp://ftp.cen.eu/cen/Sectors/List/Measurement/Smartmeters/CENCLCETSI_TR50572.pdf,
2011.
22. Commission of the European communities. Communication from the commission to the
European parliament, the European economic and social commitee and the commitee of the
regions. Achievements and next steps: towards global cyber-security. COM(2011) 163. 2011.
23. —. Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. COM(2011) 202
final. 2011.
24. DG-INFSO Expert Group on the security and resilience of Communication networks and
Information
systems
for
Smart
Grids.
Programme
of
Work.
s.l. :
https://resilience.enisa.europa.eu/security-and-resilience-of-communication-networks-andinformation-systems-for-smart-grids/program-of-work/draft-final-versionpow/at_download/file, 2011.
25. Task Force Smart Grids. Expert group 2. Regulatory recommendations for data safety,
data
handling
and
data
protection.
s.l. :
http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/expert_group2.pdf, 2011.
26. Elvire. [Online] 2011. http://www.elvire.eu/.
27.
CORDIS
Services.
AFTER.
[Online]
2011.
http://cordis.europa.eu/search/index.cfm?fuseaction=proj.document&PJ_LANG=EN&PJ_RCN
=12231422.
28. The OPEN meter Consortium. Open Meter. [Online] 2009. http://www.openmeter.com/.
29. Aretmis. Internet of Energy. [Online] 2011. http://www.artemis-ioe.eu/.
Smart Grid Security
73
Annex V. Related initiatives
30. O.Vermesan, R.Zafalon, K.Kriegel, R.Mock, R.John, M.Ottella, P.Perlo. Internet Of Energy
pag:33. Advance Microsystems for Automotive Applications 2011. [Online]
http://books.google.es/books?id=Qt7HDlzmrhsC&pg=PA33&lpg=PA33&dq=Internet+of+Energ
y+%E2%80%93+Connecting+Energy+Anywhere+Anytime&source=bl&ots=KlFXHWQYEA&sig=Y
DjZYgFqAevFtfWL6tuFqJxIKOo&hl=es&sa=X&ei=arVdT6mDIuem0AW9v9zWDQ&ved=0CIUBEO
gBMAY#v=onepage&q=Int.
31. European Technology Platform SmartGrids. Strategic research agenda for Europe’s
electricity
networks
of
the
future.
s.l. :
http://www.smartgrids.eu/documents/sra/sra_finalversion.pdf, 2007.
32. European Commission. Directorate-General for Energy. Standardization Mandate to
European Standardisation Organisations (ESOs) to support European Smart Grid deployment.
M/490.
s.l. :
http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/2011_03_01_mandate_m490_en.
pdf.
33. Commission of the European communities. Commission staff working document
definition, expected services, functionalities and benefits of smart grids SEC(2011)463. 2011.
34. ENTSOE. WG European operational standards. [Online] https://www.entsoe.eu/systemoperations/working-groups/wg-european-operational-standards/.
35. —. ENTSOE Working Group System Protection. [Online] https://www.entsoe.eu/systemoperations/working-groups/wg-critical-system-protection/.
36. —. WG Electronic Highway. [Online] https://www.entsoe.eu/system-operations/workinggroups/wg-electronic-highway/.
37. ESMIG. External Activities, ESMIG. [Online] http://www.esmig.eu/about-us/smart-metercoordination-group-sm-cg-new.
38.
EUROELECTRIC.
10
Steps
to
http://www.eurelectric.org/10StepsTosmartGrids/.
Smart
Grid.
[Online]
2010.
39. International Instruments Users' Association (WIB). Process control domain - Security
requirements for vendors. EWE (EI, WIB, EXERA). 2010.
40.
DIN.
Electromobility.
[Online]
2011.
http://www.naautomobil.din.de/cmd?contextid=naautomobil&bcrumblevel=1&subcommitte
eid=118124005&projid=149029465&level=tpl-projdetailansicht&committeeid=54738955&languageid=en.
41.
VGB.
VGB-R.175
IT-Sicherheit
http://www.vgb.org/shop/r175.html, 2006.
für
Erzeugungsanlagen
.
s.l. :
42. Netbeheer Nederland. Privacy and Security Advance Metering Infraestructure. Apendix A.
s.l. :
http://www.energiened.nl/_upload/bestellingen/publicaties/356_320006%20%20PS%20M%20StakeholderAnalysis.pdf, 2010.
74
Smart Grid Security
Annex V. Related initiatives
43.
DECC.
Smarter
Grids:
The
Opportunity.
s.l. :
http://www.decc.gov.uk/assets/decc/what%20we%20do/uk%20energy%20supply/futureelec
tricitynetworks/1_20091203163757_e_@@_smartergridsopportunity.pdf, 2009.
44. KEMA and ENA. UK Smart Grid Cyber Security Report. http://ses.jrc.ec.europa.eu/.
[Online] 2011. http://energynetworks.squarespace.com/storage/UK Smart Grid Cyber Security
Report.pdf.
45. North American Electric Reliability Corporation (NERC). Categorizing Cyber Systems. An
Approach Based on BES Reliability Functions. Cyber Security Standards Drafting Team for
Project 2008-06 Cyber Security Order 706. 2009.
46. SGTF. Smart Grid Task Force. [Online] http://www.nerc.com/filez/sgtf.html.
47. SGWG. Smart Grid Working Groups. [Online] 2011. http://www.nerc.com/filez/sgwg.html.
48. National Institute of Standards and Technology (NIST). NIST SP 800-82: Guide to
Industrial Control Systems (ICS) Security. National Institute of Standards and Technology. 2011.
49. —. NIST SP 800-53: Information Security. National Institute of Standards and Technology.
2009.
50. —. NISTIR 7176: System Protection Profile - Industrial Control Systems. Decisive Analytics.
2004.
51. —. NISTIR 7628: Guidelines for Smart Grid Cyber Security. Smart Grid Interoperability
Panel–Cyber Security Working Group (SGIP–CSWG). 2010.
52. ASAP-SG. Advanced Security Acceleration Project for the Smart Grid. [Online] 2011.
http://www.smartgridipedia.org/index.php/ASAP-SG.
53. The AMI-SEC Task Force (UCAIug) and The NIST Cyber Security Coordination Task Group.
SECURITY PROFILE FOR ADVANCED METERING INFRASTRUCTURE. 2010.
54. AMI-SEC-ASAP. AMI Security Implementation Guide. 2009.
55. National Institute of Standards and Technology (NIST). NIST Smart Grid Federal Advisory
Commitee. [Online] 2010. http://www.nist.gov/smartgrid/committee.cfm.
56. Smart Grid Architecture Committee. Smart Grid Architecture Committee. [Online]
http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/SmartGridArchitectureCommittee.
57. Cyber Security Working Group. Cyber Security Working Group.
http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG.
[Online]
58. Smart Grid Interoperability Panel (SGIP). SGIP Cyber Security Working Group (SGIP
CSWG).
[Online]
http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/CyberSecurityCTG.
59. NIST SGIP. Priority Action Plans.
sggrid/bin/view/SmartGrid/PriorityActionPlans.
[Online]
http://collaborate.nist.gov/twiki-
Smart Grid Security
75
Annex V. Related initiatives
60. —. Domain Expert Working Groups. [Online] 2011. http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/DEWGs.
61. NEMA. National Electrical Manufacturers Association. Position Statement on Cyber
Security.
s.l. :
www.nema.org/gov/energy/smartgrid/upload/Cyber_Security_Position_Statement.pdf.
62. National Electrical Manufacturers Association (NEMA). Position Statement on Cyber
Security.
s.l. :
http://www.nema.org/gov/energy/smartgrid/upload/Cyber_Security_Position_Statement.pdf
.
63.
EPRI.
EPRI
Progress
Report.
[Online]
http://www.smartgrid.epri.com/doc/IntelliGrid%20Newsletter%20Template_June%20053111
.pdf.
64. Zwan, Erwin van der. Security of Industrial Control Systems, What to Look For. 2010.
65. Zhang, Zhen. Smart Grid in America and Europe: Similar Desires, Different Approaches
(Part 2). . 2011.
66. —. Smart Grid in America and Europe: Similar Desires, Different Approaches (Part 1). .
2011.
67. Yin Hong, Chang. Cyber Security of a Smart Grid: Vulnerability Assessment. s.l. :
http://www.ece.nus.edu.sg/stfpage/elejp/FYP/CYH09.pdf, 2010.
68.
West,
Andrew.
SCADA
Communication
protocols.
http://www.powertrans.com.au/articles/new pdfs/SCADA PROTOCOLS.pdf.
[Online]
69. Weiss, Joseph. Protecting Industrial Control Systems from Electronic Threats. s.l. :
Momentum Press, 2010.
70. Tsang, Rose. Cyberthreats, Vulnerabilities and Attacks on SCADA networks. 2009.
71. Theriault, Marlene and Heney, William. Oracle Security. First Edition. s.l. : O'Reilly, 1998.
p. 446. 1-56592-450-9.
72. Syngres, Eric Knapp. Industrial Network Security. Securing critical infrastructure Networks
for Smart Grid, SCADA and other Industrial Control Systems. .
73. Suter, Manuel and Brunner, Elgin M. International CIIP Handbook 2008 / 2009. 2008.
74. Stouffer, K. A., Falco, J. A. and Scarfone, K. A. Guide to Industrial Control Systems (ICS)
Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control
Systems (DCS), and other control system configurations such as Programmable Logic
Controllers (PLC). s.l. : National Institute of Standards and Technology, 2011.
75.
Snyder,
Mike.
Smart
Grid
http://ict2020.tiaonline.org/may_june_2009/policy_stimulus.cfm.
Synergy.
76. Smith, Steven S. The SCADA Security Challenge: The Race Is On. 2006.
[Online]
76
Smart Grid Security
Annex V. Related initiatives
77. Identifying, understanding, and analyzing Critical Infrastructure Interdependencies.
Rinaldi, Steven M., Peerenboom, James P. and Kelly, Terrence K. 2001, IEEE Control Systems
Magazine.
78. Mo, Yilin, et al. Cyber–Physical Security of a Smart Grid Infrastructure. s.l. :
http://sparrow.ece.cmu.edu/group/pub/Mo-Kim-etal-ProcIEEE-2011.pdf, 2011.
79. Masica, Ken. Securing WLANs using 802.11i. Draft. Recommended Practice. 2007.
80. —. Recommended Practices Guide For Securing ZigBee Wireless Networks in Process
Control System Environments. 2007.
81. Lewis, Adam. ERN-CIP: European reference network for critical infrastructure protection.
[Online] http://www.creatif-network.eu/workshop1/Lewis_session3.pdf.
82. Lenzini, G., Oostdijk, M. and Teeuw, W. Trust, Security, and Privacy for the Advanced
Metering Infrastructure. s.l. : https://doc.novay.nl/dsweb/Get/Document-100649, 2009.
83. Kwasinski, A. Implication of Smart-Grids development for communication systems in
normal operation and during disasters. 2010.
84. Jeff Trandahl, Clerk. USA Patriot
http://epic.org/privacy/terrorism/hr3162.html.
Act
(H.R.
3162).
[Online]
2001.
85. International Organization for Standardization (ISO), International Electrotechnical
Commission (IEC). Information technology — Security techniques — Code of practice for
information security management. International Organization for Standardization,
International Electrotechnical Commission. 2005.
86. Huntington, Guy. NERC CIP’s and identity management. Huntington Ventures Ltd. 2009.
87. Holstein, Dennis Cease, Li, Haiyu L and Meneses, Albertin,. The Impact of Implementing
Cyber Security Requirements using IEC 61850. 2010.
88. Holstein, Dennis K. P1711 “The state of closure”. s.l. : PES/PSSC Working Group C6, 2008.
89. Hayden, Ernie. There is No SMART in Smart Grid Without Secure and Reliable
Communications. s.l. : http://www.verizonbusiness.com/resources/whitepapers/wp_nosmart-in-smart-grid-without-secure-comms_en_xg.pdf.
90. Hart, D.G. Using AMI torealize the Smart Grid. En Powerand energy society general
meeting -Conversion and delivery of electrical energy in the 21st Century. s.l. : IEEE 2008, 2008.
91. Green, Brian D., Cote, J. R. and Simmins, John. Smartgridinformation.info. [Online] 17 8
2010. [Cited: 30 12 2011.] http://www.smartgridinformation.info/pdf/2663_doc_1.pdf.
92. Gorman, Siobhan. Electricity Grid in U.S. Penetrated By Spies.
93. Goméz, J. Antonio. III Curso de verano AMETIC-UPM 2011 hacia un mundo digital: las eTIC motor de los cambios sociales, económicos y culturales. 2011.
94. Glöckler, Oszvald. IAEA Coordinated Research Project (CRP) on Cybersecurity of Digital
I&C
Systems
in
NPPs.
[Online]
2011.
Smart Grid Security
77
Annex V. Related initiatives
http://www.iaea.org/NuclearPower/Downloads/Engineering/meetings/2011-05-TWGNPPIC/Day-3.Thursday/TWG-CyberSec-O.Glockler-2011.pdf.
95. Giordano, Vincenzo, et al. Smart Grid projects in Europe: lessons learned and current
developments. 2011.
96. Ginter, Andrew. An Analysis of Whitelisting Security Solutions and Their Applicability in
Control Systems. 2010.
97. Flick, Tony and Morehouse, Justin. Securing the Smart Grid. Next Generation Power Grid
Security. 2011.
98. Fan, Jiyuan and Zhang, Xiaoling. Feeder Automation within the Scope of Substation
Automation.
[Online]
10
31,
2006.
[Cited:
12
29,
2011.]
http://www.ieee.org/portal/cms_docs_pes/pes/subpages/meetingsfolder/PSCE/PSCE06/panel24/Panel-24-3_Feeder_Automation.pdf.
99. Fan, Jiyuan, du Toit, Willem and Backschneider, Paul. Distribution Substation Automation
in Smart Grid.
100. Falliere, Nicolas, Murchu, Liam O and Chien, Eric. W32.Stuxnet Dossier. Symantec. 2011.
101. Ericsson, Göran. Managing Information Security in an Electric Utility. Cigré Joint Working
Group (JWG) D2/B3/C2-01.
102. Ebinger, Charles and Massy, Kevin. Software and hard targets: enhancing Smart Grid
cyber
security
in
the
age
of
information
warfare.
s.l. :
http://www.brookings.edu/~/media/Files/rc/papers/2011/02_smart_grid_ebinger/02_smart_
grid_ebinger.pdf, 2011.
103. Díaz Andrade, Carlos Andrés and Hernandez, Juan Carlos. Smart grid: Las TICs y la
modernización de las redes de energía eléctrica – Estado del arte. 2011.
104. Davis, Mike. SmartGrid Device Security. Adventures in a new medium. s.l. :
https://www.blackhat.com/presentations/bh-usa-09/MDAVIS/BHUSA09-Davis-AMISLIDES.pdf, 2009.
105. Conant, Rob. Toward a Global Smart Grid - The U.S. vs. Europe. [Online]
http://www.elp.com/index/display/article-display/2702271845/articles/utility-automationengineering-td/volume-15/Issue_5/Features/Toward_a_Global_Smart_Grid__The_US_vs_Europe.html .
106. —. Toward a Global Smart Grid - The U.S. vs. Europe. [Online]
http://www.elp.com/index/display/article-display/2702271845/articles/utility-automationengineering-td/volume-15/Issue_5/Features/Toward_a_Global_Smart_Grid__The_US_vs_Europe.html.
107.
Coll-Mayor,
Debora.
Overview
of
strategies
and
goals.
[Online]
http://www.4thintegrationconference.com/downloads/Strategies & Goals of Smartgrid in
Europe.pdf.
78
Smart Grid Security
Annex V. Related initiatives
108. Cleveland, Frances. White Paper: Cyber Security Issues for the Smart Grid. s.l. :
http://www.xanthusconsulting.com/Publications/White_Paper_Cyber_Security_Issues_for_the_Smart_Grid.pdf,
2009.
109. Clemente, Jude. The Security Vulnerabilities of Smart Grid. s.l. :
http://www.ensec.org/index.php?option=com_content&view=article&id=198:the-securityvulnerabilities-of-smart-grid&catid=96:content&Itemid=345, 2009.
110. Chebbo, Maher. Recommendations of the SmartGrid ICT consultation Group to the
European Commision. 2010.
111. Carpenter, Matthew and Wright, Joshua. Advanced metering infrastructure attack
methodology. 2009.
112. Brodsy, Jacob and McConnell, Anthony. Jamming and Interference Induced Denial-ofService Attacks on IEEE 802.15.4-Based Wireless Networks. 2009.
113. Boyer, Stuart A. SCADA: Supervisory Control and Data Acquisition. Iliad Development
Inc., ISA. 2010.
114. —. SCADA Supervisory and Data Acquisition. 2004.
115. Berkeley III, Alfred R. and Wallace, Mike. A Framework for Establishing Critical
Infrastructure Resilience Goals. Final Report and Recommendations by the Council. s.l. :
National Infrastructure Advisory Council, 2010.
116.
Bartels,
Guido.
Combating
Smart
Grid
Vulnerabilities.
s.l. :
http://www.ensec.org/index.php?option=com_content&view=article&id=284:combatingsmart-grid-vulnerabilities&catid=114:content0211&Itemid=374, 2011.
117. Bailey, David and Wright, Edwin. Practical SCADA for Industry. s.l. : Newnes, 2003.
118.
Asad,
Mohammad.
Challenges
of
http://www.ceia.seecs.nust.edu.pk/pdfs/Challenges_of_SCADA.pdf.
SCADA.
[Online]
119. Anderson, Roger N., et al. Computer-Aided Lean Management for the Energy Industry.
2008.
120. Amin, Saurabh, Sastry, Shankar and Cárdenas, Alvaro A. Research Challenges for the
Security of Control Systems. 2008.
121. Amin, S. Massoud. Smart Grid: Overview, Issues and Opportunities. Advances and
Challenges in Sensing, Modeling, Simulation, Optimization and Control. s.l. :
http://central.tli.umn.edu/CDC_Semi_plenary_Smart%20Grids_Massoud%20Amin_final.pdf,
2011.
122. Abbott, Ralph E. The Successful AMI Marriage: When Water AMR and Electric AMI
Converge.
[Online]
http://www.waterworld.com/index/display/articledisplay/328763/articles/waterworld/volume-24/issue-5/editorial-feature/the-successful-amimarriage-when-water-amr-and-electric-ami-converge.html.
Smart Grid Security
79
Annex V. Related initiatives
123.
ZigBee.
ZigBee
Home
Automation
Overview.
http://www.zigbee.org/Standards/ZigBeeHomeAutomation/Overview.aspx.
[Online]
124. International Federation of Automatic Control (IFAC). Working Group 3: Intelligent
Monitoring, Control and Security of Critical Infrastructure Systems — IFAC TC Websites.
[Online]
http://tc.ifac-control.org/5/4/working-groups/copy2_of_working-group-1decentralized-control-of-large-scale-systems.
125.
WirelessHART.
WirelessHART.
http://www.hartcomm.org/protocol/wihart/wireless_technology.html.
[Online]
126. Web application Security Consortium. Web Application Firewall Evaluation Criteria.
[Online] 2009. http://projects.webappsec.org/w/page/13246985/Web Application Firewall
Evaluation Criteria.
127. VIKING Project. Vital Infrastructure, Networks, Information and Control Systems
Management. [Online] 2008. http://www.vikingproject.eu.
128. VDI/VDE. VDI/VDE 2182: IT security for industrial automation. 2011.
129. United States Computer Emergency Readiness Team (US-CERT). US-CERT: United States
Compueter Emergency readiness Team. [Online] http://www.us-cert.gov.
130. Institute of Electrical and Electronics Engineers (IEEE). Transmission & Distribution
Exposition & Conference 2008 IEEE PES : powering toward the future. Institute of Electrical and
Electronics Engineers. 2008.
131. Pacific Northwest National Labortory, U.S. Department of Energy. The Role of
Synchronized Wide Area Measurements for Electric Power Grid Operations. 2006.
132. EURELECTRIC Networks Committee. The Role of Distribution System. Operators (DSOs) as
Information Hubs. 2010.
133. The 451 Group. The adversary: APTs and adaptive persistent adversaries. 2010.
134. SANS. The 2011 Asia Pacific SCADA and Process Control Summit - Event-At-A-Glance.
[Online] 2011. http://www.sans.org/sydney-scada-2011.
135. International Energy Agency (IEA). Technology Roadmap. Smart Grids. France :
OCDE/IEA, 2011.
136. EPRI. Technical and System Requirements for Advanced Distribution Automation. 2004.
137. International Federation of Automatic Control (IFAC). TC 6.3. Power Plants and Power
Systems — IFAC TC Websites. [Online] http://tc.ifac-control.org/6/3.
138. —. TC 3.1. Computers for Control — IFAC TC Websites. [Online] http://tc.ifaccontrol.org/3/1.
139. ESCoRTS Project. Survey on existing methods, guidelines and procedures. 2009.
140. CEN/CENELEC/ETSI Joint Working Group. Standards for Smart Grids. 2011.
80
Smart Grid Security
Annex V. Related initiatives
141. Smart Substations. Smart Substations:Desing, Operations and Maintenance. [Online]
http://www.smartsubstations.com.au/Event.aspx?id=664622.
142. EnergieNed. Smart Meter Requirements. Dutch Smart Meter specification and tender
dossier.
s.l. :
http://www.energiened.nl/_upload/bestellingen/publicaties/288_Dutch%20Smart%20Meter
%20%20v2.1%20final%20Main.pdf, 2008.
143.
European
Commision.
Energy.
Smart
Grids
Task
http://ec.europa.eu/energy/gas_electricity/smartgrids/taskforce_en.htm.
force.
[Online]
144. U.S. Department of Energy. Smart Grid System Report. 2009.
145.
Industrial
Defender.
Smart
Grid
http://blog.industrialdefender.com/?p=756, 2011.
Safety
vs
Confidentiality.
s.l. :
146.
Enerweb.
Smart
grid
Information
Report.
http://enerweb.co.za/brochures/Smart%20Grid%20Information%20Report.pdf, 2011.
s.l. :
147. IEEE Smart grid. Smart Grid Conceptual Model. [Online] http://smartgrid.ieee.org/ieeesmart-grid/smart-grid-conceptual-model.
148. Sonoma innovation. Smart Grid Communications Architectural Framework. 2009.
149. EU Commission Task Force for Smart Grids. Expert Group 4. Smart Grid aspects related
to Gas. 2011.
150. European Commision. Smart electricity Systems. European CommisionJoint Research
Centre. [Online] http://ses.jrc.ec.europa.eu/.
151. Siemens. Smart Distribution. Distribution Automation and Protection. [Online] [Cited: 29
12
2011.]
http://www.energy.siemens.com/fi/en/energy-topics/smart-grid/smartdistribution/distribution-automation-and-protection.htm.
152. The Climate Group. smart 2020: enabling the low carbon economy in the information
age. [Online] 2008.
153. Treehugger. SMART 2020 Report: Smart Grids Can Cut CO2 Emissions by 15 Percent.
[Online] 2011. http://www.treehugger.com/clean-technology/smart-2020-report-smart-gridscan-cut-co2-emissions-by-15-percent.html.
154. smart 2020. Smart 2020 . [Online] 2009. http://www.smart2020.org/.
155. ESCoRTS Project. Security of Control and Real Time Systems. [Online] 2008.
http://www.escortsproject.eu.
156.
ABB.
Security
in
the
smart
grid.
s.l. :
http://www02.abb.com/db/db0003/db002698.nsf/0/832c29e54746dd0fc12576400024ef16/
$file/paper_Security+in+the+Smart+Grid+%28Sept+09%29_docnum.pdf, 2009.
157. American Petroleum Institute (API) energy. Security Guidelines for the Petroleum
Industry. American Petroleum Institute. 2005.
Smart Grid Security
81
Annex V. Related initiatives
158. Technical Support Working Group (TSWG). Securing Your SCADA and Industrial Control
Systems. Departmet of Homeland Security. 2005.
159. Rijksoverheid. Scenario's Nationale Risicobeoordeling 2008/2009. [Online] 2009.
http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2009/10/21/scenario-snationale-risicobeoordeling-2008-2009.html.
160. SANS. SCADA Security Advanced Training. [Online] 1989. http://www.sans.org/securitytraining/scada-security-advanced-training-1457-mid.
161. Water Sector Coordinating Council Cyber Security Working Group. Roadmap to Secure
Control Systems in the Water Sector. 2008.
162.
RISI.
Repository
of
http://www.securityincidents.org/.
Industrial
Security
Incidents.
[Online]
163. United States Nuclear Regulatory Commission. Regulatory Guide 5.71: Cyber security
programs for nuclear facilities. 2010.
164. Department of Homeland Security (DHS). Recommended Practice: Improving Industrial
Control Systems Cybersecurity with Defense-In-Depth Strategies. 2009.
165. Wikipedia. Recloser. [Online] [Cited: 12 26, 2011.] http://en.wikipedia.org/wiki/Recloser.
166. Iberdrola. Proyecto tipo para Centro de Transformación intemperie compacto. [En línea]
Abril
de
1997.
[Citado
el:
29
de
Diciembre
de
2011.]
http://www.coitiab.es/reglamentos/electricidad/reglamentos/jccm/iberdrola/mt_2-1105.htm.
167. Centre for the Protection of National Infrastructure (CPNI). Process control and SCADA
security. Guide 7. Establish ongoing governance. Centre for the Protection of National
Infrastructure.
168. —. Process control and SCADA security. Guide 6. Engage projects. Centre for the
Protection of National Infrastructure.
169. —. Process control and SCADA security. Guide 5. Manage third party risk. Centre for the
Protection of National Infrastructure.
170. —. Process control and SCADA security. Guide 4. Improve awareness and skills. Centre for
the Protection of National Infrastructure.
171. —. Process control and SCADA security. Guide 3. Establish response capabilities. Centre
for the Protection of National Infrastructure.
172. —. Process control and SCADA security. Guide 2. Implement secure architecture. Centre
for the Protection of National Infrastructure.
173. —. Process control and SCADA security. Guide 1. Understand the business risk. Centre for
the Protection of National Infrastructure.
82
Smart Grid Security
Annex V. Related initiatives
174. —. Process control and SCADA security. Centre for the Protection of National
Infrastructure.
175. Institute of Electrical and Electronics Engineers (IEEE). P2030: IEEE Guide for Smart Grid
Interoperability of Energy Technology and Information Technology Operation with the Electric
Power System (EPS), End-Use Applications, and Loads. 2011.
176.
Wikipedia.
Outage
management
http://en.wikipedia.org/wiki/Outage_management_system.
system.
[Online]
177. Open Smart Grid. Open Smart Grid. [Online] http://osgug.ucaiug.org/default.aspx.
178. OpenSG. Open Smart Grid. http://osgug.ucaiug.org. [Online]
179. Norwegian Oil Industry Association (OLF). OLF Guideline No.110: Implementation of
information security in PCSS/ICT systems during the engineering, procurement and
commissioning phases. Norwegian Oil Industry Association. 2006.
180. —. OLF Guideline No. 104: Information Security Baseline Requirements for Process.
Norwegian Oil Industry Association. 2006.
181. National Institute of Standards and Technology (NIST). NIST SP 1108: NIST Framework
and Roadmap for Smart Grid Interoperability Standards, Release 1.0. 2010.
182. The White House. National Strategy for Information Sharing. [Online] 2007.
http://georgewbush-whitehouse.archives.gov/nsc/infosharing/index.html.
183. Department of Homeland Security (DHS). National Infrastructure Protection Plan:
Partnering to enhance protection and resiliency. Department of Homeland Security. 2009.
184. NAMUR. NAMUR NA 115 IT-Security for Industrial Automation Systems: Constraints for
measures applied in process industries. 2006.
185. Centre for the Protection of Critial Infrastructure (CPNI). Meridian Process Control
Security
Information
Exchange
(MPCSIE).
[Online]
http://www.cpni.nl/informatieknooppunt/internationaal/mpcsie.
186. Meridian. Meridian. [Online] http://www.meridian2007.org.
187. International Electrotechnical Commission (IEC). ISO/IEC 15408: Information technology.
Security techniques. Evaluation criteria for IT security. 2009-2011.
188. International Society of Automation (ISA). ISA100, Wireless Systems for Automation.
[Online] www.isa.org/isa100.
189. INTERSECTION Project. INfrastructure for heTErogeneous, Resilient, SEcure, Complex,
Tightly Inter-Operating Networks (INTERSECTION). [Online] 2008. http://www.intersectionproject.eu.
190. Norwegian Oil Industry Association (OLF). Information Security Baseline Requirements
for Process Control, Safety, and Support ICT Systems. Norwegian Oil Industry Association.
2009.
Smart Grid Security
83
Annex V. Related initiatives
191. INSPIRE Project. INcreasing Security and Protection through Infrastructure REsilience.
[Online] 2008. http://www.inspire-strep.eu.
192. International Federation for Information Processing (IFIP). IFIP WG 1.7 Home Page.
[Online] http://www.dsi.unive.it/~focardi/IFIPWG1_7.
193. —. IFIP Technical Committees. [Online] http://ifiptc.org/?tc=tc11.
194. —. IFIP TC 8 International Workshop on Information Systems Security Research. [Online]
http://ifip.byu.edu.
195. Institute of Electrical and Electronics Engineers (IEEE). IEEE Standard for Substation
Intelligent Electronic Devices (IEDs) Cyber Security Capabilities. 2007.
196. —. IEEE Standard C37.1-1994: Definition, Specification, and Analysis of Systems Used for
Supervisory Control, Data Acquisition, and Automatic Control. Institute of Electrical and
Electronics Engineers. 1994.
197. International Electrotechnical Commission (IEC). IEC 62443: Security for Industrial
Process Measurement and Control: Network and System Security. 2010.
198. —. IEC 61970: Common Information Model (CIM) / Energy Management.
199. —. IEC 61968: Common Information Model (CIM) / Distribution Management.
200. —. IEC 61850-7-2: Communication networks and systems for power utility automation –
Part 7-2: Basic information and communication structure – Abstract communication service
interface (ACSI). International Electrotechnical Commission. 2010.
201. —. IEC 61850: Communication networks and systems in substations. 2011.
202. —. IEC 60870-6: Telecontrol equipment and systems. 2005.
203. —. IEC 60870-5: Telecontrol equipment and system. 2007.
204. ICT4SMARTDG. ICT Solutions to enable Smart Distributed Generation. 2011.
205. International Atomic Energy Agency (IAEA). IAEA Technical Meeting on Newly Arising
Threats
in
Cybersecurity
of
Nuclear
Facilities.
[Online]
2011.
http://www.iaea.org/NuclearPower/Downloads/Engineering/files/InfoSheetCybersecurityTM-May-2011.pdf.
206.
Energie
Vortex.
http://www.energyvortex.com.
[Online]
http://www.energyvortex.com/energydictionary/blackout__brownout__brown_power__rolli
ng_blackout.html.
207. IRRIIS Project. Homepage of the IRRIIS project. [Online] 2006. http://www.irriis.org.
208. Department of Homeland Security (DHS). Homeland Security Presidential Directive-7.
[Online] 2003. http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm#1.
84
Smart Grid Security
Annex V. Related initiatives
209. Department of Energy (DoE). Hands-on Control Systems Cyber Security Training of
National
SCADA
Test
Bed.
[Online]
2008.
http://www.inl.gov/scada/training/d/8hr_intermediate_handson_hstb.pdf.
210.
BBC
news.
Hackers
'hit'
US
water
http://www.bbc.co.uk/news/technology-15817335, 2011.
treatment
systems.
s.l. :
211. Swedish Civil Contingencies Agency (MSB). Guide to Increased Security in Industrial
Control Systems. Swedish Civil Contingencies Agency. 2010.
212. Commission of the European communities. Green paper. On a European programme for
critical infrastructure protection COM(2005) 576 final. 2005.
213. National Infrastructure Security Coordination Centre (NISCC). Good Practice Guide
Process Control and SCADA Security. PA Consulting Group. 2006.
214. —. Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks.
British Columbia Institute of Technology (BCIT). 2005.
215. McAfee. Global Energy Cyberattacks: “Night Dragon”. [Online] 2011.
http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-nightdragon.pdf.
216. National Infrastructure Security Coordination Centre (NISCC). Firewall deployment for
scada and process control networks. good practice guide. National Infrastructure Security
Coordination Centre. 2005.
217. Centre for the Protection of National Infrastructure (CPNI). Firewall deployment for
scada and process control networks. Centre for the Protection of National Infrastructure.
2005.
218. National Institute of Standards and Technology (NIST). FIPS PUB 199. Standards for
Security Categorization of Federal Information and Information Systems. [Online] 2004.
http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf.
219. —. Field Device Protection Profile for SCADA Systems in Medium Robustness
Environments. 2006.
220. EU Commission Task Force for Smart Grids. Expert Group 1: Functionalities of smart grids
and smart meters. 2010.
221.
The
White
House.
Executive
http://www.fas.org/irp/offdocs/eo/eo-13231.htm.
Order
13231.
[Online]
222. European Commission. Europ2 2020. Europe 2020 targets.
http://ec.europa.eu/europe2020/reaching-the-goals/targets/index_en.htm.
2001.
[Online]
223. Eur Lex. [Online] http://eur-lex.europa.eu/en/index.htm.
224. European Network and Informations Security Agency (ENISA). EU Agency analysis of
‘Stuxnet’ malware: a paradigm shift in threats and Critical Information Infrastructure
Smart Grid Security
85
Annex V. Related initiatives
Protection. [Online] 2010. http://www.enisa.europa.eu/media/press-releases/eu-agencyanalysis-of-2018stuxnet2019-malware-a-paradigm-shift-in-threats-and-critical-informationinfrastructure-protection-1.
225. Instituto de Investigaciones Eléctricas de México. Estado del arte en Redes Inteligentes
"Smart Grids". Automatización de la Distribución en las Redes Inteligentes. México : s.n.
226. eSEC. eSEC. Plataforma Tecnológica Española de Tecnologías para Seguridad y Confianza.
[Online] http://www.idi.aetic.es/esec.
227.
Energie.gov.
Energy
development/energy-storage.
Storage.
[Online]
http://energy.gov/oe/technology-
228. Department of Energy (DoE). Energy Infrastructure Risk Management Checklists for
Small and Medium Sized Energy Facilities. Department of Energy. 2002.
229. Energy Independence and Security Act of 2007. s.l. : http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=110_cong_bills&docid=f:h6enr.txt.pdf, 2007.
230.
Energiened.
Energiened
Documentation.
http://www.energiened.nl/Content/Publications/Publications.aspx.
[Online]
231. U.S. Department of Energy. Electricity sector cyber-security risk management process
guideline. 2011.
232. Government Accountability Office (GAO). Electricity grid modernization. Progress Being
Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed. s.l. :
http://www.gao.gov/new.items/d11117.pdf, 2011.
233. Smarter Grid Solutions. Dynamic Line Rating - managing capacity. [Online]
http://www.smartergridsolutions.com/index.html?pid=153.
234. National Institute of Standards and Technology (NIST). Draft NIST Framework and
Roadmap for Smart Grid Interoperability Standards, Release 2.0. 2011.
235. DLMS User Association. DLMS/COSEM: Conformance Testing Process. 2010.
236. —. DLMS/COSEM: Architecture and Protocols. 2009.
237.
Wikipedia.
Distribution
mangagement
http://en.wikipedia.org/wiki/Distribution_mangagement_system.
system.
[Online]
238. Commission of the European communities. Directive 95/46/EC of the European
Parliament and of the Council of 24 October 1995 on the protection of individuals with regard
to the processing of personal data and on the free movement of such data. 1995.
239.
DigitalBond.
DigitalBond.
ICS
Security
Tool
http://www.digitalbond.com/tools/ics-security-tool-mail-list.
List.
[Online]
240. Department of Homeland Security (DHS). DHS officials: Stuxnet can morph into new
threat. [Online] 2011. http://www.homelandsecuritynewswire.com/dhs-officials-stuxnet-canmorph-new-threat.
86
Smart Grid Security
Annex V. Related initiatives
241. Department of Energy (DoE). Cybersecurity for Energy Delivery Systems Peer Review.
[Online] 2010. http://events.energetics.com/CSEDSPeerReview2010.
242. Department of Homeland Security (DHS). Cyber storm III Final Report. Department of
Homeland Security Office of Cybersecurity and Communications National Cyber Security
Division. 2011.
243. Centre for the Protection of National Infrastructure (CPNI). Cyber security assessments
of industrial control systems. Centre for the Protection of National Infrastructure. 2011.
244. CRUTIAL Project.
http://crutial.rse-web.it.
CRitical
Utility
InfrastructurAL
resilience.
[Online]
2006.
245. Thales. Critical Infrastructure Security. A Holistic Security Risk Management Approach.
s.l. :
http://www.securitymanagement.com.au/content/file/CriticalISThales.pdf?asm=ad05637d37
e2a8c1afeeda016804c85, 2008.
246. United States General Accounting Office (GAO). Critical infrastructure protection.
Challenges and Efforts to Secure Control Systems. United States General Accounting Office.
2004.
247. CI2RCO Project. Critical information infrastructure research coordination. [Online] 2008.
http://cordis.europa.eu/fetch?CALLER=PROJ_ICT&ACTION=D&CAT=PROJ&RCN=79305.
248. SINTEF. CRIOP: A scenario method for Crisis Intervention and Operability analysis. 2011.
249. Centre for the Protection of Critical Infrastructure (CPNI). CPNI. [Online]
http://www.cpni.gov.uk/advice/infosec/business-systems/scada.
250. Commission of the European communities. Council directive 2008/114/EC of 8
December 2008 on the identification and designation of European critical infrastructures and
the assessment of the need to improve their protection. 2008.
251. Council decision on a Critical Infrastructure Warning Information Network (CIWIN)
COM(2008) 676». Commission of the European communities. 2008.
252. DLMS User Association. COSEM: Identification System and Interface Classes. 2010.
253. —. COSEM: Glossary of Terms. 2003.
254. Department of Energy (DoE). Control Systems Security Publications Library. [Online]
http://energy.gov/oe/control-systems-security-publications-library.
255. United States Computer Emergency Readiness Team (US-CERT). Control Systems
Security Program: Industrial Control Systems Joint Working Group. [Online] http://www.uscert.gov/control_systems/icsjwg/index.html.
256. —. Control Systems Security Program: Industrial Control Systems Cyber Emergency
Response Team. [Online] http://www.us-cert.gov/control_systems/ics-cert/.
Smart Grid Security
87
Annex V. Related initiatives
257. Interstate Natural Gas Association of America (INGAA). Control Systems Cyber Security
Guidelines for the Natural Gas Pipeline Industry. Interstate Natural Gas Association of
America. 2011.
258. ICT4SMARTDG. Consensus on ICT solutions for a Smart Distribution at Domestic Level.
2011.
259. Centre for the Protection of National Infrastructure (CPNI). Configuring & managing
remote access for industrial control systems. Centre for the Protection of National
Infrastructure. 2011.
260. Commission of the European communities. Communication from the commission.
Energy infrastructure priorities for 2020 and beyond – A Blueprint for an integrated European
energy network. COM(2010) 677. 2010.
261. —. Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions: A Digital Agenda
for Europe. COM(2010)245 final. 2010.
262. —. Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. Energy 2020: A
strategy for competitive, sustainable and secure energy. COM(2010) 639 final. 2010.
263. —. Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. Digital Agenda
for Europe. COM(2010) 245. 2010.
264. —. Communication from the commission to the council, the European parliament, the
European economic and social commitee and the commitee of the regions. A strategy for a
Secure Information Society – 'Dialogue, partnership and empowerment' COM(2006) 251. 2006.
265. —. Communication from the commission to the council and the European parliament.
Prevention, preparedness and response to terrorist attacks COM(2004) 698 final. 2004.
266. —. Communication from the commission to the council and the European parliament.
Critical Infrastructure Protection in the fight against terrorism COM(2004) 702 final. 2004.
267. —. Communication from the commission on a European Programme for Critical
Infrastructure Protection COM(2006) 786. 2006.
268. North American Electric Reliability Corporation (NERC). CIP-009-4: Cyber Security —
Recovery Plans for Critical Cyber Assets. North American Electric Reliability Corporation
(NERC). 2011.
269. —. CIP-008-4: Cyber Security — Incident Reporting and Response Planning. North
American Electric Reliability Corporation. 2011.
270. —. CIP-007-4: Cyber Security — Systems Security Management. North American Electric
Reliability Corporation. 2011.
88
Smart Grid Security
Annex V. Related initiatives
271. —. CIP-006-4: Cyber Security — Physical Security. North American Electric Reliability
Corporation. 2011.
272. —. CIP-005-4: Cyber Security — Electronic Security Perimeter(s). North American Electric
Reliability Corporation. 2011.
273. —. CIP-004-4: Cyber Security — Personnel and Training. North American Electric
Reliability Corporation. 2011.
274. —. CIP-003-4: Cyber Security — Security Management Controls. North American Electric
Reliability Corporation. 2011.
275. —. CIP-002-4: Cyber Security — Critical Cyber Asset Identification. North American
Electric Reliability Corporation. 2011.
276. —. CIP-001-1a: Sabotage Reporting. North American Electric Reliability Corporation.
2010.
277. Department of Homeland Security (DHS). Catalog of Control Systems Security:
Recommendations for Standards Developers. 2009.
278. Council of the European Union. Brussels European Council 8/9 march 2007. Presidency
conclusions. 2007.
279. Power Systems Engineering Research Center. Automated Circuit Breaker Monitoring.
2007.
280. Gartner. Assessing the Security Risks of Cloud Computing. Gartner. [Online] 2008.
http://www.gartner.com/DisplayDocument?id=685308.
281. American Petroleum Institute (API) energy. API Standard 1164. Pipeline SCADA Security.
American Petroleum Institute. 2009.
282. American National Standard (ANSI). ANSI/ISA-TR99.00.01-2007 Security Technologies for
Industrial Automation and Control Systems. International Society of Automation (ISA). 2007.
283. —. ANSI/ISA–99.02.01–2009 Security for Industrial Automation and Control Systems. Part
2: Establishing an Industrial Automation and Control Systems Security Program. International
Society of Automation (ISA). 2009.
284. —. ANSI/ISA–99.00.01–2007 Security for Industrial Automation and Control Systems. Part
1: Terminology, Concepts, and Models. International Society of Automation (ISA). 2007.
285. —. ANSI C12.21: American National Standard for Protocol Specification for Telephone
Modem Communication. 2006.
286. —. ANSI C12.19: American National Standard for Utility Industry End Device Data Tables.
2008.
287. —. ANSI C12.18: American National Standard for Protocol Specification for ANSI Type 2
Optical Port. 2006.
288. AMI-SEC-ASAP. AMI System Security Requirements. 2008.
Smart Grid Security
89
Annex V. Related initiatives
289. American Gas Association (AGA). AGA Report No. 12, Cryptographic Protection of SCADA
Communications. Part 2 Performance Test Plan. American Gas Association. 2006.
290. —. AGA Report No. 12, Cryptographic Protection of SCADA Communications. Part 1
Background, policies and test plan. American Gas Association. 2006.
291. Wikipedia. Advanced Distribution Automation. [Online] [Cited: 02 01 2012.]
http://en.wikipedia.org/wiki/Advanced_Distribution_Automation.
292. IBM Global Services. A Strategic Approach to Protecting SCADA and Process Control
Systems. 2007.
293. Europe 2020. A resource-efficient Europe – Flagship initiative of the Europe 2020
Strategy. [Online] http://ec.europa.eu/resource-efficient-europe/index_en.htm.
294. EOS Energy Infrastructure Protection & Resilience Working Group. A global european
approach for energy infrastructure protection & resilience. s.l. : http://www.eoseu.com/LinkClick.aspx?fileticket=DEvuI/4l1jU=&tabid=232, 2009.
295. Department of Energy (DoE). 21 Steps to Improve Cyber Security of SCADA Networks.
Department of Energy.
296. Security of Industrial Control Systems, What to Look For. Zwan, Erwin van der. 2010,
ISACA Journal Online.
297. IEC. IEC TS 62351-5: Power systems management and associated information exchange –
Data and.
298. En. [Online]
299. Taylor, Dr. Gary. DEVELOPING NOVEL ICT BASED SOLUTIONS FOR SMART DISTRIBUTION
NETWORK
OPERATION.
[Online]
http://dea.brunel.ac.uk/hiperdno/files/UPEC%202010%20HiPerDNO%20Project%20Presentati
on.pdf.
300. NIST -SGIP. SGIP Catalog of Standards. [Online] 2012. http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/SGIPCatalogOfStandards.
Smart Grid Security
90
Annex V. Related initiatives
13 Abbreviations
ACER
ADA
AMI
AMR/AMM
ANSI
AoR
BAN
BPL
C&DM
CC
CEN
CENELEC
CEO
CERT
CIA
CIWIN
C-level
CO2
COTS
CS
CZ
DAE
DCA
DE
DER
DG ENER
DK
DLF/DLE
DLMS/COSEM
DLR
DMS
DoS
DPF
DSE
DSM
DSO
EACI
Agency for the Cooperation of Energy Regulators
Advanced Distribution Automation
Advanced Metering Infrastructure
Advanced Metering Reading/Measures
American National Standards Institute
Assessment of the Resilience
Building Area Networks
Broadband over power line
Control & Data Management
Common Criteria
European Committee for Standardization
European Committee for Electrotechnical Standardization
chief executive officer
centre emergency response team
Confidentially, Integrity and Availability
Critical Infrastructure Warning Information Network
Chief level (CEO, CIO, ...)
Carbon dioxide
Commercial of the Self
Control Systems
Czech Republic
Digital Agenda for Europe
Distribution Contingency Analysis
Germany
Distributed Energy Resources
Directorate-General for Energy
Denmark
Distribution Load Forecasting and Estimation
Device Language Message specification/COmpanion Specification for Energy
Metering
Dynamic Line Ratings
Distribution Management System
Denial of Service
Distribution Power Flow
Distribution State Estimation
Demand Side Management
Distribution System Operators
European Association for Creativity and Innovation
Smart Grid Security
91
Annex V. Related initiatives
EC
ECI
EG
EII
EISAS
EL
EMS
ENISA
ENTSO
EP3R
EPCIP
ES
ESI
ETN
ETP
ETP
ETSI
EU
EV
FAN
FDIR
FP7
FTP
GDP
GHG
GIS
GPRS
HAN
HMI
HPC
HTTP
HTTPS
HVDC
HW
IAC
IAN
ICS
ICT
IE
IEC
European Commission
European Critical Infrastructures
Expert Group
European Industrial Initiatives
European Information Sharing and Alert System
Greek
Energy Management System
European Network and Information Security Agency
European Network of Transmission System Operators for Electricity
European Public Private Partnership for Resilience
European Programme for Critical Infrastructure Protection
Spain
Energy service interface
Electrical Transmission Network
Executive Training Programme
European Technology Platform
European Telecommunications Standards Institute
European Union
Electric Vehicle
Field Area Network
Fault Detection Isolation and Restoration
Framework Programme 7
File Transfer Protocol
Gross domestic product
Greenhouse Gas
geographic Information system
General Packet Radio Service
Home Area Network
Human Machine Interface
High Performance Computing
Hypertext Transfer Protocol
Hypertext Transfer Protocol Secure
High-Voltage Direct Current
Hardware
Integrity, Availability, Confidentiality
Industrial Area Networks
Industrial Control Systems
Information and communications technology
Information Exchange
International Electrotechnical Commission
Smart Grid Security
92
Annex V. Related initiatives
IED
IEEE
IoE
IPS/IDS
IP-Sec
ISA
ISM
ISMS
ISO
IST
IT
IT
IVVC
JHA
JRC
JWG
KF
LAN
LV
MAN
MDMS
MID
MPLS
MS
MV
NAN
NCA
NCI
NERC
NIS
NIST
NL
NO
NRA
OFC
OFDM
OMS
OWASP
PCD
PLC
Intelligent Electronic Devices
Institute of Electrical and Electronics Engineers
Internet of Energy
Intrusion Protection/Detection System
Internet Protocol Secure
International Society of Automation
Information Security Management
Information Security Management System
International Organization for Standardization
Information Society Technologies
Information Technology
Italy
Integrated Voltage/Var Control
Justice and Home Affairs
Joint Research Center
Joint Working Group
Key Finding
Local Area Network
Low Voltage
Metropolitan Area Network
Meter data management system
Measuring Instruments Directive
Multiprotocol Label Switching
Member State
Medium Voltage
Neighbourhood Area Network
National Certification Authorities
National Critical Infrastructures
North American Electric Reliability Corporation
Network and Information Security
National Institute of Standards and Technology
Nederland
Norway
National Regulatory Authorities
Optimal Feeder Configuration
Orthogonal Frequency Division Multiplexing
Outage Management System
Open Web Application Security Project
Process Control Domain
Power Line Communications
Smart Grid Security
93
Annex V. Related initiatives
PMU
PP
QoS
R&D
RBAC
RF
RISI
RMP
RTD
RTP
RTU
SCADA
SES
SFTP
SG
SGIS
SIEM
SL
SMART
SOC
SSH
ST
SW
TCP/IP
Telnet
TF
TOE
TP
TSO
UK
USA/US
USB
VPN
WAAPCA
WAMS
WAN
WASA
WG
WMD
Phasor Measurement Units
Protection Profiles
quality of service
Research and Development
Role Based Access Control
Radio Frequency
Repository of Industrial Security Incidents
Risk Management Process
Research and Technology Development
Real-Time Pricing
Remote Terminal Units
Supervisory Control and Data Acquisition
Smart Electricity System
Secure File Transfer Protocol
Smart Grid
Smart Grid Information Security
Security information and event management
Slovenia
Standardization, Monitoring, Accounting, Rethink, Transformation
Security Operations Centre
Secure Shell
Security Targets
Software
Transmission Control Protocol/Internet Protocol
Telecommunications Network
Task Force
Target of Evaluation
Topology Processor
Transmission System Operators
United Kingdom
United States of America
Universal Serial Bus
Virtual Private Network
wide-area adaptive protection, control and automation
Wide Area Monitoring System
Wide Area Networks
Wide-Area Situational Awareness
Working Group
Weapon of Mass Destruction
94
Smart Grid Security
Annex V. Related initiatives
P.O. Box 1309, 71001 Heraklion, Greece
www.enisa.europa.eu
