Defending the smart grid – how to protect networks and devices from cyber attacks
January 2016 by ENISA
ENISA publishes its report on "Communication network interdependencies in smart grids". Smart grids are a fundamental component of the European critical infrastructure. They are rooted on communication networks that have become essential elements allowing the leveraging of the “smart” features of power grids. Smart grids provide real-time information on the grid, perform actions when required without any noticeable lag, and support gathering customer consumption information. On the downside, smart grids however, provide an increased attack surface for criminals; for instance, smart meters can be hacked to cut power bills as happened in Spain in 2014 or due to a Distributed Denial of Service (DDoS) attack or malware infection, communications and control of the network could be lost, causing an energy production halt and affecting several systems across borders.
To protect networks and devices from cyber threats, this study focuses on the evaluation of interdependencies to determine their importance, risks, mitigation factors and possible security measures to implement. There is high exposure of smart grid devices that makes it essential to harmonize the current situation by establishing common interconnection protocols. It has also become imperative to seek aligning policies, standards and regulations across the EU to ensure the overall security of smart grids. These aspects have currently grown in importance due to the risk that cascading failures could result since smart grid communication networks are no longer limited by physical or geographical barriers, and an attack on one country could transgress physical and virtual borders.
The recommendations of this report are addressed to operators, vendors, manufacturers and security tools providers in the EU and they include the following:
• foster intercommunication protocol compatibility between devices originating from different manufacturers and vendors
• develop a set of minimum security requirements to be applied in all communication interdependencies in smart grids
• implement security measures on all devices and protocols that are part, or make use of the smart grid communication network.
ENISA’s Executive Director, Prof. Udo Helmbrecht, commented: “ENISA pursues the goal of improving the resilience of smart grid security systems against cyber threats. This report provides much needed guidance to defend the smart grid and protect networks and devices from cyber-attacks”.
In 2016 ENISA continues its efforts alongside the European Commission, as well as smart grid operators, vendors, manufacturers and security tool providers to secure the future of the smart grids. Furthermore the Agency will continue to coordinate SISEC, a reference group of security experts, representing national cyber security authorities, energy and ICT industries, that aims to support ENISA activities towards higher maturity in the EU’s smart infrastructures’ cyber security.