The European Union (EU) has issued a series of recommendations on IT security for smart grids to lessen the risks of a cyber-attack.
In a new report, the European Network and Internet Security Agency (ENISA ), an EU agency, says that IT security must be considered at the very beginning of any smart grid rollout. It says there is still no clear regulatory and policy framework on smart grid cyber security, and urges the European Commission to work with Europe’s member states on developing one.
ENISA also advises the EC to collaborate with member states and the private sector to develop a minimum set of security measures based on existing standards and guidelines. The EC and member states authorities should promote security certification schemes for smart grid components, it argues. Furthermore, member states should build up Computer Emergency Response Teams to advise on cyber security for power grids.
“Our study shows that the two ‘separate worlds’ of the energy sector versus the IT security sector must be aligned on security for smart grids ,” says Professor Udo Helmbrecht, the executive director of ENISA. “We estimate that without taking cyber security into serious consideration, smart grids may evolve in an unco-ordinated manner. I would therefore suggest that smart grids’ security be made part of the EU’s forthcoming Internet Security Strategy.”
Smart grids are likely to give rise to new information security challenges for electricity networks. Cyber attacks with a financial or political motivation could attempt to exploit information systems’ vulnerabilities to shut down power plants.
In 2009, US officials recognized that cyber spies had hacked into the US electricity grid. The incident proved that both software and hardware for smart grid infrastructure are high-risk targets.
ENISA believes that reducing the barriers to information sharing is vital for the success of smart grids.