enisa_annex v - smart grid security related initiatives

Smart grid security

Annex V. Related initiatives

[Deliverable – 2012-03-31]

I Smart Grid Security


This document is Annex 5 (of 5) to the ENISA study ‘Smart grid security: Recommendations for Europe and Member States, June 2012’.

Contributors to this report

ENISA would like to recognise the contribution of the S21sec1 team members that prepared this report in collaboration with and on behalf of ENISA:

Elyoenai Egozcue,

Daniel Herreras Rodríguez,

Jairo Alonso Ortiz,

Victor Fidalgo Villar,

Luis Tarrafeta.

Agreements or Acknowledgements

ENISA would like to acknowledge the contribution of Mr. Wouter Vlegels and Mr. Rafał Leszczyna to this study.

1 S21sec, the contractor of ENISA for this study is an international security services company with offices in several countries.

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security-recommendations

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security-recommendations

II Smart Grid Security


About ENISA

The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu.

Contact details

For contacting ENISA or for general enquiries on CIIP & Resilience, please use the following details:

E-mail: [email protected]

Internet: http://www.enisa.europa.eu

For questions related to ‘’Smart grid security: Recommendations for Europe and Member States’’, please use the following details:

E-mail: [email protected]

Legal notice

Notice must be taken that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time.

Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication.

This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication.

Reproduction is authorised provided the source is acknowledged.

© European Network and Information Security Agency (ENISA), 2012

http://www.enisa.europa.eu/

mailto:[email protected]

http://www.enisa.europa.eu/act/cert/

mailto:[email protected]

III Smart Grid Security


Contents

1 Introduction .......................................................................................................................... 2

2 Europe ................................................................................................................................... 6

3 Belgium ............................................................................................................................... 37

4 Denmark .............................................................................................................................. 38

5 Germany .............................................................................................................................. 39

6 Italy ...................................................................................................................................... 42

7 The Netherlands .................................................................................................................. 44

8 United Kingdom .................................................................................................................. 46

9 USA ...................................................................................................................................... 48

10 International ....................................................................................................................... 58

11 Other web 2.0 initiatives ..................................................................................................... 67

12 Bibliography ........................................................................................................................ 71

13 Abbreviations ...................................................................................................................... 90

2 Smart Grid Security


1 Introduction

The aim of this section is to highlight a number of security initiatives and organisations that are important for the cyber security of smart grids. These initiatives have been classified according to their geographical origin and type. Furthermore, their mission/objectives and primary activities related to smart grid cyber security are also described.

There are two groups of initiatives that have been excluded in this annex. On one side, all those initiatives which addressed safety and security aspects of power generation and the electricity grid, but not directly addressing cyber security are not included. Only those major initiatives at the EU-level, which in the near term might also address cyber security, are included. In the following lines we provide a list of these initiatives:

ETPIS

E-Energy

BDEW

Smart Grid Network

Electricity Regulatory Forum

ESIA Smart Grid Task Force

EUTC - ICT4SDG ICT for Smart Distributed Generation

More Microgrids

ELECPOR

Slovenian Technology Platform SmartGrids

FUTURED

e-CIP

HiperDNO

On the other hand, there is another group of initiatives which address cyber security issues of general Industrial Control Systems (ICS). However, these documents could be an important source of information for any stakeholder of the smart grid which needs to deal with industrial automation or control systems security. For a detailed outlook on all these documents we refer the reader to annex IV of ENISA’s report “Protecting Industrial Control Systems - Recommendations for Europe and Member States” (1). What follows is a list of these initiatives:

IFAC

IFIP

ISACA

MERIDIAN Conference

SANS



TCG

EPCIP

IMG-S

Sixth Framework Programme

NAMUR

VDI

CPNI

Byres Security Blog

WIB

National Risk Assessment

CPNI.NL

OLF

AMETIC

CNPIC

GIPIC

Protect-IC

Test bed Framework for Critical Infrastructure Protection Exercise (Cloud CERT)

PESI

SEMA

The MSB Industrial Control System Security Program

ACC

AGA

API

DoE

DHS

Digital Bond- S4 workshop

TISP

SCADA hacker

SCADAsec

SCADA/Control System Security Professionals

Water Security

Cyber Security in Real-Time Systems

MPCSIE

Finally, the following lines provide a brief explanation of some of the key fields that will be used for the classification of the initiatives/organisations which are presented in this chapter:



Name: Name of the initiative/organisation.

Type: Type of organisation/initiative (see below).

Line of action: The activities the group is related to (i.e. policy, standards, information sharing, dissemination and awareness, economic or financial, technical, training and education, R&D).

Participants: Stakeholder types which participate in the organisation/initiative (i.e. manufacturer or integrator, security tools and services provider, DSO, TSO, power generation, smart grid services provider (e.g. marketer), academia and R&D, public bodies, standardisation bodies).

Mission/Objectives: Purpose of the group.

Activities related to smart grid security: Describes all those activities that the initiative or the organisation being described has undertaken or is currently undertaken on the field of smart grid (cyber) security and resilience.

Results: Standards, Good Practices, Regulations, Technical Reports, Technical Solutions, etc.

Comments: Additional information about the organisation/initiative.

URL: The reference URL for the initiative being described.

The values of the “Type” field can be one of the following:

International agency: An association of public bodies from different countries, which support its members, seeks to achieve common goals and collaborates with other similar agencies and even non-member countries.

Industry association: An association that supports and protects the rights of a particular industry and the people who work in that industry, and which seeks to achieve the common goals of its members. There may be a public entity within these associations, but it does not have a leading role.

Public Private Partnership: A government service or private business venture which is funded and operated through a partnership of government and one or more private sector companies.

Public body: An organization whose work is part of the process of government, but is not a government department. 2

Regular private organisation: An organisation which is privately run and does not rely on money from the government and funds from charities. They get make their own money by providing a service at a cost.

Professional association: Also called a professional body, professional organization, or professional society. A professional association is usually a non-profit organization seeking to represent a particular profession, the interests of individuals engaged in that profession, and the public interest.

European Technology Platform (ETP): are industry-led stakeholder for a charged with defining research priorities in a broad range of technological areas where achieving EU



growth, competitiveness and sustainability requires major research and technological advances in the medium to long term.

Specialized event: Workshops, forums, conferences or summits focusing on ICS security and CIP.

Online resource: A specialised website, blog, e-forum, online group, and similar resources.

Project: Projects made by European Union countries and related to the security of smart grids.

Other: When an initiative or an organisation does not match with any of the previously defined types, it will be classified with this value.



2 Europe

Name Action plan on CIIP

Type Other

Line of action Organisational and Policy, Dissemination and awareness, Information sharing, Technical, Economic or financial.

Participants Public bodies, Manufacturers, Integrators, Operators, Security tools and services providers.

Mission/Objectives In order to enhance the security and resilience of CIIs, this integrated EU action plan was devised by the European Commission to complement and add value to existing national programmes as well as to the existing bilateral and multilateral cooperation schemes between Member States.This action plan was firstly introduced in COM(2009)149 (19) and consisted of five main pillars:

Preparedness and prevention:

Baseline of capabilities and services for pan-European cooperation. The Commission invites Member States and concerned stakeholders to: define, with the support of ENISA, a minimum level of capabilities and services for National/Governmental CERTs and incident response operations in support to pan-European cooperation; make sure National/Governmental CERTs act as the key component of national capability for preparedness, information sharing, coordination and response.

European Public Private Partnership for Resilience (EP3R). The Commission will foster the cooperation between the public and the private sector on security and resilience objectives, baseline requirements, good policy practices and measures.

European Forum for information sharing between Member States (EFMS). The Commission will establish a European Forum for Member States to share information and good policy practices on security and resilience of CIIs.

Detection and response:

European Information Sharing and Alert System (EISAS). The Commission supports the development and deployment of EISAS, reaching out to citizens and SMEs and being based on national and private sector information and alert sharing systems.

Mitigation and recovery:

National contingency planning and exercises. The Commission invites



Member States to develop national contingency plans and organise regular exercises for large scale networks security incident response and disaster recovery, as a step towards closer pan-European coordination.

Pan-European exercises on large-scale network security incidents. The Commission will financially support the development of pan-European exercises on Internet security incidents, which may also constitute the operational platform for pan-European participation in international network security incidents exercises, like the US Cyber Storm.

Reinforced cooperation between National/Governmental CERTs. The Commission invites Member States to strengthen the cooperation between National/Governmental CERTs, also by leveraging and expanding existing cooperation mechanisms like the EGC.29.

International cooperation:

Internet resilience and stability. Three complementary activities are envisaged: A Europe-wide debate, involving all relevant public and private stakeholders, to define EU priorities for the long term resilience and stability of the Internet; the definition of guidelines for the resilience and stability of the Internet, focusing inter alia on regional remedial actions, mutual assistance agreements, coordinated recovery and continuity strategies, geographical distribution of critical Internet resources, technological safeguards in the architecture and protocols of the Internet, replication and diversity of services and data; work o na roadmap to promote principles and guidelines at the global level.

Global exercises on recovery and mitigation of large scale Internet incidents. The Commission invites European stakeholders to reflect on a practical way to extend at the global level the exercises being conducted under the mitigation and recovery pillar, building upon regional contingency plans and capabilities.

Criteria for European Critical Infrastructures in the ICT sector:

ICT sector specific criteria. By building on the initial activity carried out in 2008, the Commission will continue to develop, in cooperation with Member States and all relevant stakeholders, the criteria for identifying European critical infrastructures for the ICT sector.

The EP3R, the EFMS and EISAS can be interesting platforms for any future action plan on ICS security at the European level.

Activities related to smart grid security

Future activities of EP3R will also address cyber security challenges of smart grids, building on the preparatory work being carried out by the Commission and ENISA.



Results Policies

Comments N/A

URL http://ec.europa.eu/information_society/policy/nis/strategy/activities /ciip/index_en.htm

Name CEN/CENELEC/ETSI JWG and SG-CG

Type International agency

Line of action Standards

Participants public bodies, standardization bodies

Mission/Objectives The Smart Grids Task Force highlighted the importance of new standards for a successful deployment of smart grids together with a need for change and improvement of the existing standards. In addition, this group of experts identified the risk of too many standardization bodies providing an inconsistent set of standards. As a result, the Expert Group 1 of the EC Smart Grid Task Force concluded there was a need for a joint CEN/CENELEC/ETSI group on standards for smart grids, to deal more intensively with establishing detailed recommendations to selected standardization bodies. For this reason the CEN/CENELEC/ETSI Joint Working Group (JWG) on standards for the smart grid was established. It worked between June 2010 and March 2011 on the production of a report addressing standards for smart grids. This document was called ‘final report of CEN/CENELEC/ETSI JWG on standards for smart grids’.

In M/490 the European Commission requested ESOs to develop a framework to enable ESOs to perform continuous standard enhancement and development in the field of smart grids, while maintaining transverse consistency and promote continuous innovation. The focal point addressing the ESO's response to M/490 is the CEN/CENELEC/ETSI Smart Grids Coordination Group (SG-CG) which was built around the membership of the previous JWG. Besides, M/490 requires the work to build on already existing material delivered through other mandates such as the M/441 and M/468. The SG-CG is the main and visible body of a larger structure which includes four Working Groups (WG) which are coordinated by the SG-CG. These working groups include:

Reference architecture WG.

First set of standards WG.

Sustainable processes WG.

Security WG (also referred sometimes as Smart Grid Information Security Working Group - SGIS WG).




In addition to other standardisation aspects (e.g. reference architecture, communication interfaces, generation, transmission, distribution, smart metering, etc.), the CEN/CELEC/ETSI JWG final report on standards for smart grids includes a number of recommendations for smart grid standarisation on the field of information security.

On the other hand, the SGIS WG of the SG-CG is defining a number of essential security requirements for smart grids based on confidentiality, integrity, availability, reliability/resiliency, privacy and interoperability criteria. Moreover, this WG is working on the establishment of different security levels to classify the infrastructures that the smart grid will comprise. Besides, it is also revising international standars onsmart grid security, identifying gaps and differences in current European regulations and standards. Finally, the working group is also defining a set of tools and methodologies to help clasiffying assets, assessing risks and filling the aforementioned gaps and other requirements.

Results Standard recommendations, Standards, Policies.

Comments SG-CG is built upon the previous JWG

URL http://www.cen.eu/cen/Sectors/Sectors/UtilitiesAndEnergy /SmartGrids/Pages/default.aspx

Name CEN/CENELEC/ETSI SM-CG



Participants All stakeholders

Mission/Objectives The European Commission and EFTA addressed Mandate M/441 to CEN, CENELEC and ETSI and a Smart Meters Coordination Group (SM-CG) was set up to answer this request. This group provides a focal point concerning smart metering standardization issues in respect to Mandate M/441 (20).

Mandate M/441 has two phases. The first requests the European Standards Organizations to develop a European standard comprising a software and hardware open architecture for utility meters that supports secure bidirectional communication and allows advanced information, management, and control systems for consumers and service suppliers. In this context, the SM-CG identified the main possible functional communication implementations relevant for smart metering systems and the standards relevant to meeting the requirements of mandate M/441, in particular to assist the active participation of consumers in the energy markets.



The second phase of Mandate M/441 requests the European Standards Organizations to develop European Standards containing harmonized solutions for additional meter functionalities within an interoperable framework, using where needed the open architecture developed under the first phase of Mandate M/441. To clarify standardization requirements and to ensure consistency in the smart meter dataflow, it is helpful to consider functionalities in details through Use Cases.


The SM-CG produced a technical report, CEN-CLC-ETSI TR 50572:2011 'Functional reference architecture for communications in smart metering systems'(21). This technical report identifies a functional reference architecture for communications relevant for smart metering systems and the standards relevant to meeting the technical/data communications requirements of Mandate M/441, in particular to assist the active participation of consumers in the energy markets. Particularly, it addresses privacy and data security aspects for the definition of the functional reference architecture, emphasising also general security principles for smart meters.

Results Technical Report

Comments CENELEC Smart Meter Coordination Group

URL http://www.cenelec.eu

Name DG CONNECT’s Ad-hoc Expert Group on the Security and Resilience of Communication Networks and Information Systems for Smart Grids

Type Public Private Platform

Line of action Policy, standards, technical, dissemination and awareness


Mission/Objectives The European Commission created the Ad-hoc Expert Group to better understand the views and objectives of the private and public sectors on the ICT security and resilience challenges for the smart grids as well as to identify and discuss about the related policies at EU level.

COM(2011) 163(22) on Critical Information Infrastructure Protection as well as COM(2011) 202 (23) on smart grids were presented are the two main pillars backin up this initiative. Specifically, COM (2011) 202 declares that the Commission should continue bringing together the energy and ICT communities within an expert group to assess the network and information security and resilience of smart grids.

The two main objectives of the Expert Group are:

The identification of European priority areas for which action should be undertaken to address the security and resilience of



communication networks and information systems for smart grids, as well as the definition of recommendations on how to progress on each of these areas at the European level.

The identification of which elements of the smart grid should be addressed by the EG (e.g. smart appliances, smart metering, smart distribution, smart (local) generation, smart transmission) as well as the identification of key strategic and high level security requirements, good practices based on learned lessons and the proposition of mechanisms to raise awareness among decision makers.


Based on the aforementioned two main objectives, a ‘Programme of Work’(24) was defined with the mission of contributing to a coherent and increased effort to improve the cyber security of the smart grids and which focuses on the security and resilience of communication and information systems that are critical for the performance of the physical electricity infrastructure. This programme of work includes four main areas, divided into twelve work packages. The areas and WPs are the following:

I. Area 1. Risks, threats and vulnerabilities

a. WP 1.1 Identify and categorize all relevant smart grid assets

b. WP 1.2 Develop an attach/threat taxonomy for relevant assets

c. WP 1.3 Develop a countermeasure taxonomy for relevant assets

d. WP 1.4 Develop a high-level security risk assessment methodology for relevant assets

II. Area 2. Requirements and technology

a. WP 2.1 Security requirements

b. WP 2.2 Extend smart grid requirements to include effective security measures

c. WP 2.3 Research smart grid communication protocols and infrastructures to incorporate data security measures

d. WP 2.4 (Public) procurement

III. Area 3. Information and knowledge sharing

a. WP 3.1 Develop a cross-border alliance between Member States (MS) and relevant competent bodies

IV. Area 4. Awareness, education and training

a. WP 4.1 High level conference for strategic leaders



b. WP 4.2 Propose initiatives to increase stakeholder awareness on data security

c. WP 4.3 Skilled personnel on cyber security in energy industry

Results Technical reports, Recommendations

Comments The first conclusions of the group will be made public in the second quarter of 2012

URL http://ec.europa.eu/dgs/information_society/index_en.htm

Name Smart Grid Task Force

Type Public Body

Line of action Policy, Regulation

Participants public bodies, standardization bodies

Mission/Objectives To facilitate and support the process of an European Union-wide smart grid implementation, the European Commission decided to set up a Task Force on Smart Grids. The Task Force Smart Grids was designed to provide a joint regulatory, technological and commercial vision on smart grids taking into account accumulated experiences worldwide and the technological challenges to be faced mainly during next decade/s, so as to coordinate the first steps towards the implementation of smart grids under the provision of the Third Energy Package.

The Task Force aims to jointly agree among the regulatory authorities, regulated companies and end users on key issues such as the estimated cost/benefits, the associated risks and the incentives needed. The ultimate goal of the initial work programme of the task force is to identify and produce a set of regulatory recommendations to ensure European Union -wide consistent, cost-effective, efficient and fair implementation of smart grids, while achieving the expected Smart Grids' services and benefits for the network users. The planned efforts of this Work Programme are focussed on:

Functionalities of smart grid and smart meters: The key deliverable is to provide an agreement among all actors involved on a set of minimum functionalities for smart grids and smart meters.

Regulatory recommendations for data safety, data handling and data protection: The key deliverable is to identify the appropriate regulatory scenario and recommendations for data handling, safety and consumer protection.

Roles and responsibilities of actors involved in the smart



grids deployment: The key deliverable is the development of recommendations on the roles and responsibilities of all involved actors in the implementation of the smart grids as well as the definition of criteria and recommendations for funding of smart grid deployment.

In the beginnning the Smart Grid Task Force comprised three Expert Groups (EG) to which a fourth one was added afterwards. These EGs are the following:

Expert Group 1: Functionalities of smart grids and smart meters.

Expert Group 2: Regulatory recommendations for data safety, data handling and data protection.

Expert Group 3: Roles and Responsibilities of Actors involved in the smart grids deployment.

Expert Group 4: Smart grid aspects related to gas.


The EG2 is involved directly insmart grid security. This group aims to:

Identify the benefits and concerns of customers with regard to smart grids.

Provide an overview of European legislation on data protection, privacy and its enforcement.

Recommend whether further protective measures should be put in place.

Identify possible risks in the handling of data, safety and data protection.

Identify ownership of data and access rights.

Identify responsible parties for data protection and enforcement mechanisms.

Develop a framework in which way data can be used.

Provide recommendations on the Communication of Smart Grid benefits to consumers, citizens and politicians.

The EG2 issued in February 2011 a report titled ‘Regulatory recommendations for data safety, data handling and data protection’(25) which focuses on identifying the appropriate regulatory scenario and recommendations for data handling, security and data protection.

Results Regulations, policies, and policy recommendations.

Comments The initial duration of the task force was 20 months, till May 2011



URL http://ec.europa.eu/energy/gas_electricity/smartgrids/ taskforce_en.htm

Name Seventh Framework Programme (FP7)

Type Other (Research and development programme)

Line of action information sharing, dissemination and awareness.


Mission/Objectives The FP7 is the main Euroepan research programme with a 7 year duration (2007-2013). The programme has a total budget of over € 50 billion and its main objectives are to strengthen the scientific and technological base of European industry, encouraging its international competitiveness, while promoting research that supports EU policies.

The five main Specific Programmes that constitute FP7 are: Cooperation, Ideas, People, Capacities and Nuclear Research.

The ‘Funding schemes’ are the types of projects, by which FP7 is implemented. They are the following:

Collaborative projects: collaborative projects are focused on research projects with clearly defined scientific and technological objectives and specific expected results (such as developing new knowledge or technology to improve European competitiveness). They are carried out by consortia made up of participants from different countries, and from industry and academia.

Networks of excellence: the Networks of Excellence are designed for research institutions willing to combine and functionally integrate a substantial part of their activities and capacities in a given field, in order to create a European ‘virtual research centre’ in this field. This is achieved through a ‘Joint Programme of Activities’ based on the integrated and complementary use of resources from entire research units, departments, laboratories or large teams. The implementation of this Joint Programme of Activities will require a formal commitment from the organisations integrating part of their resources and their activities.

Coordination and support actions: these are actions that

http://ec.europa.eu/energy/gas_electricity/smartgrids/



cover not the research itself, but the coordination and networking of projects, programmes and policies. This includes, for example:

o Coordination and networking activities, dissemination and use of knowledge

o Studies or expert groups assisting the implementation of the FP.

o Support for transnational access to major research infrastructures.

o Actions to stimulate the participation of SMEs, civil society and their networks.

o Support for cooperation with other European research schemes (e.g. ‘frontier research’).


There are some projects under the scope of the FP7 which are related to smart grid security. The following sets out a number of them:

ELVIRE(26): It is an Information and Communication Technologies (ICT) research project. Its purpose is to develop an effective system which is able to neutralize the driver’s ’range anxiety’. In order to ease and optimize energy management of Electric Vehicles (EV) and to cope with the sparse distribution of electrical supply points during the ramp-up phase, innovative Information and Communications Technologies and service concepts are being developed. The participants of this project are working on procedures to secure data transmission between vehicles and external services, sending the information in real time.

AFTER (27): This project addresses vulnerability evaluation and contingency planning of the energy grids and energy plants, considering also the ICT systems used in protection and control. It aims to develop a methodology and a tool for vulnerability analysis and risk assessment of interconnected electrical power systems considering their interdependencies. Moreover, it also aims at developing develop algorithms and tools supporting contingency planning in a two-fold approach: preventing or limiting system disruption, by means of physical security techniques and defence plans; and re-establishing the



system after a major disruption, by means of restoration plans.

Open Meter (28): The main objective of the OPEN meter project is to specify a comprehensive set of open and public standards for Advanced Metering Infrastructure (AMI) supporting multi commodities (Electricity, Gas, Water and Heat), based on the agreement of the most relevant stakeholders in the area. The general requirements include aspects such as security, interoperability, robustness, scalability, maintenance, performance and management. Part of its work focuses on the identification and specification of security requirements and on the determination of security clauses. The project includes specific tasks devoted to cyber security in smart grid environments. Besides, a series of deliverables providing an overview on the steps to be implemented to achieve a secure smart grid.

Internet of Energy (29) (30): The objective of this project is to develop hardware, software and middleware for seamless, secure connectivity and interoperability achieved by connecting the Internet with the energy grids. The project will evaluate and develop the needed ICT for the efficient implementation in future smart grid structures, including security capabilities.

DLC+VIT4IP: this project will develop, verify and test a high-speed narrow-band power line communications infrastructure using the Internet Protocol (IP) which is capable of supporting existing and extending new and multiple communication applications. These shall include the existing power distribution network for novel services in smart electricity distribution networks such as demand side management, control of distributed generation and customer integration. This projects develops, among other things, reference designs and embedded systems architectures for the high efficiency and secure smart network systems addressing requirements on compatibility, networking, security, robustness, diagnosis, maintenance, integrated resource management and self-organization.

Results Technical reports, good practices.

Comments FP7 is the short version for Seventh Framework Programme



URL http://cordis.europa.eu/fp7/home_en.html

Name Smartgrids ETP

Type European Technology Platform

Line of action Dissemination and awareness, Policy, R&D

Participants All smart grid stakeholders

Mission/Objectives The Smartgrids ETP is the European Technology Platform for Electricity Networks of the Future. It is the key European forum for the crystallisation of policy and technology research and the development of pathways for the smart grids sector, as well as the linking glue between EU-Level related initiatives.

The mission of the Smartgrids ETP includes:

To foster and support the deployment of SmartGrids in Europe by advising and coordinating the stakeholders: European Commission, TSO, DSO, Energy System and Component vendors, Energy Research Centres, Smart Metering Industry, Energy Consumers, Utilities Telecom Providers and Grid Regulators.

To ensure the strategic relevance of the Platform and its consistency with EU policy.

To link with relevant technology platforms dealing with energy matters that have an impact both at the generation and the demand side, on the future of the grid.

To provide relevant input to the EU initiatives such as the SET-plan and its European Industrial Initiatives.

The Smartgrids ETP main objectives are:

To ensure that the vision and its implementation remain focused on responding to the needs of customers and the delivery of European policy.

To maintain a high level strategic overview of sector developments, opportunities and threats, bringing forward issues of priority for attention.

To be a facilitator, working with the grain of sustainable energy policy for a competitive Europe.

To promote SmartGrids research, development, demonstration and deployment projects.

To build and maintain a shared vision for the future of Europe’s electricity networks and to be a catalyst for its

http://cordis.europa.eu/fp7/home_en.html



implementation.

The European Technology Platform for Electricity Networks of the Future actively engages with smart grids stakeholders (researchers, academia, civil societies, industry), European Commission-funded research projects and initiatives, related European Technology Platforms and global grids organisations in a wide range of activities relevant to the R&D&I of electricity networks in Europe:

Publishing the following documents: vision paper, strategic research agenda, strategic deployment document

Formulating proposals and recommendations for the European Electricity Grid Initiative under the framework of the SET-Plan

Monitoring Research, Studies, Pilot Plants and Demonstration

Responding and disseminating relevant public consultations

Organising Workshops of stakeholders to engage them in its activities

Taking awareness and communication actions, including the organisation general assemblies, and development of a website. A video to disseminate the concept of the ETP vision for the future was also released in 2007.


In the Smartgrid ETP’s document ‘Strategic research agenda for Europe’s electricity networks of the future’(31), the security dimenssion, in its broadest sense, is considered one of the strategic pillars. Besides, it defines several research areas which acknowledge the importance of ICT in the new smart grid and the reliability and security factors. Other research areas consider security from the point of view of performance expectations, including topics such as graceful degradation to maximize reliability, availability and resilience of the grid. In any case cyber security or privacy aspects related to Information and communication technology are not directly addressed.

The strategic deployment document of 2010 describes the priorities for the deployment of innovation in the electricity networks and the benefits that such innovations will deliver for all takeholders. As it happens with the strategic research agenda, security is at the fundamentals of the document. However it is mainly focused on operational security, relience, reliability and availability, leaving out cyber security or privacy issues.

Results Research plans, Recommendations on future strategies

Comments N/A

URL http://www.smartgrids.eu



Name EU-US Working Group on Cyber-security and Cybercrime

Type Other

Line of action Information sharing, dissemination and awareness, training and education, organisational and policy.

Participants Public Bodies

Mission/Objectives The EU-US Working Group (EU-US WG) on Cyber-security and Cybercrime was established in the context of the EU-US summit of 20th of November 2010 held in Lisbon. Its main objective is to tackle new threats to the global networks upon which the security and prosperity of our free societies increasingly depend. The EU-US WG addresses a number of specific priority areas and was planned to report progress within a year time after its establishment. The efforts include:

Expanding incident management response capabilities jointly and globally, through a cooperation programme culminating in a joint EU-US cyber-incident exercise by 2012.

A broad commitment to engage the private sector, sharing of good practices on collaboration with industry, and pursuing specific engagement on key issue areas such as fighting botnets, securing industrial control systems and smart grid (such as water treatment and power generation), and enhancing the resilience and stability of the Internet.

A programme of immediate joint awareness raising activities, sharing messages and models across the Atlantic, as well as a roadmap towards synchronised annual awareness efforts and a conference on child protection online in Silicon Valley by end 2011.

Continuing EU/US cooperation to remove child pornography from the Internet, including through work with domain-name registrars and registries.

Advancing the Council of Europe Convention on Cybercrime, including a programme to expand accession by all EU Member States, and collaboration to assist states outside the region in meeting its standards and become parties.


With respect to ICS andsmart grid security the proposed tasks include the stock taking and comparative analysis of existing initiatives, pilots, good practices and methods addressing ICT risks, privacy and security. The input from the EU side includes:

Activities at national level (NL, DE, UK, SE…) as well as at European level (Euro-SCSIE, possibly via Member States



experts in the WG and during the stock taking of the ENISA studies on ICS and smart grids security)

Ongoing ENISA studies on industrial control systems and interdependencies of ICT sector to energy

Activities of the Expert Group on the Security and Resilience of Communication Networks and Information Systems for Smart Grids, composed of European public and private stakeholders and coordinated by DG CONNECT.

The input from the US side includes:

Experiences in international public-private coordination to mature acceptance of voluntary security standards.

Specific methodology and mechanisms to engage with the private sector to achieve cooperation and mutual engagement in public-private control system security coordination.

The deliverables expected from this cooperation include:

Strategy for EU and US engagement on the control system/smart grid priority area;

Plan of Action for EU and US public private engagement on cyber security of industrial control systems and smart grids; this will also draw on an analysis of existing coordination bodies for security of industrial control systems and highlighting best practices for voluntary participation developed within them.

Results Good practices

Comments N/A

URL http://europa.eu/rapid/pressReleasesAction.do?reference= MEMO/10/658&type=HTML

Name JRC, Smart Electricity Systems Group (SES)

Type Public Platform

Line of action Policy and standards


Mission/Objectives The Smart Electricity Systems (SES) group of the JRC provides scientific support to Directorates-General of the European Commission on policies and initiatives on smart electricity grids. SES supports the policy-making process on the developments of the trans-European and power distribution networks, focusing also on advances towards super and smart grids architectures. The SES Action

http://europa.eu/rapid/pressReleasesAction.do?reference



concentrates on the following activities:

Design, set up and run the first JRC experimental activities on smart grids to assess the adequacy and reliability of micro grid systems embedding renewables and Distributed Energy Resources, including storage.

Provide technical and policy support to customer DGs on initiatives related to the development and the operation of the current and future transmission and distribution networks, taking into account advances in smart and super grids concepts; this will be done particularly with relation to the Strategic Energy Technology Plan (SET-Plan) and the Energy Infrastructure Package.

Further develop and improve dedicated models and tools to assess the vulnerability, reliability and security of supply challenges of the EU electricity transmission and distribution systems, during both normal and special operational conditions. The models will be combined with an energy security Geographic Information System (GIS) framework and database, especially designed to communicate results in a user-friendly and geo-referenced manner.

Strengthen cooperation on research and demonstration on smart transmission and distribution grids with key stakeholders at the EU, Member State and international level.

Contribute assessing the interdependencies of the ICT and power systems and to implement the work plan of the new FP7 AFTER competitive project on power systems vulnerability identification, defence and restoration.


As it has already been mentioned in the mission/objectives section, the SES group of the JRC aims to further develop and improve dedicated models and tools to assess the vulnerability, reliability and security of supply challenges of the EU electricity transmission and distribution systems, during both normal and special operational conditions. The models are envisioned to be combined with an energy security Geographic Information System (GIS) framework and database, especially designed to communicate results in a user-friendly and geo-referenced manner.

Results Good Practices, Technical Reports.

Comments Following a request from DG ENER, the JRC Smart Electricity Systems Action carried out an independent assessment of smart grid projects throughout Europe. They launched a survey to collect smart grid experiences in Europe and support analysis on trends and developments in smart grids implementation.

URL http://ses.jrc.ec.europa.eu



Name CEER

Type International Agency

Line of action Policy, standards

Participants Europe's national regulators of electricity and gas at EU and international level.

Mission/Objectives The Council of European Energy Regulators (CEER) is the voice of Europe's national regulators of electricity and gas at EU and international level. Through CEER, a non-for-profit association, the national regulators cooperate and exchange best practice. A key objective of the CEER is to facilitate the creation of a single, competitive, efficient and sustainable EU internal energy market that works in the public interest. Besides, CEER works closely with and supports the work of the Agency for the Cooperation of Energy Regulators (ACER).

The Electricity Working Group (EWG) of CEER deals with issues related to the European electricity grids and the EU electricity market. According to them, in 2012, the EWG will focus on the following areas of work: quality of supply, smart grids, sustainable development, security of supply.


During 2012 CEER will see the continuation of the previous efforts to address the challenges of security of supply from the viewpoint of generation adequacy, elaborating guidelines of good practices.

Three task forces have been defined, from which two of them are directly related to security aspects of the smart grid. These task forces are:

Electricity Quality of Supply and Smart Grids (EQS) Task Force, which is working on quality issues and the regulatory aspects of ’smart grids’.

Electricity Security of Supply (ESS) Task Force which is addressing the challenges of security of supply from the viewpoint of generation adequacy.

Even though security and reliability of the grid are the focus of many of the efforts of this agency, cyber security issues are not still being considered as a key aspect.

Results Annual overview and future work programme documents; Annual national reports for each EU country; Regulatory guidelines and good practices; Newsletter

Comments Council of European Energy Regulators



URL http://www.energy-regulators.eu

Name ANEC

Type Other

Line of action Standardisation

Participants Represents the European consumer

Mission/Objectives ANEC is the European consumer voice in standardisation. This association represents the European consumer interest in the creation of technical standards, especially those developed to support the implementation of European laws and public policies.

ANEC participates principally through its voluntary experts in the standards development work of the three European Standards Organisations (ESOs) recognised by the European Union and EFTA: CEN, CENELEC, and ETSI.

ANEC is governed by a general assembly which comprises one one individual from each of the 30 countries of the European Union and EFTA. The individual is nominated through a collective decision of the national consumer organisations in each country and acts as the interlocutor between them and ANEC.


ANEC was invited by ESOs to participate in both, Smart Meter Co-ordination Group (SM-CG) established to execute Mandate M/441(20) on Measuring Instruments and Smart Grid Coordination Group (SG-CG) established to execute M/490(32) to support European smart grid deployment.

Additionally, and in order to defend the consumer interests in the policy and standardisation activities related to the implementation of the third EU Energy Package, ANEC has joined the European Commission Smart Grid Task Force where it helps identifying regulatory recommendations for implementing Smart Grids.

As a result of the participation of ANEC in such initiatives, several documents were developed. These documents include a number of aspects considered key by consumers on data privacy and security, mostly referring to keep data confidential and secure both during their transmission and storage. Besides, some of these documents have been a basis for developing COM (2011) 202(23) and SEC (2011) 463(33).

Results Papers and annual technical reports

Comments N/A

URL www.anec.eu



Name DIGITALEUROPE

Type Industry Association

Line of action Policy, information sharing, dissemination and awareness

Participants Integrators and services providers

Mission/Objectives DIGITALEUROPE represents the digital technology industry in Europe. This initiative has more than 100 members and include some of the world's largest IT, telecoms and consumer electronics companies and national associations from every part of Europe. Digital Europe wants European businesses and citizens to benefit fully from digital technologies and for Europe to grow, attract and sustain the world's best digital technology companies.

DIGITALEUROPE aims to facilitate non-commercial collaboration and coordination between member companies and national trade associations across the European Union, and assist them in sharing best-practices in many business operations and facilitating the agreement of international standards in close collaboration with international standards bodies. DIGITALEUROPE provides a full range of services to its membership and generally to stakeholders in the digital economy. Including:

Promoting the development of best practices and benchmarking within the DIGITALEOPE membership

Providing up-to-date, high-value industry data and information to members on all aspects of the Digital Economy in Europe and around the world

Delivering a forum for knowledge exchange and information sharing between members through industry programmes and pan European events.

Monitoring all relevant initiatives to industring, informing members through regular mailings, emails, newsletters and information transfer, as well as the hosting and and organisation of meetings and events.

The organisation is dedicated to improving business environment for the European digital technology industry and to promoting their sector’s contribution to economic growth and social progress in the European Union. It represents the interests of both, national associations and corporate organisations, operating in the



information technology and consumer electronics sector in European towards.The European parliament and the European Commission.

DIGITALEUROPE is one of 25 European Associations representing all European Stakeholders that are assumed to play a role in the implementation of smart grids. It participates actively in the Smart Grids Task Force through the participation in the 3 working groups that have been setup, the Steering Committee and the issue of the present position paper representing the position of DIGITALEUROPE members.


DIGITALEUROPE have grouped some experts on smart grids to create a technical and regulatory group on privacy and security. DIGITALEUROPE‘s Privacy & Security group is focusing on three key areas:

Data protection: the group is actively engaged in developing common industry agreements on how to balance the opportunities and challenges to harmonisation to enable businesses take a Europe-wide and global view of data protection compliance.

Online advertising: the group is contributing to discussions on the benefits and potential risks of monitoring consumer behaviour for commercial purposes, as well as the technologies used for such purposes.

Network Information and Security (NIS): the Privacy & Security group is contributing its expertise to initiatives and consultations lead by the Commission and the European Network Information Security Agency (ENISA).

Results Technical reports

Comments N/A

URL http://www.digitaleurope.org

Name EDSO-SG

Type Industry Association

Line of action Awareness and dissemination, training and education

Participants DSOs

Mission/Objectives EDSO for smart grids aims to be the key reference point in the coordination of all European DSOs efforts.

The purpose of the Association is to structure, lead and enhance, not for profit cooperation between European distribution system



operators for electricity as well as assure, manage, represent and promote their common interests, specifically on smart grids development and implementation.

Together with ENTSO-E and European Technology Platform SmartGrids (ETP Smart Grids), they play an important role in the planning, monitoring and dissemination of the European Electricity Grid Initiative.


EDSO for smart grids plays an active role in the European regulatory process on smart grids development and implementation.

Some of its goals include the security of supply and the promotion of the reliability of electricity distribution grids.


Comments EDSO-SG stands for European Distribution System Operators for Smart Grids

URL http://edsoforsmartgrids.eu

Name ENTSO-E

Type International Agency

Line of action Standards, policy, dissemination and awareness, economical/financial, technical.

Participants TSO

Mission/Objectives The European Network of Transmission System Operators for Electricity represents all electric TSOs in the EU and others connected to their networks, with one voice for all regions, and for all their technical and market issues.

ENTSO-E's mission is to promote important aspects of energy policy in the face of significant challenges:

Security: it pursues coordinated, reliable and secure operations of the electricity transmission network.

Adequacy: it promotes the development of the interconnected European grid and investments for a sustainable power system.

Market: it offers a platform for the market by proposing and implementing standardized market integration and transparency frameworks that facilitate competitive and truly integrated continental-scale wholesale and retail markets.

Sustainability: it facilitates secure integration of new generation sources, particularly growing amounts of



renewable energy and thus the achievement of the EU's greenhouse gases reduction goals.


WG European operational standards (WG EOS) (34): The WG EOS provides proposals for the harmonization of operational standards on the pan-European level and for the promotion of operational coherence among regions, thus facilitating the market processes. It contributes to ensure compatibility between system operation, market solutions and system development issues. The WG EOS analyses proposals for definitions and updating of technical and operational standards for implementation by regions and individual TSOs.

WG Critical System Protection (WG CSP) (35): The WG CSP copes with the development of critical system and infrastructure protection on European level. The WG CSP is responsible for coordinating critical system protection issues regarding electricity transmission. The main function of the WG CSP is to follow the development of the critical infrastructure protection at European level, and to contribute to the dialog with the European Commission on critical infrastructure protection.

WG Electronic Highway (WG EH) (36): The WG EH coordinates the usage and extension of the electronic highway in order to provide a secure and reliable information exchange for system operations throughout Europe.

Results Technical reports, recommendations.

Comments ENTSO-E stands for European network of transmission system operators for electricity

URL https://www.entsoe.eu/

Name EEGI

Type Other

Line of action R&D

Participants TSOs and DSOs

Mission/Objectives The EEGI is one of the European Industrial Initiatives under the Strategic Energy Technologies Plan (SET Plan) and proposes a 9 years European research, development and demonstration (RD&D) programme initiated by electricity transmission and distribution network operators (ENTSO) to accelerate innovation and the development of the electricity networks of the future in EU.

Both ENTSO-E and EDSO-SG are the main two organisations behind



the EEGI.

The programme focuses on system innovation rather than on technology innovation, and addresses the challenge of integrating new technologies under real life working conditions and validating the results.

The strategic objectives of the EEGI are:

To transmit and distribute up to 35% of electricity from dispersed and concentrated renewable sources by 2020 and a completely decarbonized electricity production by 2050.

To integrate national networks into a market-based, truly pan-European network, to guarantee a high-quality of electricity supply to all customers and to engage them as active participants in energy efficiency.

To anticipate new developments such as the electrification of transport.

To substantially reduce capital and operational expenditure for the operation of the networks while fulfilling the objectives of a high-quality, low-carbon, pan-European, market based electricity system.


The EEGI’s Research, Development and Demonstration (RD&D) programme defines 4 barriers: Technology barriers, RD&D organisation barriers, Market failures and distortions, Public barriers. Technology barrier includes aspects such as cyber security and data privacy on smart grid.

All project inside EEGi need to include a cyber secutiry policy besides other policies or strategies.

Results N/A

Comments EEGI stands for European Electricity Grid Initiative

URL https://www.entsoe.eu/rd/eegi/

Name ENCS

Type Public Private Partnership

Line of action Technical, information sharing, dissemination and awareness

Participants DSO, Academia and R&D, public bodies, standardization bodies

Mission/Objectives The ENCS aims to be the partner for organisations working on the security and protection of critical digital infrastructures, to help them to make accurate risk assessments and to take the appropriate measures to safeguard these infrastructures and guaranteeing the



continuity and smooth running of the systems. ENCS is the evolution of CyberTECH group.

ENCS is an independent European public-private collaboration. Their Founding members are Alliander (Dutch DSO), City of The Hague, CPNI.NL, KEMA, KPN (Biggest Dutch Telecom provider), Radboud University Nijmegen and TNO. The idea of ENCS is that it contributes to the resilience of CI by connecting people and organizations, being an information and knowledge sharing catalyst and educating people to the highest management levels. The ENCS will not only focus on the technical, but also on physical and personnel security.


The ENCS focuses primarily on the protection of smart grids and critical infrastructures’ Process Control Domains, which still present substantial cyber security issues and challenges. To address them, the ENCS connects existing organisations. The ENCS is planned to constantly scan the international arena for relevant developments, innovating and creating new initiatives to enable others. Besides the public-private network of experts and organizations, the ENCS will focus on four main areas:

Research & Development

Test Bed

Information & Knowledge Sharing

Education & Training

All four focus areas are interconnected, providing collaborative input and optimal synergy. The ENCS will start primarily on the protection of smart grids and CI’s Process Control Domains. These still present substantial cyber security issues and challenges. To address them, the ENCS will connect existing organisations as the European Commission, ENISA, Joint Research Centre and national public and private initiatives across Europe and beyond – collaboration with the DHS Control Systems’ Security Program and Idaho National Labs are prime examples.

Results Research & development reports, Test beds, Information & Knowledge Sharing platform, Education & training courses

Comments ENCS stands for European Network for Cyber Security

ENCS was formerly known as Cyber-TECH

URL N/A



Name ESMIG

Type Public Body

Line of action policy, standards, information sharing, technical…


Mission/Objectives The European Smart Metering Industry Group (ESMIG) has the objective to deliver the benefits of Smart Metering across Europe. The association and membership, through their internal working groups and involvement in several stakeholder groups, are providing expertise and advice to European institutions and organisations on the key issues for a European-wide implementation and roll-out of Smart Metering technologies.

There are four working groups:

ESMIG - European Business Systems Integration and Interoperability Group (EBSII)

ESMIG - Communications Technology Group (CTG)

ESMIG - Regulation And Policy Group (RPG)

ESMIG - Multi Utility Metering Group (MUM)


External activities of ESMIG supports the SM-CG (Smart Meter Coordination Group) with the definition of a functional reference architecture of the Advanced Metering Infrastructure (AMI), the definition of a glossary of commonly used terms and finally, with the definition of functional requirements by Use Cases.

ESMIG is represented in the steering committee and in the various working Groups of the SG-CG (Smart Grid Coordination Group). ESMIG ensures that the work of the Smart Grid Expert Groups and the SM-CG is taken into consideration and finds its way in the work packages and the results of the SG-CG. ESMIG is one of the industry associations represented in this group. Proposals for changes in the MID are reviewed by the MUM group of ESMIG while its comments are taken into account and discussed by the WGMI (Working Group Measuring Instruments).

ESMIG is represented in the European Electricity Grid Initiative (EEGI), which is one of the six European Industrial Initiatives (EII) laid down in the Strategic Energy Technology Plan (SET).

ESMIG's RPG group formulates responses to the public consultations of the EEGI(37).http://www.esmig.eu/about-us/smart-meter-coordination-group-sm-cg-new

Since its foundation in July 2008, ESMIG has achieved in a short time a very high level of recognition and visibility at EU-level and is recognised as an honest broker of industry’s interest in the energy area with a specific focus on smart metering and smart grid.

http://www.esmig.eu/about-us/smart-meter-coordination-group-sm-cg-new

http://www.esmig.eu/about-us/smart-meter-coordination-group-sm-cg-new




Comments ESMIG stands for European Smart Metering Industry Group

URL http://www.esmig.eu/

Name EURELECTRIC

Type Electricity Industry

Line of action policy making level

Participants Operators, DSO, TSO, Public Bodies

Mission/Objectives The Union of the Electricity Industry - EURELECTRIC is also the association of the electricity industry within the European Union, representing it in public affairs, in particular in relation to the institutions of the EU and other international organisations.

Its mission is to contribute to the development and competitiveness of the electricity industry and to promote the role of electricity in the advancement of society. As a centre of strategic expertise, The Union of the Electricity Industry - EURELECTRIC identifies and represents the common interests of its members and assists them in formulating common solutions to be implemented and in coordinating and carrying out the necessary actions. To that end it also acts in liaison with other international associations and organisations, respecting the specific missions and responsibilities of these organisations.

EURELECTRIC identifies and represents the common interests of its members and assists them in formulating common solutions to be implemented and in coordinating and carrying out the necessary actions. To that end it also acts in liaison with other international associations and organisations, respecting the specific missions and responsibilities of these organisations.


This initiative develops many projects and one of them is a project about smart grids, ‘10StepsTosmartGrids’(38). One of this project steps is focused on DSO Ensuring security and reliability of supply for good practices on a regulation environment.

Results White Paper, Events

Comments N/A

URL http://www2.eurelectric.org/

Name EuroSCSIE




Line of action Dissemination and Awareness, Technical.

Participants Academia and R&D, Public bodies, Standardisation bodies

Mission/Objectives The EuroSCSIE aim is from European industry, government, and research to benefit from the ability to collaborate on a range of common issues, and to focus effort and share resource where appropriate. Its main focus is Information Sharing and the expectations are to raise the level of protection adopted across Europe’s SCADA and Control Systems (SCADA/CS).

Among its objectives, we highlight the following ones:

To define a European information exchange system for security-related information about SCADA and control systems.

To share and exchange information using the Traffic Light Protocol.

To cultivate a network of relevant government, industrial and research actors.

To establish the basis for a pan-European system for the exchange of security-related information concerning SCADA and control systems.


Some of the activities carried out by EuroSCSIE related with smart grid include:

Sharing of incidents and good practices

Questionnaire on Control System Cyber-Security (aimed at vendors) 2008/2009

Standards and requirements (e.g. ‘WIB Process Control Domain Security Requirements for Vendors’ (39))

Self Assessment tools (like the one from CPNI UK)

Smart Grids (e.g. Smart Grid Conference in Baarn - 2010)

Results Information exchange, technical report, reference manuals

Comments EuroSCSIE stands for European SCADA and Control Systems Information Exchange

URL sta.jrc.ec.europa.eu/index.php/competitive-projects-/21-scni/8-e-scsie

http://www.cpni.nl/informatieknooppunt/internationaal/euroscsie



Name GEODE

Type Industry association

Line of action Information sharing

Participants DSO

Mission/Objectives Founded in 1991, this association represents more than 600 companies in 12 countries, both privately & publicly owned. GEODE defends the interest of the local distributors in front of energy authorities on national and international level and allows the exchange of expertise, the share of data and competence.

The mission statement of GEODE is to establish equal opportunity access to European energy infrastrutures for all those involved in serving the customer needs on energy, with the aim to create a truly competitive European energy market.


GEODE has created a questionaire where question to stakeholders on issues of energy efficiency, renewable energy sources and energy awareness, and some question about smart grid security

Results Technical report, questionaire

Comments GEODE stands for Groupment Européen des Entreprises et Organismes de Distribution d’Energie (European Group of Energy Distribution Companies and Organizations).

URL http://www.geode-eu.org/

Name PRIME Alliance


Line of action technical

Participants DSO, TSO, Manufacturers

Mission/Objectives The PRIME Alliance provides a forum for the creation of an open, single specification and standard for narrowband power line for smart grid products and services. The mission of the Alliance is to accelerate the demand for products and services based on the worldwide standard and promote the broad adoption and use of the specification while promoting multi-vendor interoperability and compatibility with the global standard.

The main goals are:

To provide a forum for the creation (definition, establishment and support) of an open single specification and standard for



narrowband powerline for SmartGrid products and services;

To accelerate the demand for products and services based on the worldwide standard through the sponsorship of the market and user education programs;

To encourage and to promote broad and open industry adoption and use of such specification; and

To promote PRIME as a global powerline standard and to promote multi-vendor interoperability for markets/equipment and compatibility under the PRIME standard.

The PRIME (PoweRline Intelligent Metering Evolution) specification represents a new public, open and non-proprietary telecommunications architecture which will support present and future AMM functionalities and enable the building of the electricity networks of the future, or smart grids.

PRIME technology uses Orthogonal Frequency Division Multiplexing (OFDM) in CENELEC A-band. The final target of PRIME is to establish a complete set of international standards which will allow for interoperability among equipment and systems from different manufacturers. Thus, competition in the metering market will benefit consumers. Unlike other commercially available solutions, the components of this new architecture (modulation and coding techniques, protocols, data formats, etc.) will not be subject to any Intellectual Property Right. Thanks to PRIME, specifications of an AMM system will be comprehensive and detailed enough so that any new entrant will be able to provide interoperable solutions to the market.

PRIME defines lower OSI layers of a PLC narrowband data transmission system over the electricity grid. The whole system has been designed to be low cost and high performance.


The PRIME protocol specifications includes varoius security profiles. The security functionality provides privacy, authentication and data integrity to the MAC layer through a secure connection method and a key management policy. Several security profiles are provided to manage different security needs, which can arise in different network environments. The current version of the specification enumerates two security profiles and leaves scope for adding up to two new security profiles in future versions.



Results Protocols , standard, technical report

Comments N/A

URL http://www.prime-alliance.org/

Name DLMS User Association


Line of action Standard

Participants DSO, Manufacturers, System provide, Utilities, Public Bodies, Standardisation Bodies

Mission/Objectives The DLMS Use Association is a non-profit organisation, located in Geneva, Switzerland. Its mission is to develop, promote and maintain the DLMS/COSEM specification. It provides an information exchange forum for users, manufacturers and system providers, test houses and standardisation bodies. It also provides a conformance testing and certification scheme for metering equipment implementing the specification. The DLMS UA is formally liased with IEC TC 13 WG 14.

DLMS stands for Distribution Line Message Specification. It is an application layer specification, independent of the lower layers and thus of the communication channel, designed to support messaging to and from (energy) distribution devices in a computer-integrated environment. It is an international standards established by IEC TC 57 and published as IEC 61334-4-41.

COSEM stands for COmpanion Specification for Energy Metering. It is an interface model of communicating energy metering equipment, providing a view of the functionality available through the communication interfaces. The modelling uses an object-oriented approach.

DLMS/COSEM is used in metering systems for electricity, gas, water and heat. Strong and growing interest from all continents provide a positive feedback on the achievement of the objectives set by the DLMS UA. Some countries have already included DLMS/COSEM in their national regulations. Others are considering it.


The DLMS/COSEM specification devotes several sections to privacy, security and non-repudiation of the metering communications.

Results Standard, technical report, protocol



Comments N/A

URL http://www.dlms.com/organization/index.html



3 Belgium

Name Smartgrids Flanders

Type Public body

Line of action R&D, information sharing.


Mission/Objectives Smart Grids Flanders is the driving force behind the deployment of smart grids, not only in Flanders but also abroad. The involvement and participation of members are important, as a good relationship with the government, which determines the rules.

The objective of the Smartgirds Flanders is to establish and suppor a multidisciplinary long-term collaboration across sectors between Flemish smart grid operators, in order to develop, maintain and valorize an international competitive advantage by a large group of Flemish companies (commercial breakthroughs) through differentiated support depending on the breakthrough and collaborative potential of the identified smart grid domains.


Thematic Groups and seminars bring together participants around different themes, where cyber security is an incipient topic. Besides, SmartGrid Flanders organizes several (network) events every year with international speakers and, in order to increase the know-how about smart grids, they distribute a newsletter about Flemish and European projects and initiatives. Finally, SmartGrid Flanders help its members to find the appropriate test infrastructure for their projects.

Results Projects. Theme groupes and seminars. Events. Newsletters. Blogs.

Comments Smart Grids Flanders is continuously seeking for suitable experts to speak.

URL www.smartgridsflanders.be



4 Denmark

Name Second1 - Security concept for DER

Type Project

Line of action Technical, R&D

Participants Manufacturers and Integrators, academia and R&D, security tools and services providers

Mission/Objectives The project objective is to analyze and implement a security concept that can be used in a power system with a high degree of decentralized production and with many actors in an unbundled market. It will also investigate various forms of role based access control (RBAC).


Secure communication is becoming increasingly more relevant in an electricity system with great volumes of distributed energy resources (DER). This project aimed to analyse and implement a security concept that can be used in electricity systems with a high degree of local production and with many players.

The project analysed the needs for communication between energy operators and matched these needs with a design for secure role based access control.

Results Technical reports.

Comments Mar 2010 - Jul 2011

URL http://www.second1.dk/



5 Germany

Name DIN

Type Regular private organisation

Line of action Policy, standardization

Participants All

Mission/Objectives DIN, the German Institute for Standardization, offers stakeholders a platform for the development of standards as a service to industry, the state and society as a whole. A registered non-profit association, DIN has been based in Berlin since 1917.

DIN's primary task is to work closely with its stakeholders to develop consensus-based standards that meet market requirements. Some 26,000 experts contribute their skills and experience to the standardization process. By agreement with the German Federal Government, DIN is the acknowledged national standards body that represents German interests in European and international standards organizations. Ninety percent of the standards work now carried out by DIN is international in nature.

Tasks and objectives of DIN:

Ensuring the participation of all stakeholders regardless of their economic position and language skills.

Promoting the free movement of goods through active involvement in international and European standardization.

Holding the secretariats of international committees.

Adopting European and international standards at national level.

Maintaining the uniformity and consistency of the standards collection.

Actively contributing to consensus building.

Taking legal regulations into consideration.

Providing an electronic infrastructure for standards development.

Avoiding duplication of work.

DIN represents Germany’s standardization interests as a member of the European Committee for Standardization (CEN). DIN holds almost 30% of all CEN working committee secretariats.


DIN has published several papers on ‘Electromobility’(40) systems dealing with the security of the managed data, potential threats and



standards to be followed to avoid such problems.

Another topic covered by this initiative is the roadmap recommendations for standardization, which provides a series of recommendations on IT security and data protection.

Results Standards, reports

Comments Deutsches Institut für Normung or The German Engineering Society

URL http://www.din.de

Name VGB


Line of action Technical, Information sharing

Participants Operators

Mission/Objectives VGB was already founded as the federation of the owners of large boilers. During its course of 80 years VGB has set off a range of activities in own companies. These companies are dealing with:

Training of power plant personnel.

Research activities.

The production and distribution of media.

VGB represents the German power plant operators in the WANO (World Association of Nuclear Operators). VGB’s technical committees on nuclear power plant engineering and operation and nuclear fuel cycle are actively taking part in the world-wide exchange of experience as well as in the analysis of particular events in nuclear power plants. For this purpose, VGB is operating a reporting and evaluation centre (ZMA - Zentrale Melde- und Auswertestelle) to collect, evaluate and forward the occurrences of nuclear power plants.


They have made contributions to the security of smart grid by publishing guidelines and instructions sheets, organising forums and training experts.

One of the most important results is the ‘VGB R175 guideline on IT security for generating plants’(41).

Results Standard, technical reports, good practices, conferences

Comments VGB means Verband der Großkraftwerks-Betreiber.

As an international technical association for power and heat generation VGB is working - on European level - in close co-operation with EURELECTRIC, the umbrella association of the European



electricity industry. Within the framework of a memorandum of understanding association agreement between EURELECTRIC and VGB, VGB's professional competence is integrated into the political/strategic work of EURELECTRIC in all questions regarding the generation of power and heat including issues of environmental protection.

URL http://www.vgb.org



6 Italy

Name ASTROM

Type Project

Line of action Technical

Participants R&D

Mission/Objectives ASTROM Project was funded by European Union FP6 programme.

The main objectives of this project are:

Identification of the boundaries of Control & Data Management Systems (C&DM) in electrical transmission networks.

Determination of the properties of C&DM systems of electrical transmission networks, in particular those relevant for resilience assessment.

Identification of external threats to C&DM system, such as ICT and physical attacks, and vulnerabilities.

Definition of a method and a metric for AoR of C&DM system. The activity will be performed by modeling system behavior.

Evaluation of the framework application to an EU context and dissemination activities. The feasibility of policies and recommendations definition will be investigated in details.


This project aimed to identify, analyze and evaluate the external threats and vulnerabilities applicable to Control & Data Management System in order to define an innovative methodological framework for the quantitative assessment of the resilience (AoR) of Control & Data Management System (C&DM) in electrical transmission network (ETN) towards external threats. The need for such a methodological framework stems from the fact that, although the resilience of this critical system is becoming more important than just securing it, there are not many frameworks covering this topic in a well structured way.

Definition of the architecture, properties, functionalities and Mission requirements of a complex Power System’s C&DM that it is coherent with the majority of the SCADA systems built in Europe;

Definition of a methodology to assess the resilience of a C&DM system for its external threats (physical and ICT threats) at any level (component, subsystem and system level); Development of a software tool to allow improving the previous topics.

Results Technical Paper, Methodology, Software, ASTROM Final Workshop



Comments Mar 2009-Mar 2011

ASTROM stands for Assessment of resilience to Treats of cOntrol and data Management systems of electrical transmission network

URL http://utmea.enea.it/projects/int/#astrom



7 The Netherlands

Name ESNA

Type Asociation

Line of action Dissemination, technical

Participants Manufacturers, DSO, Power Plant, services providers

Mission/Objectives ESNA is an association by Dutch law, established in 2006. The main objective of ESNA is to bring together and form a platform for all those who in one way or another deal with NES technology in their day to day operations.

This initiative promotes the application of advanced energy management systems, including AMR/AMM, based on the NES AMI architecture and its value added chain in order to build and expand the interoperability standard for utility networks. ESNA promotes the change in perspective of the current metering business.


ESNA represents its members by being active in standardisation activities across Europe and the rest of the world to promote the use of open interoperable standards for the smart grid and smart metering. This initiative organizes conferences and workshops to share the technical security aspects and the Network Energy Services (NES) in the smart grid value chain, which goes far beyond metering and invoicing only. It also organices events where the international leaders of both EU and USA have a disscussion depth review of current security and landscape surrounding the Global Emergence of the smart grid initiative. ESNA also does monthly abstracts where certain items are related to cybersecurity in smart grid.

ESNA represents its members in the most important European organizations such as CEN/CENELEC/ETSI or the Smart Grid Task Force.

Results organising various conferences and workshops

Comments ESNA stands for Energy Services Network Association

URL http://www.esna.org

Name Working Group Privacy and Security of Smart Grids of Netbeheer Nederland






Mission/Objectives This initiative is the point of contact for matters affecting the energy market, such as environmental issues, free market performance and security of supply. EnergieNed is the forum in which energy producers consult each other on issues such as the environment and investment conditions, traders consult each other on the functioning of the wholesale market and the integration of European markets, and retailers discuss a wide range of topics varying from stimulation of energy saving to consumer protection.


This working group has written several good guides papers and use a clear example is ‘Privacy and Security of the Advanced Metering Infrastructure(42)’.

Results Information exchange, good practices, technical reports

Comments This working group is very active on this topic on a European level.

URL N/A



8 United Kingdom

Name DECC

Type Public Body

Line of action Standardisation, policy

Participants public bodies

Mission/Objectives Department of Energy and Climate Change is a small department of the United Kingdom government.

The four key priorities of the department are:

Save energy with the Green Deal and support vulnerable consumers: Reduce energy use by households, businesses and the public sector, and help to protect the fuel poor.

Deliver secure energy on the way to a low carbon energy future: Reform the energy market to ensure that the UK has a diverse, safe, secure and affordable energy system and incentivise low carbon investment and deployment.

Drive ambitious action on climate change at home and abroad: Work for international action to tackle climate change, and work with other government departments to ensure that we meet UK carbon budgets efficiently and effectively.

Manage our energy legacy responsibly and cost-effectively: Ensure public safety and value for money in the way we manage our nuclear, coal and other energy liabilities.


DECC is divided into many experts groups and task forces. Some of the most important are the following.

STEG (Smart Meter Design Security Technical Experts Group): This is an advisory group of technical security specialists formed in November 2010 to provide advice and support to the programme on security issues. The STEG membership includes experts from industry and other sectors such as energy suppliers, trade associations, meter manufacturers, system integrators and telecommunications providers. Government is also represented through the Centre for Protection of National Infrastructure, CESG (National Technical Authority for Information Assurance) and technical security specialists working in the programme team. Consumer representatives were also invited to join.

Smart grid policy in the UK: DECC published a vision document, ‘Smarter Grids: the opportunity’ in December 2010. DECC is rolling out Smart electricty and gas meters to all GB homes by 2020.

UK Smart Grid Cyber Security Report: The Energy Networks



Association (ENA) published an independent report into smart grid cyber security on 29 June 2011. The report commissioned by ENA for DECC considered how government and networks should develop a strategy to secure the future UK electricity infrastructure together.

Smart Grids Forum: Identify future challenges for electricity networks and system balancing, including current and potential barriers to efficient deployment of smart grids. Guide the actions that DECC/Ofgem are taking to address future challenges, remove barriers and aid efficient deployment. Identify actions that DECC/Ofgem, the industry or other parties could be taking to facilitate the deployment of smart grids

DECC realized a series of security related report, such as ‘Smarter Grids: the opportunity’(43) and ‘UK Smart Grid Cyber Security Report’(44).

Results N/A

Comments DECC stands for Department of Energy and Climate Change

URL http://www.decc.gov.uk/



9 USA

Name ANSI


Line of action Standard

Participants Standardisation Bodies

Mission/Objectives ANSI was founded on 1918 by five engineering societies and three government agencies; the Institute remains a private, non-profit membership organization supported by a diverse constituency of private and public sector organizations.

ANSI accredits standards that are developed by representatives of standards developing organizations, government agencies, consumer groups, companies, and others. These standards ensure that the characteristics and performance of products are consistent, that people use the same definitions and terms, and that products are tested the same way.


ANSI has develop and standard series related to smart grid:

ANSI C12.18: used for two-way communications with an electricity meter, mostly used in North American markets.

ANSI C12.19: This includes encryption, authentication, credential management (through the security tables in Decade4)

ANSI C12.22: security and authentication services, combined with the event logger of ANSI C12.19.

Results Stasndards

Comments ANSI stands for American National Standard Institute

URL http://www.ansi.org/

Name NERC


Line of action Standards, Dissemination and Awareness, Technical

Participants Manufacturers and Integrators, Security Tools and services providers, Operators, Public bodies, Standardisation bodies

Mission/Objectives NERC was founded in 1968 by the electric utility industry to develop and promote rules and protocols for the reliable operation of the bulk power electric transmission systems of North America.



The North American Electric Reliability Corporation’s (NERC) mission is to ensure the reliability of the North American bulk power system. NERC is the electric reliability organization (ERO) certified by the Federal Energy Regulatory Commission to establish and enforce reliability standards for the bulk-power system.

Among other activities, NERC:

Works with the industry to develop reliability standards

Enforces compliance with those reliability standards and assesses monetary and non-monetary penalties for noncompliance.

Assesses future bulk power system reliability via annual summer, winter and 10-year forecasts.

Analyzes system events.

Promotes a culture of excellence by identifying areas for improvement and Examples of Excellence during regular ‘readiness’ evaluations.

Monitors the status of the bulk power system.

Coordinates physical and cyber security needs.

Identifies trends and potential reliability issues.

Helps the industry train and educate system operators.

Certifies system operators.


NERC has developed the NERC-CIP Standards, a nine documents series about security and cyber security aspects of the Bulk Electric System in the USA. Two new documents are being developed.

Based on these documents, NERC provides specific guidelines and concept papers. This is the case of the ‘Categorization system based on Bulk Electric System Reliability Functions’ (45).

Inside de NERC there are some working groups related to smart grid security such as:

NERC SGTF (Smart Grid Task Force)(46): Their work review smart grid characteristics, identifies reliability concerns including cyber-security vulnerability, and provides recommendations to NERC and to the industry.

NERC SGWG (Smart Grid Working Group) (47): NERC SGWG is tasked to review existing and new CIPC initiated security guidelines and coordinate their development with electric industry personnel and committees and to promote awareness and application of these guidelines.

Results Technical reports, Regulatory documents



Comments North American Electric Reliability Corporation

URL http://www.nerc.com

Name NIST

Type Public body

Line of action Organizational and Policy, Standards, Dissemination and Awareness, Economic or Financial, Technical

Participants Public bodies

Mission/Objectives NIST, an agency of the U.S. Department of Commerce, was founded in 1901 as the nation's first federal physical science research laboratory

Its mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

NIST is one of the most important standardisation organizations in the USA. They have developed several standards on ICS security. We highlight the following ones:

NIST SP 800-82, Guide to Industrial Control Systems (ICS) Security (48).

NIST SP 800-53, Recommended Security Controls for Federal Information Systems (49).

Field Device Protection Profile for SCADA Systems in Medium Robustness Environments.

NIST has also defined a security smart grid workgroup to develop an overall cyber security strategy for the smart grid. This overall strategy includes a risk mitigation strategy to ensure interoperability of solutions across different domains/components of the infrastructure. This group has created the following document of interest:

NIST IR 7176, System Protection Profile – Industrial Control Systems (50).


NIST has also defined a security smart grid workgroup to develop an overall cyber security strategy for the smart grid. This overall strategy includes a risk mitigation strategy to ensure interoperability of solutions across different domains/components of the infrastructure. This group has created the following document of interest:

NISTIR 7628, Guidelines for Smart Grid Cyber Security (51).



NIST works together other groups:

NIST ASAP-SG(52): The goal of this group is to develop system-level security requirements for smart grid applications such as advanced metering, third-party access for customer usage data, distribution automation, home area networks, synchrophasors, etc. NIST ASAP-SG was responsible for developing ‘AMI Security Profile v2.0’ (53) and ‘AMI security implementation Guide’ (54), documents directly related to smart grid.

NIST Smart Grid Federal Advisory Commitee(55): The Committee provides input to NIST on the smart grid standards, priorities and gaps, and on the overall direction, status and health of the smart grid implementation by the smart grid industry including identification of issues and needs. Input to NIST will be used to help guide Smart Grid Interoperability Panel activities and also assist NIST in directing research and standards activities.

NIST initiated in 2009 the Smart Grid Interoperability Panel (SGIP) to carry out a variety of tasks related to the development of a smart grid framework for interoperability and cybersecurity standards. It plays a leadership role in facilitating and developing the national policy for the transformation of the power system to the smart grid. The SGIP supports NIST in fulfilling its responsibilities under the 2007 Energy Independence and Security Act

The SGIP has several priority-specific committees and working groups.

Smart Grid Architecture Committee (SGAC) (56): Maintains a conceptual reference model for the smart grid and develops corresponding high-level architectural principles and requirements. It is responsible for creating and refining a conceptual reference model, including lists of the standards and profiles necessary to implement the vision of the smart grid. It has developed a new reference framwork for the smart grid.

Smart Grid Testing and Certification Committee (SGTCC): Creates and maintains the necessary framework for compliance, interoperability and cyber security testing and certification for recommended smart grid standards.

Cyber Security Working Group (CSWG) (57): Identifies and analyzes security requirements and develops a risk mitigation strategy to ensure the security and integrity of the smart grid. It was formerly known as the Cyber Security Coordination Task Group (CSCTG) (58). This group has developed the document ‘NIST IR 7628’ (51).

It was formerly known as the Cyber Security Coordination Task Group



(CSCTG) and was founded by NIST and SGIP organizations. The primary goal of this group is to develop an overall cyber security strategy for the smart grid that includes a risk mitigation strategy to ensure interoperability of solutions across different domains/components of the infrastructure. NIST SGIP/CSWG developed the document ‘NIST IR 7628’ (51).

Priority Action Plans (PAPs) (59): Currently totaling 16, PAPs address specific standards-related gaps and issues for which resolution is most urgently needed. New PAPs are added as necessary.

Domain Expert Working Groups (DEWGs)(60): DEWGs perform analyses and provide expertise in specific application domains. There are seven specific application domains. DEWG is organized by smart grid domains. The six DEWGs are: transmission and distribution, building to grid, industry to grid, home to grid, business and policy, and a cross-cutting cyber security coordination task group.

Results Technical reports, Standards, good practices

Comments National Institute for Standards and Technology

URL http://www.nist.gov

Name FERC- NARUC smart response collaborative

Type Specialized event

Line of action Policy and standard

Participants Public bodies (Federal and State Regulators (USA))

Mission/Objectives The mission of the FERC-NARUC Collaborative on Smart Response is to provide a forum for Federal and State Regulators to discuss Smart Grid and Demand Response policies, share best practices and technologies, and address issues that benefit from State and Federal collaboration.

Educate Commissioners and staff on Smart Grid and Demand Response in order to promote better Smart Grid and Demand Response regulatory decisions and policy.

Promote consistency across State policies and awareness of State and Federal policy; coordinate and harmonize policies and procedures where possible.

Promote Federal and State regulatory dialogue and cooperation.

Provide a forum for consumer perspective and to shape the Smart Grid and Demand Response value proposition to ensure that the policies benefit consumers.



Create a forum for communication to and with stakeholders-signaling areas of regulatory interest.

Compile research where needed and communicate best practices.

Gather updates from other Federal agencies working on related issues.


This initiative makes a series of reference guides, providing support for members to have key knowledge about the smart grid. Note that in addition to reference guides also make webinar where one of his themes is the security and privacy. The reference guides in a matter of security are still not published but the volume of privacy is now available.

Projects under this collaborative union must explain how the project will address cyber security and must highlight cybersecurity attributes.

Results Technical reports, webinar

Comments FERC-NARUC stands for Federal Energy Regulatory Commission - National Association of Regulatory Utility Commissioners

URL http://www.naruc.org/Ferc/default.cfm?c=3

Name GridWise alliance


Line of action Organization, standards, technical

Participants All the stakeholders.

Mission/Objectives Founded in 2003, they have developed into an organization that represents a broad range of the energy supply chain from utilities to large tech companies to academia to venture capitalists to emerging tech companies. This variety of stakeholders gives the Alliance a unique diversity of perspectives which enables interactive dialogue between members.

Their main mission its transform the electric grid to archive a sustainable energy future.


GridWise alliance works specially on smart grid. They have been created a cyber security division to study the problems of US’ grid.

The five key principles endorsed by the Alliance for cyber security are:

1. Involve all stakeholders and take full advantage of and be aligned with existing recognized processes and work.



2. Utilize a comprehensive risk management approach.

3. Provide clarity to all stakeholders.

4. Construct a cyber security framework that is focused specifically for electric grid applications.

5. Create and adopt uniform verification and test procedures for standards and guidelines.


Comments N/A

URL http://www.gridwise.org/gridwisealli_about.asp

Name NEMA

Type Standards

Line of action Standards, dissemination and awareness

Participants Manufacturers

Mission/Objectives National Electrical Manufacturers Association (NEMA)(61) was founded on 1926 and it is the trade association of choice for the electrical manufacturing industry.

NEMA promotes the competitiveness of the U.S. electrical product industry through the development of standards, advocacy in federal and state legislatures and executive agencies, and the collection and analysis of economic data.

NEMA members are leading the way in smart grid technologies by encouraging investment in the national electricity grid and developing new product standards.


The NEMA’s objectives for Cyber Security in smart grid are twofold:

the risk to business operations from security breaches

the risk to product development and marketing as the federal government adopts preventive measures.

The NEMA member companies agree that first and foremost, security must be part of the design consideration for any smart grid component (and its corresponding interactions with other grid elements) from its inception (62).

Results Technical reports, Standards and policies

Comments NEMA stands for National Electrical Manufacturers Association

URL http://www.nema.org/gov/energy/smartgrid/index.cfm



Name NESCOR - Annual Conference & workshops

Type Specialized event

Line of action Dissemination and Awareness, training and education


Mission/Objectives Its primary purpose is to:

Bring together a broad spectrum of industry stakeholders to meet face to face with the EPRI led National Electric Sector Cyber Security Organization Resources team to discuss the critical cyber security and data privacy issues facing the electric sector

Share the research results already achieved by the three technical working groups of the National Electric Sector Cyber Security Organization Resources with the industry

Review the 12-month project plan for the National Electric Sector Cyber Security Organization Resources in each of the three technical working groups to make changes, modifications, and additions with input from the industry participants

Accelerate the technical deliberations of the three working groups by having focused round table exercises in the breakout sessions between the National Electric Sector Cyber Security Organization Resource team and the industry participants

Provide DoE a written report on the key findings from the Summit including the 12-month National Electric Sector Cyber Security Organization Resources project plan


NESCOR have defined three technical working groups to do their jobs:

Cyber security Requirements & Standards Assessment Group

Cyber security Technologies Testing & Validation Group

Threat & Vulnerability Assessment & Mitigation

The three Working Groups will focus their R&D efforts in Year 1 on securing the following 6 critical grid functions end-to-end:

1. Advanced Metering Infrastructure

2. Demand Response

3. Electric Transportation

4. Distributed Energy Resources



5. Distribution Grid Management

6. Wide Area Monitoring, Protection & Control

Results Annual conference and workshops, Advisories, Technical reports(63)

Comments National Electric Sector Cyber Security Organization Resources

URL http://www.cvent.com/events/nescor-annual-conference-workshops/event-summary-ff2fb887488c4af1aa572813885fd034.aspx

Name TIA

Type Industrial association

Line of action Policy, standard, dissemination and awareness

Participants Manufacturers, security tools and services providers

Mission/Objectives Telecommunications Industry Association (TIA) was formally formed in April 1988 after a merger of USTSA and the Information and Telecommunications Technologies Group of EIA

The Telecommunications Industry Association is the leading trade association representing the global informationand communications technology (ICT) industries through :

Standards Development

Government Affairs

Market Intelligence


TR-51 Smart Utility Networks Standards Working Group develops and maintains air-interface, network, and conformance standards in support of Smart Utility Networks. The committee will focus on air-interface and network standards with wireless mesh network topology, optimized for Smart Utility Network applications. TR-51 liaises with other TIA committees, international and national standards bodies, and other appropriate organizations, as required, to avoid duplication of work and to foster collaboration among organizations addressing various aspects of smart device communication networks.

TR45.5 has been participating in the Smart Grid Interoperability Panel’s (SGIP) Priority Action 2 (Wireless Technologies for Smart Grid) since early 2010, which is in charge of doing a new standard.

Results Standard

Comments Telecommunications Industry Association

URL www.tiaonline.org



10 International

Name CIGRE, Study Commitees B5 and D2


Line of action Organizational and Policy, Standards, Economic or Financial, Technical, Information sharing

Participants Manufacturer or Integrator, DSO, TSO, Academia and R&D

Mission/Objectives CIGRE (International Council on Large Electric Systems) is a permanent international, non government, non-profit-making Association, founded in France, in 1921. Its aim is to develop and distribute technical knowledge in the field of the generation and transmission of high voltage electricity. CIGRE deals with all the main themes of the field of electricity, i.e. organisation of utilities, development and adaptation of grids, optimisation of maintenance and life expectancy of electrical equipment, as well as the analysis of the impact on the environment, etc.


Study Committee B5 (SC B5) mission is to facilitate and promote the progress of engineering and the international exchange of information and knowledge in the field of protection and automation and also to add value to this information and knowledge by means of synthesising state-of-the-art practices and developing recommendations. Study committee B5 covers principles, design, applications, coordination, performance and asset management of system protection, substation control and automation, remote control systems and equipment and metering systems.

Study Committee D2 (SC D2) covers the specification, design, engineering, performance, operation, maintenance, economic and management aspects of the Information and the Telecommunication systems in the EPI both for operational and business activities, as well as the different devices, media and networks to support all that services: speech, data, video, internet, specialised signalling for teleprotection, SCADA, EMS, DSM. It also covers security aspects of related Information Systems and Telecommunications.

The results are published as technical reports and summarised in the bi-monthly CIGRE journal, ELECTRA. Some of its articles are related to security in ICS environments. i.e.: ‘The Impact of Implementing Cyber Security Requirements using IEC 61850’(2).

Results Technical Reports

Comments International Council on Large Electric Systems

URL http://www.cigre-b5.org/

http://www.cigre-d2.org/



Name ITU, ITU-T FG on Smart Grid


Line of action Policy, standards, technical


Mission/Objectives ITU (International Telecommunication Union) is the United Nations specialized agency for information and communication technologies.

In February 2010, the Telecommunication Standardization sector of the ITU, ITU-T, established a Focus Group on Smart Grids (FG Smart).

The Focus Group aims to:

Identify potential impacts on standards development.

Investigate future ITU-T study items and related actions.

Familiarize ITU-T and standardization communities with emerging attributes of smart grid.

Encourage collaboration between ITU-T and smart grid communities.

The objective of this group is to collect and document ideas that would be helpful for developing recommendations to support the smart grid from a telecommunication/ICT perspective. To achieve this objective, the Focus Group:

Updates living list of standards bodies, forums, and consortia dealing with smart grid.

Collects visions and value propositions for the smart grid.

Provide terminology and taxonomy necessary to support smart grid.

Analyzes communication networking requirement functions and capabilities to support smart grid.

Gathers new ideas relevant to and identify potential study areas to support smart grid.

Identifies use cases of smart grid that can be used to derive communication network requirements.

Suggests future itu-t study items and related actions.

Identifies potential impacts on standards development.

The Focus Group interacts with the various research activities in order to familiarize ITU-T and standardization communities with the emerging attributes of smart grid.

Activities related to FG on Smart Grid identifies security and privacy issues that might impact standards development. To this regard they have been



smart grid security working on a deliverable which analyses communications networking requirement functions and capabilities to support smart grid, including security and reliability aspects.

Results Technical Reports, standards, good practices.

Comments Focus Group on Smart Grid concluded in Decemer 2011

URL http://www.itu.int/en/ITU-T/focusgroups/smart/Pages/Default.aspx

Name IEC, TC 8, TC 57 and JTC1/SC27


Line of action Standards, Technical

Participants Standardization bodies

Mission/Objectives The International Electrotechnical Commission (IEC) is the world’s leading organization that prepares and publishes International Standards for all electrical, electronic and related technologies.

IEC provides a platform to companies, industries and governments for meeting, discussing and developing the International Standards they require.

All IEC International Standards are fully consensus-based and represent the needs of key stakeholders of every nation participating in IEC work. Every member country, no matter how large or small, has one vote and a say in what goes into an IEC International Standard.

The IEC develops a lot of standards and technical reports, alone or in collaboration with other organizations like ISO, on security and other technical aspects.

IEC has several groups working for the implementation of security measures in ICS and smart grid environments. The following points highlight the most important ones:

IEC TC 8 prepares and coordinates, in cooperation with other TC/SCs, the development of international standards and other deliverables with emphasis on overall system aspects of electricity supply systems and acceptable balance between cost and quality for the users of electrical energy. Electricity supply system encompasses transmission and distribution networks and connected user installations (generators and loads) with their network interfaces.

IEC TC 57 develops and maintains international standards for power systems control equipment and systems including EMS (Energy Management Systems), SCADA (Supervisory Control And Data Acquisition), distribution automation,



teleprotection, and associated information exchange for real-time and non-real-time information, used in the planning, operation and maintenance of power systems.

On the other hand, the Joint Technical Committee ISO/IEC JTC 1 of ISO and IEC is a standardization committee which main objective is the creation of standards for general methods and techniques in the area of information security.


IEC TC 8 WG AHG 4 works in smart grid requirements including electrical system reliability (e.g. system security), as well as in communication security, metering, etc.

IEC TC 57 WG 15 undertakes the development of standards for security of the communication protocols defined by the IEC TC57, specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series.

ISO/IEC JTC1/SC27 includes the development of standards for the protection of information and ICT, including generic methods, techniques and guidelines to address both security and privacy aspects.

Some of the most relevant documents on ICS security of IEC are:

IEC 62351 series, Data and communication security (3),(4), (5),(6),(7),(8) and(9).

IEC 62210, Power system control and associated communications. Data and communication security (10).

Results Standards, technical reports

Comments IEC stands for International Electrotechnical Commission

URL https://www.iec.ch

Name IEEE, WGC1, WGC6, E7.1402 and other

Type Professional association



Mission/Objectives IEEE is the world’s largest professional association dedicated to advancing technological innovation and excellence for the benefit of humanity. IEEE and its members inspire a global community through IEEE's highly cited publications, conferences, technology standards, and professional and educational activities. In this way, the IEEE develops standards and technical reports on security and other technical-related aspects.

http://www.iec.ch/

http://www.iec.ch/



Name ISA, ISA99 and ISA67

Type Professional association

Line of action Dissemination and awareness, standards, and education and training

Participants All Stakeholders

Mission/Objectives The International Society of Automation (ISA) is a leading, global, non-profit organization that is setting the standard for automation by helping over 30,000 worldwide members and other professionals solve difficult technical problems, while enhancing their leadership


The IEEE is divided into several technical committees. One of the most important is the standardization technical committee. This Committee includes several work groups that are devoted to defining security measures for ICS and smartgGrid environments. Some of the most important workgroups are:

IEEE WGC1 - Application of Computer-Based Systems: This group has been responsible for the document ‘1686-2007 IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities Active Standard’ (11).

IEEE WGC6 - Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links: This group has been in charge of the document ‘1711-2010 IEEE Trial-Use Standards for a Cryptographic Protocol for Cyber Security of Substation Serial Links’ (12).

IEEE E7.1402 - Physical Security of Electric Power Substations: Responsible for the treatment of all matters related to the secure operation of electrical substations with respect to outside intrusions into the substation. This group has developed the document ‘1402-2000 IEEE Guide for Electric Power Substation Physical and Electronic Security’ (13).

Another technical committee which makes studies on security is the IEEE Power & Energy Society (14) who is responsible for Smart Grid Forum(15). It is worth highlighting workgroup IEES PSACE CAMS (Power System Analysis, Computing, and Economics) (Computing and Analytical Methods Subcommittee). The focus of the workgroup is the cyber security of electric power infrastructures (16).

Results Standards, technical reports, conferences, educational and training activities

Comments IEEE stands for Institute of Electrical and Electronics Engineers

URL http://www.ieee.org/

http://www.ieee.org/





and personal career capabilities.

ISA’s mission is to become the standard for automation globally by certifying industry professionals; providing education and training; publishing books and technical articles; hosting conferences and exhibitions for automation professionals; and developing standards for industry.

Some of the ISA objectives are to develop and establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure industrial automation and control systems and security practices and assessing electronic security performance.


The ISA is involved in the development of standards and technical reports about ICS security and smart grid security.

The purpose of the ISA99 committee is to develop and establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure industrial automation and control systems and security practices and assessing electronic security performance, such as ISA99 standard (17) series.

The ISA67 16WG5 is in charge of organizing the cyber security for the nuclear power industry (18).

Results Standards, technical reports, good practices, events

Comments It is not necessary to be a member of ISA in order to be a member of an ISA committee.

URL http://www.isa.org/

Name UCA International Users Group


Line of action Organizational and Policy, Standards, Information sharing.

Participants Manufacturers, Integrators, Security tools and services providers, Operators.

Mission/Objectives The UCA International Users Group is a not-for-profit corporation focused on assisting users and vendors in the deployment of standards for real-time applications for several industries with related requirements. The Users Group does not write standards, however works closely with those bodies that have primary responsibility for the completion of standards (notably IEC TC 57: Power Systems Management and Associated Information Exchange).

The UCAIug as well as its member groups (CIMug, Open Smart Grid,



and IEC 61850) draws its membership from utility user and supplier companies. The mission of the UCA International Users Group is to enable integration through the deployment of open standards by providing a forum in which the various stakeholders in the energy and utility industry can work cooperatively together as members of a common organization to:

Influence, select, and/or endorse open and public standards appropriate to the energy and utility market based upon the needs of the membership.

Specify, develop and/or accredit product/system-testing programs that facilitate the field interoperability of products and systems based upon these standards.

Implement educational and promotional activities that increase awareness and deployment of these standards in the energy and utility industry.

Influence and promote the adoption of standards and technologies specific to the ever-increasing smart grid initiatives worldwide.


UCAIug works in security and in other aspects through its member groups. For instance, the Open Smart Grid sub-technical committee is responsible for developing security guidelines, recommendations, and good practices for AMI system elements. This group fosters enhanced functionality, lower costs and speed market adoption of Advanced Metering networks and Demand Response solutions through the development of an open standards-based information/data model, reference design & interoperability guidelines.

There are several task forces inside the UCA Ineternational Users Group dealing to some extent with the security of smart grid componentes and architectures. These are the following:

Usability Analysis Task Force

CyberSec-Interop Task Force

AMI-SEC Task Force

Embedded Systems Security Task Force

Among them, the AMI-SEC Task Force is the most directly related to smart grid cyber security aspects. This task force was established August 2007 to develop consistent security guidelines, recommendations, and best practices for AMI system elements as well as on design specifications. Moreover it tries to support vendors to produce compliant and compatible security technologies. It also provides a focus point for industry discussions on security aspects related to AMI.



Open Smart Grid subcommittee have four Working Groups. SG Security is the charged on provide and study the security on the smart grid.

Results Standards, guidelines.

Comments N/A

URL http://www.ucaiug.org

Name Zigbee Alliance


Line of action Standard, Technical


Mission/Objectives The ZigBee Alliance is a non-profit industry consortium of leading semiconductor manufacturers, technology providers, OEMs and end-users worldwide. Members aim at defining a global specification for interoperable, cost-effective, low-power wireless applications based on the IEEE 802.15.4 standard. Current membership is about 200 and includes both heavyweights (such as Siemens and Texas Instruments) and small start-ups.

The goal of the ZigBee Alliance is to create an open specification defining mesh and tree network topologies with interoperable application profiles for wireless control systems. Its focus is clearly on standards-based, low-cost, low-power, and low-data rates applications. Means to certify products are also within the scope of the ZigBee Alliance.

Zigbee is envisioned as a promising technology in home automation, due to the technical characteristics that differentiate it from other technologies:

Its low power consumption.

Its mesh network topology.

Easy integration (nodes can be manufactured with very little electronics).


Zigbee Alliance is working on a communication method based on wireless technology. Low cost and low power have done Zigbee an ideal protocol in industrial automation. The Zigbee Alliance works on the definition of the security mechanism implemented in the protocol definition.

Results Standards, technical Report

Comments N/A



URL www.zigbee.org



11 Other web 2.0 initiatives

Name Smart Grid Network

Type Online resource (Social Network)

Line of action Information sharing, dissemination and awareness, training and education

Participants Manufacturer or Integrator, Security tools and services Provider, DSO, TSO, Retail Energy Provider

Mission/Objectives The goal of Smart Grid Network is to accelerate the pace of smart grid deployment by promoting dialog and information exchange among stakeholders and connecting interested consumers with solution providers.

The site helps consumers understand how a smarter grid can empower them to better manage their energy usage and identify trusted solution providers. Solution providers, big companies and small start-ups alike, will be able to get the message out about their innovative solutions to interested customers around the globe.

Smart Grid Network has two components; information from authorized content providers on smart grid initiatives in a state or country and a Facebook-style social network allowing:

Consumers, solution providers and enablers to communicate on issues of interest.

Individuals to develop a network of trusted advisors for identifying and selecting smart grid solutions.

Countries, states, and communities to highlight smart grid projects and attract best of class solutions suitable for their local requirements.

Utilities to learn about their customers’ needs, expectations and demands; and inform customers of new offerings.

Universities and research centres to highlight ongoing smart grid research and education programs.

Solutions providers to advertise their products and services.

Smart Grid Network, Inc. launched this site on October 18, 2011, with a pilot test for Illinois (US) and is now expanding to other states and countries.


This site provides information on security and privacy related issues affecting the smart grid.

Results Articles and discussions

Comments Social network project



URL http://www.smartgrid.com/

Name Smart grid security

Type Online Resource



Mission/Objectives The Smart Grid Security group is intended to facilitate the exchange and discussion of ideas and concepts around the implementation of smart applications and communications technology within the electric power system.


All exposed in Mission/Objectives

Results N/A

Comments N/A

URL http://www.linkedin.com/groups?home=&gid= 1842898&trk=anet_ug_hm&goback=.gdr_1332346537283_1

Name Smart Grid Cyber Security (Exclusive Forum & Networking Group)



Participants DSO, TSO, Security tools and services Provider

Mission/Objectives The Smart Grid Cyber Security group is an exclusive members-community, that’s brings together professionals from across the International Smart Grid/Utilities sector involved with ‘Cyber and Critical Infrastructure’ security. This community extends to both those security professionals from within the Utilities Sector and their IT security partners and vendors.

The objective of this group is to create a forum for its members to discuss, share ideas, best practices, trends, strategies and create a common community voice to further understand the dynamics surrounding the global emergence of smart grid initiative and its security risks.



Results Forum



Comments N/A

URL http://www.linkedin.com/groups?home=&gid= 4149740&trk=anet_ug_hm&goback=.gdr_1332346537283_1

http://www.smartgridcybersecurity.co.uk

Name Energy Sector, Smart Grid, and Smart Meter Security




Mission/Objectives The Smart Grid initiative is perhaps the single largest worldwide technological project mankind will ever witness. The design, implementation, and maintenance of a secure system will be of paramount importance in assuring success.



Results N/A

Comments It is mainly a discussion forum, where experts hare their opinion on trending topics regarding cyber security.

URL http://www.linkedin.com/groups?about=&gid= 2693507&trk=anet_ug_grppro

Name European Smart-Grid Cyber-Security Forum



Participants N/A

Mission/Objectives The European Smart-Grid Cyber-Security Forum aims to provide a much needed professional and open space for discussions, knowledge sharing, innovation and ideas around Cyber-Security aspects for Smart-Grids and Smart-Grid projects in Europe. It intends to attract knowledge and expertise from anyone who has an insight and experience in this exciting new industry.

All credible candidates are welcome to join and participate, either individuals or organisations such as smart-energy/grid equipment manufacturers, research organisations, consultancies, systems integrators, security advisories, national regulatory bodies, telecoms



providers, etc.

The ultimate objective being to foster and provide a centre of excellence, collective balanced guidance and direction to all countries and projects in Europe embarking on or already on their journey towards Smart-Grids.



Results N/A

Comments N/A

URL http://www.linkedin.com/groups?about=&gid= 3847044&trk=anet_ug_grppro



12 Bibliography

1. European Network and Informations Security Agency (ENISA). Protecting Industrial Control Systems - Recommendations for Europe and Member States. 2011.

2. CIGRÉ. The Impact of Implementing Cyber Security Requirements using IEC 61850. s.l. : CIGRE Publication 427, 2010.

3. International Electrotechnical Commission (IEC). IEC TS 62351-1: Power systems management and associated information exchange – Data and communications security. Part 1: Communication network and system security – Introduction to security issues. International Electrotechnical Commission. 2007.

4. —. IEC TS 62351-2: Power systems management and associated information exchange – Data and communications security – Part 2: Glossary of terms. International Electrotechnical Commission. 2008.

5. —. IEC TS 62351-3: Power systems management and associated information exchange – Data and communications security – Part 3: Communication network and system security – Profiles including TCP/IP. International Electrotechnical Commission. 2007.

6. —. IEC TS 62351-4: Power systems management and associated information exchange – Data and communications security – Part 4: Profiles including MMS. International Electrotechnical Commission. 2007.

7. —. IEC TS 62351-5: Power systems management and associated information exchange – Data and communications security – Part 5: Security for IEC 60870-5 and derivatives. International Electrotechnical Commission. 2009.

8. —. IEC TS 62351-6: Power systems management and associated information exchange – Data and communications security – Part 6: Security for IEC 61850. International Electrotechnical Commission. 2007.

9. —. IEC TS 62351-7: Power systems management and associated information exchange – Data and communications security. Part 7: Network and system management (NSM) data object models. International Electrotechnical Commission. 2010.

10. —. IEC TR 62210: Power system control and associated communications – Data and communication security. 2003-05.

11. Institute of Electrical and Electronics Engineers (IEEE). WGC1 - Application of Computer-Based Systems. s.l. : http://standards.ieee.org/develop/wg/WGC1.html, 2007.

12. —. WGC6 - Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links. s.l. : http://standards.ieee.org/develop/wg/WGC6.html, 2010.

13. —. E7.1402 - Physical Security of Electric Power Substations. s.l. : http://standards.ieee.org/develop/wg/E7_1402.html, 2000.

14. —. IEEE Power & Energy Society. [Online] http://www.ieee-pes.org.



15. —. IEEE-PES Smart Grid Forum. [Online] tp://www.ieee-pes.org/smart-grid-forum.

16. —. IEEE PES Computer and Analytical Methods SubCommittee. [Online] 2000. http://ewh.ieee.org/cmte/psace/CAMS_taskforce.html.

17. International Society of Automation (ISA). ISA99 Committee - Home. [Online] http://isa99.isa.org/ISA99 Wiki/Home.aspx.

18. —. LISTSERV 15.5 - ISA67-16WG5. [Online] http://www.isa-online.org/cgi-bin/wa.exe?A0=ISA67-16WG5.

19. Commission of the European communities. Communication from the commission to the European parliament. Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience. 2009.

20. European Commision. M/441: . http://www.cen.eu/cen/Sectors/Sectors/Measurement/Documents/M441.pdf : s.n., 2009.

21. CEN/CENELEC/ETSI. CEN/CLC/ETSI/TR 50572. Functional reference architecture for communications in smart metering systems. s.l. : ftp://ftp.cen.eu/cen/Sectors/List/Measurement/Smartmeters/CENCLCETSI_TR50572.pdf, 2011.

22. Commission of the European communities. Communication from the commission to the European parliament, the European economic and social commitee and the commitee of the regions. Achievements and next steps: towards global cyber-security. COM(2011) 163. 2011.

23. —. Communication from the commission to the european parliament, the council, the european economic and social committee and the committee of the regions. COM(2011) 202 final. 2011.

24. DG-INFSO Expert Group on the security and resilience of Communication networks and Information systems for Smart Grids. Programme of Work. s.l. : https://resilience.enisa.europa.eu/security-and-resilience-of-communication-networks-and-information-systems-for-smart-grids/program-of-work/draft-final-version-pow/at_download/file, 2011.

25. Task Force Smart Grids. Expert group 2. Regulatory recommendations for data safety, data handling and data protection. s.l. : http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/expert_group2.pdf, 2011.

26. Elvire. [Online] 2011. http://www.elvire.eu/.

27. CORDIS Services. AFTER. [Online] 2011. http://cordis.europa.eu/search/index.cfm?fuseaction=proj.document&PJ_LANG=EN&PJ_RCN=12231422.

28. The OPEN meter Consortium. Open Meter. [Online] 2009. http://www.openmeter.com/.

29. Aretmis. Internet of Energy. [Online] 2011. http://www.artemis-ioe.eu/.



30. O.Vermesan, R.Zafalon, K.Kriegel, R.Mock, R.John, M.Ottella, P.Perlo. Internet Of Energy pag:33. Advance Microsystems for Automotive Applications 2011. [Online] http://books.google.es/books?id=Qt7HDlzmrhsC&pg=PA33&lpg=PA33&dq=Internet+of+Energy+%E2%80%93+Connecting+Energy+Anywhere+Anytime&source=bl&ots=KlFXHWQYEA&sig=YDjZYgFqAevFtfWL6tuFqJxIKOo&hl=es&sa=X&ei=arVdT6mDIuem0AW9v9zWDQ&ved=0CIUBEOgBMAY#v=onepage&q=Int.

31. European Technology Platform SmartGrids. Strategic research agenda for Europe’s electricity networks of the future. s.l. : http://www.smartgrids.eu/documents/sra/sra_finalversion.pdf, 2007.

32. European Commission. Directorate-General for Energy. Standardization Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deployment. M/490. s.l. : http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/2011_03_01_mandate_m490_en.pdf.

33. Commission of the European communities. Commission staff working document definition, expected services, functionalities and benefits of smart grids SEC(2011)463. 2011.

34. ENTSOE. WG European operational standards. [Online] https://www.entsoe.eu/system-operations/working-groups/wg-european-operational-standards/.

35. —. ENTSOE Working Group System Protection. [Online] https://www.entsoe.eu/system-operations/working-groups/wg-critical-system-protection/.

36. —. WG Electronic Highway. [Online] https://www.entsoe.eu/system-operations/working-groups/wg-electronic-highway/.

37. ESMIG. External Activities, ESMIG. [Online] http://www.esmig.eu/about-us/smart-meter-coordination-group-sm-cg-new.

38. EUROELECTRIC. 10 Steps to Smart Grid. [Online] 2010. http://www.eurelectric.org/10StepsTosmartGrids/.

39. International Instruments Users' Association (WIB). Process control domain - Security requirements for vendors. EWE (EI, WIB, EXERA). 2010.

40. DIN. Electromobility. [Online] 2011. http://www.naautomobil.din.de/cmd?contextid=naautomobil&bcrumblevel=1&subcommitteeid=118124005&projid=149029465&level=tpl-proj-detailansicht&committeeid=54738955&languageid=en.

41. VGB. VGB-R.175 IT-Sicherheit für Erzeugungsanlagen . s.l. : http://www.vgb.org/shop/r175.html, 2006.

42. Netbeheer Nederland. Privacy and Security Advance Metering Infraestructure. Apendix A. s.l. : http://www.energiened.nl/_upload/bestellingen/publicaties/356_320006%20-%20PS%20M%20StakeholderAnalysis.pdf, 2010.



43. DECC. Smarter Grids: The Opportunity. s.l. : http://www.decc.gov.uk/assets/decc/what%20we%20do/uk%20energy%20supply/futureelectricitynetworks/1_20091203163757_e_@@_smartergridsopportunity.pdf, 2009.

44. KEMA and ENA. UK Smart Grid Cyber Security Report. http://ses.jrc.ec.europa.eu/. [Online] 2011. http://energynetworks.squarespace.com/storage/UK Smart Grid Cyber Security Report.pdf.

45. North American Electric Reliability Corporation (NERC). Categorizing Cyber Systems. An Approach Based on BES Reliability Functions. Cyber Security Standards Drafting Team for Project 2008-06 Cyber Security Order 706. 2009.

46. SGTF. Smart Grid Task Force. [Online] http://www.nerc.com/filez/sgtf.html.

47. SGWG. Smart Grid Working Groups. [Online] 2011. http://www.nerc.com/filez/sgwg.html.

48. National Institute of Standards and Technology (NIST). NIST SP 800-82: Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology. 2011.

49. —. NIST SP 800-53: Information Security. National Institute of Standards and Technology. 2009.

50. —. NISTIR 7176: System Protection Profile - Industrial Control Systems. Decisive Analytics. 2004.

51. —. NISTIR 7628: Guidelines for Smart Grid Cyber Security. Smart Grid Interoperability Panel–Cyber Security Working Group (SGIP–CSWG). 2010.

52. ASAP-SG. Advanced Security Acceleration Project for the Smart Grid. [Online] 2011. http://www.smartgridipedia.org/index.php/ASAP-SG.

53. The AMI-SEC Task Force (UCAIug) and The NIST Cyber Security Coordination Task Group. SECURITY PROFILE FOR ADVANCED METERING INFRASTRUCTURE. 2010.

54. AMI-SEC-ASAP. AMI Security Implementation Guide. 2009.

55. National Institute of Standards and Technology (NIST). NIST Smart Grid Federal Advisory Commitee. [Online] 2010. http://www.nist.gov/smartgrid/committee.cfm.

56. Smart Grid Architecture Committee. Smart Grid Architecture Committee. [Online] http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/SmartGridArchitectureCommittee.

57. Cyber Security Working Group. Cyber Security Working Group. [Online] http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG.

58. Smart Grid Interoperability Panel (SGIP). SGIP Cyber Security Working Group (SGIP CSWG). [Online] http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG.

59. NIST SGIP. Priority Action Plans. [Online] http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/PriorityActionPlans.



60. —. Domain Expert Working Groups. [Online] 2011. http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/DEWGs.

61. NEMA. National Electrical Manufacturers Association. Position Statement on Cyber Security. s.l. : www.nema.org/gov/energy/smartgrid/upload/Cyber_Security_Position_Statement.pdf.

62. National Electrical Manufacturers Association (NEMA). Position Statement on Cyber Security. s.l. : http://www.nema.org/gov/energy/smartgrid/upload/Cyber_Security_Position_Statement.pdf.

63. EPRI. EPRI Progress Report. [Online] http://www.smartgrid.epri.com/doc/IntelliGrid%20Newsletter%20Template_June%20053111.pdf.

64. Zwan, Erwin van der. Security of Industrial Control Systems, What to Look For. 2010.

65. Zhang, Zhen. Smart Grid in America and Europe: Similar Desires, Different Approaches (Part 2). . 2011.

66. —. Smart Grid in America and Europe: Similar Desires, Different Approaches (Part 1). . 2011.

67. Yin Hong, Chang. Cyber Security of a Smart Grid: Vulnerability Assessment. s.l. : http://www.ece.nus.edu.sg/stfpage/elejp/FYP/CYH09.pdf, 2010.

68. West, Andrew. SCADA Communication protocols. [Online] http://www.powertrans.com.au/articles/new pdfs/SCADA PROTOCOLS.pdf.

69. Weiss, Joseph. Protecting Industrial Control Systems from Electronic Threats. s.l. : Momentum Press, 2010.

70. Tsang, Rose. Cyberthreats, Vulnerabilities and Attacks on SCADA networks. 2009.

71. Theriault, Marlene and Heney, William. Oracle Security. First Edition. s.l. : O'Reilly, 1998. p. 446. 1-56592-450-9.

72. Syngres, Eric Knapp. Industrial Network Security. Securing critical infrastructure Networks for Smart Grid, SCADA and other Industrial Control Systems. .

73. Suter, Manuel and Brunner, Elgin M. International CIIP Handbook 2008 / 2009. 2008.

74. Stouffer, K. A., Falco, J. A. and Scarfone, K. A. Guide to Industrial Control Systems (ICS) Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC). s.l. : National Institute of Standards and Technology, 2011.

75. Snyder, Mike. Smart Grid Synergy. [Online] http://ict2020.tiaonline.org/may_june_2009/policy_stimulus.cfm.

76. Smith, Steven S. The SCADA Security Challenge: The Race Is On. 2006.



77. Identifying, understanding, and analyzing Critical Infrastructure Interdependencies. Rinaldi, Steven M., Peerenboom, James P. and Kelly, Terrence K. 2001, IEEE Control Systems Magazine.

78. Mo, Yilin, et al. Cyber–Physical Security of a Smart Grid Infrastructure. s.l. : http://sparrow.ece.cmu.edu/group/pub/Mo-Kim-etal-ProcIEEE-2011.pdf, 2011.

79. Masica, Ken. Securing WLANs using 802.11i. Draft. Recommended Practice. 2007.

80. —. Recommended Practices Guide For Securing ZigBee Wireless Networks in Process Control System Environments. 2007.

81. Lewis, Adam. ERN-CIP: European reference network for critical infrastructure protection. [Online] http://www.creatif-network.eu/workshop1/Lewis_session3.pdf.

82. Lenzini, G., Oostdijk, M. and Teeuw, W. Trust, Security, and Privacy for the Advanced Metering Infrastructure. s.l. : https://doc.novay.nl/dsweb/Get/Document-100649, 2009.

83. Kwasinski, A. Implication of Smart-Grids development for communication systems in normal operation and during disasters. 2010.

84. Jeff Trandahl, Clerk. USA Patriot Act (H.R. 3162). [Online] 2001. http://epic.org/privacy/terrorism/hr3162.html.

85. International Organization for Standardization (ISO), International Electrotechnical Commission (IEC). Information technology — Security techniques — Code of practice for information security management. International Organization for Standardization, International Electrotechnical Commission. 2005.

86. Huntington, Guy. NERC CIP’s and identity management. Huntington Ventures Ltd. 2009.

87. Holstein, Dennis Cease, Li, Haiyu L and Meneses, Albertin,. The Impact of Implementing Cyber Security Requirements using IEC 61850. 2010.

88. Holstein, Dennis K. P1711 “The state of closure”. s.l. : PES/PSSC Working Group C6, 2008.

89. Hayden, Ernie. There is No SMART in Smart Grid Without Secure and Reliable Communications. s.l. : http://www.verizonbusiness.com/resources/whitepapers/wp_no-smart-in-smart-grid-without-secure-comms_en_xg.pdf.

90. Hart, D.G. Using AMI torealize the Smart Grid. En Powerand energy society general meeting -Conversion and delivery of electrical energy in the 21st Century. s.l. : IEEE 2008, 2008.

91. Green, Brian D., Cote, J. R. and Simmins, John. Smartgridinformation.info. [Online] 17 8 2010. [Cited: 30 12 2011.] http://www.smartgridinformation.info/pdf/2663_doc_1.pdf.

92. Gorman, Siobhan. Electricity Grid in U.S. Penetrated By Spies.

93. Goméz, J. Antonio. III Curso de verano AMETIC-UPM 2011 hacia un mundo digital: las e-TIC motor de los cambios sociales, económicos y culturales. 2011.

94. Glöckler, Oszvald. IAEA Coordinated Research Project (CRP) on Cybersecurity of Digital I&C Systems in NPPs. [Online] 2011.



http://www.iaea.org/NuclearPower/Downloads/Engineering/meetings/2011-05-TWG-NPPIC/Day-3.Thursday/TWG-CyberSec-O.Glockler-2011.pdf.

95. Giordano, Vincenzo, et al. Smart Grid projects in Europe: lessons learned and current developments. 2011.

96. Ginter, Andrew. An Analysis of Whitelisting Security Solutions and Their Applicability in Control Systems. 2010.

97. Flick, Tony and Morehouse, Justin. Securing the Smart Grid. Next Generation Power Grid Security. 2011.

98. Fan, Jiyuan and Zhang, Xiaoling. Feeder Automation within the Scope of Substation Automation. [Online] 10 31, 2006. [Cited: 12 29, 2011.] http://www.ieee.org/portal/cms_docs_pes/pes/subpages/meetings-folder/PSCE/PSCE06/panel24/Panel-24-3_Feeder_Automation.pdf.

99. Fan, Jiyuan, du Toit, Willem and Backschneider, Paul. Distribution Substation Automation in Smart Grid.

100. Falliere, Nicolas, Murchu, Liam O and Chien, Eric. W32.Stuxnet Dossier. Symantec. 2011.

101. Ericsson, Göran. Managing Information Security in an Electric Utility. Cigré Joint Working Group (JWG) D2/B3/C2-01.

102. Ebinger, Charles and Massy, Kevin. Software and hard targets: enhancing Smart Grid cyber security in the age of information warfare. s.l. : http://www.brookings.edu/~/media/Files/rc/papers/2011/02_smart_grid_ebinger/02_smart_grid_ebinger.pdf, 2011.

103. Díaz Andrade, Carlos Andrés and Hernandez, Juan Carlos. Smart grid: Las TICs y la modernización de las redes de energía eléctrica – Estado del arte. 2011.

104. Davis, Mike. SmartGrid Device Security. Adventures in a new medium. s.l. : https://www.blackhat.com/presentations/bh-usa-09/MDAVIS/BHUSA09-Davis-AMI-SLIDES.pdf, 2009.

105. Conant, Rob. Toward a Global Smart Grid - The U.S. vs. Europe. [Online] http://www.elp.com/index/display/article-display/2702271845/articles/utility-automation-engineering-td/volume-15/Issue_5/Features/Toward_a_Global_Smart_Grid_-_The_US_vs_Europe.html .

106. —. Toward a Global Smart Grid - The U.S. vs. Europe. [Online] http://www.elp.com/index/display/article-display/2702271845/articles/utility-automation-engineering-td/volume-15/Issue_5/Features/Toward_a_Global_Smart_Grid_-_The_US_vs_Europe.html.

107. Coll-Mayor, Debora. Overview of strategies and goals. [Online] http://www.4thintegrationconference.com/downloads/Strategies & Goals of Smartgrid in Europe.pdf.



108. Cleveland, Frances. White Paper: Cyber Security Issues for the Smart Grid. s.l. : http://www.xanthus-consulting.com/Publications/White_Paper_Cyber_Security_Issues_for_the_Smart_Grid.pdf, 2009.

109. Clemente, Jude. The Security Vulnerabilities of Smart Grid. s.l. : http://www.ensec.org/index.php?option=com_content&view=article&id=198:the-security-vulnerabilities-of-smart-grid&catid=96:content&Itemid=345, 2009.

110. Chebbo, Maher. Recommendations of the SmartGrid ICT consultation Group to the European Commision. 2010.

111. Carpenter, Matthew and Wright, Joshua. Advanced metering infrastructure attack methodology. 2009.

112. Brodsy, Jacob and McConnell, Anthony. Jamming and Interference Induced Denial-of-Service Attacks on IEEE 802.15.4-Based Wireless Networks. 2009.

113. Boyer, Stuart A. SCADA: Supervisory Control and Data Acquisition. Iliad Development Inc., ISA. 2010.

114. —. SCADA Supervisory and Data Acquisition. 2004.

115. Berkeley III, Alfred R. and Wallace, Mike. A Framework for Establishing Critical Infrastructure Resilience Goals. Final Report and Recommendations by the Council. s.l. : National Infrastructure Advisory Council, 2010.

116. Bartels, Guido. Combating Smart Grid Vulnerabilities. s.l. : http://www.ensec.org/index.php?option=com_content&view=article&id=284:combating-smart-grid-vulnerabilities&catid=114:content0211&Itemid=374, 2011.

117. Bailey, David and Wright, Edwin. Practical SCADA for Industry. s.l. : Newnes, 2003.

118. Asad, Mohammad. Challenges of SCADA. [Online] http://www.ceia.seecs.nust.edu.pk/pdfs/Challenges_of_SCADA.pdf.

119. Anderson, Roger N., et al. Computer-Aided Lean Management for the Energy Industry. 2008.

120. Amin, Saurabh, Sastry, Shankar and Cárdenas, Alvaro A. Research Challenges for the Security of Control Systems. 2008.

121. Amin, S. Massoud. Smart Grid: Overview, Issues and Opportunities. Advances and Challenges in Sensing, Modeling, Simulation, Optimization and Control. s.l. : http://central.tli.umn.edu/CDC_Semi_plenary_Smart%20Grids_Massoud%20Amin_final.pdf, 2011.

122. Abbott, Ralph E. The Successful AMI Marriage: When Water AMR and Electric AMI Converge. [Online] http://www.waterworld.com/index/display/article-display/328763/articles/waterworld/volume-24/issue-5/editorial-feature/the-successful-ami-marriage-when-water-amr-and-electric-ami-converge.html.



123. ZigBee. ZigBee Home Automation Overview. [Online] http://www.zigbee.org/Standards/ZigBeeHomeAutomation/Overview.aspx.

124. International Federation of Automatic Control (IFAC). Working Group 3: Intelligent Monitoring, Control and Security of Critical Infrastructure Systems — IFAC TC Websites. [Online] http://tc.ifac-control.org/5/4/working-groups/copy2_of_working-group-1-decentralized-control-of-large-scale-systems.

125. WirelessHART. WirelessHART. [Online] http://www.hartcomm.org/protocol/wihart/wireless_technology.html.

126. Web application Security Consortium. Web Application Firewall Evaluation Criteria. [Online] 2009. http://projects.webappsec.org/w/page/13246985/Web Application Firewall Evaluation Criteria.

127. VIKING Project. Vital Infrastructure, Networks, Information and Control Systems Management. [Online] 2008. http://www.vikingproject.eu.

128. VDI/VDE. VDI/VDE 2182: IT security for industrial automation. 2011.

129. United States Computer Emergency Readiness Team (US-CERT). US-CERT: United States Compueter Emergency readiness Team. [Online] http://www.us-cert.gov.

130. Institute of Electrical and Electronics Engineers (IEEE). Transmission & Distribution Exposition & Conference 2008 IEEE PES : powering toward the future. Institute of Electrical and Electronics Engineers. 2008.

131. Pacific Northwest National Labortory, U.S. Department of Energy. The Role of Synchronized Wide Area Measurements for Electric Power Grid Operations. 2006.

132. EURELECTRIC Networks Committee. The Role of Distribution System. Operators (DSOs) as Information Hubs. 2010.

133. The 451 Group. The adversary: APTs and adaptive persistent adversaries. 2010.

134. SANS. The 2011 Asia Pacific SCADA and Process Control Summit - Event-At-A-Glance. [Online] 2011. http://www.sans.org/sydney-scada-2011.

135. International Energy Agency (IEA). Technology Roadmap. Smart Grids. France : OCDE/IEA, 2011.

136. EPRI. Technical and System Requirements for Advanced Distribution Automation. 2004.

137. International Federation of Automatic Control (IFAC). TC 6.3. Power Plants and Power Systems — IFAC TC Websites. [Online] http://tc.ifac-control.org/6/3.

138. —. TC 3.1. Computers for Control — IFAC TC Websites. [Online] http://tc.ifac-control.org/3/1.

139. ESCoRTS Project. Survey on existing methods, guidelines and procedures. 2009.

140. CEN/CENELEC/ETSI Joint Working Group. Standards for Smart Grids. 2011.



141. Smart Substations. Smart Substations:Desing, Operations and Maintenance. [Online] http://www.smartsubstations.com.au/Event.aspx?id=664622.

142. EnergieNed. Smart Meter Requirements. Dutch Smart Meter specification and tender dossier. s.l. : http://www.energiened.nl/_upload/bestellingen/publicaties/288_Dutch%20Smart%20Meter%20%20v2.1%20final%20Main.pdf, 2008.

143. European Commision. Energy. Smart Grids Task force. [Online] http://ec.europa.eu/energy/gas_electricity/smartgrids/taskforce_en.htm.

144. U.S. Department of Energy. Smart Grid System Report. 2009.

145. Industrial Defender. Smart Grid Safety vs Confidentiality. s.l. : http://blog.industrialdefender.com/?p=756, 2011.

146. Enerweb. Smart grid Information Report. s.l. : http://enerweb.co.za/brochures/Smart%20Grid%20Information%20Report.pdf, 2011.

147. IEEE Smart grid. Smart Grid Conceptual Model. [Online] http://smartgrid.ieee.org/ieee-smart-grid/smart-grid-conceptual-model.

148. Sonoma innovation. Smart Grid Communications Architectural Framework. 2009.

149. EU Commission Task Force for Smart Grids. Expert Group 4. Smart Grid aspects related to Gas. 2011.

150. European Commision. Smart electricity Systems. European CommisionJoint Research Centre. [Online] http://ses.jrc.ec.europa.eu/.

151. Siemens. Smart Distribution. Distribution Automation and Protection. [Online] [Cited: 29 12 2011.] http://www.energy.siemens.com/fi/en/energy-topics/smart-grid/smart-distribution/distribution-automation-and-protection.htm.

152. The Climate Group. smart 2020: enabling the low carbon economy in the information age. [Online] 2008.

153. Treehugger. SMART 2020 Report: Smart Grids Can Cut CO2 Emissions by 15 Percent. [Online] 2011. http://www.treehugger.com/clean-technology/smart-2020-report-smart-grids-can-cut-co2-emissions-by-15-percent.html.

154. smart 2020. Smart 2020 . [Online] 2009. http://www.smart2020.org/.

155. ESCoRTS Project. Security of Control and Real Time Systems. [Online] 2008. http://www.escortsproject.eu.

156. ABB. Security in the smart grid. s.l. : http://www02.abb.com/db/db0003/db002698.nsf/0/832c29e54746dd0fc12576400024ef16/$file/paper_Security+in+the+Smart+Grid+%28Sept+09%29_docnum.pdf, 2009.

157. American Petroleum Institute (API) energy. Security Guidelines for the Petroleum Industry. American Petroleum Institute. 2005.



158. Technical Support Working Group (TSWG). Securing Your SCADA and Industrial Control Systems. Departmet of Homeland Security. 2005.

159. Rijksoverheid. Scenario's Nationale Risicobeoordeling 2008/2009. [Online] 2009. http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2009/10/21/scenario-s-nationale-risicobeoordeling-2008-2009.html.

160. SANS. SCADA Security Advanced Training. [Online] 1989. http://www.sans.org/security-training/scada-security-advanced-training-1457-mid.

161. Water Sector Coordinating Council Cyber Security Working Group. Roadmap to Secure Control Systems in the Water Sector. 2008.

162. RISI. Repository of Industrial Security Incidents. [Online] http://www.securityincidents.org/.

163. United States Nuclear Regulatory Commission. Regulatory Guide 5.71: Cyber security programs for nuclear facilities. 2010.

164. Department of Homeland Security (DHS). Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies. 2009.

165. Wikipedia. Recloser. [Online] [Cited: 12 26, 2011.] http://en.wikipedia.org/wiki/Recloser.

166. Iberdrola. Proyecto tipo para Centro de Transformación intemperie compacto. [En línea] Abril de 1997. [Citado el: 29 de Diciembre de 2011.] http://www.coitiab.es/reglamentos/electricidad/reglamentos/jccm/iberdrola/mt_2-11-05.htm.

167. Centre for the Protection of National Infrastructure (CPNI). Process control and SCADA security. Guide 7. Establish ongoing governance. Centre for the Protection of National Infrastructure.

168. —. Process control and SCADA security. Guide 6. Engage projects. Centre for the Protection of National Infrastructure.

169. —. Process control and SCADA security. Guide 5. Manage third party risk. Centre for the Protection of National Infrastructure.

170. —. Process control and SCADA security. Guide 4. Improve awareness and skills. Centre for the Protection of National Infrastructure.

171. —. Process control and SCADA security. Guide 3. Establish response capabilities. Centre for the Protection of National Infrastructure.

172. —. Process control and SCADA security. Guide 2. Implement secure architecture. Centre for the Protection of National Infrastructure.

173. —. Process control and SCADA security. Guide 1. Understand the business risk. Centre for the Protection of National Infrastructure.



174. —. Process control and SCADA security. Centre for the Protection of National Infrastructure.

175. Institute of Electrical and Electronics Engineers (IEEE). P2030: IEEE Guide for Smart Grid Interoperability of Energy Technology and Information Technology Operation with the Electric Power System (EPS), End-Use Applications, and Loads. 2011.

176. Wikipedia. Outage management system. [Online] http://en.wikipedia.org/wiki/Outage_management_system.

177. Open Smart Grid. Open Smart Grid. [Online] http://osgug.ucaiug.org/default.aspx.

178. OpenSG. Open Smart Grid. http://osgug.ucaiug.org. [Online]

179. Norwegian Oil Industry Association (OLF). OLF Guideline No.110: Implementation of information security in PCSS/ICT systems during the engineering, procurement and commissioning phases. Norwegian Oil Industry Association. 2006.

180. —. OLF Guideline No. 104: Information Security Baseline Requirements for Process. Norwegian Oil Industry Association. 2006.

181. National Institute of Standards and Technology (NIST). NIST SP 1108: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0. 2010.

182. The White House. National Strategy for Information Sharing. [Online] 2007. http://georgewbush-whitehouse.archives.gov/nsc/infosharing/index.html.

183. Department of Homeland Security (DHS). National Infrastructure Protection Plan: Partnering to enhance protection and resiliency. Department of Homeland Security. 2009.

184. NAMUR. NAMUR NA 115 IT-Security for Industrial Automation Systems: Constraints for measures applied in process industries. 2006.

185. Centre for the Protection of Critial Infrastructure (CPNI). Meridian Process Control Security Information Exchange (MPCSIE). [Online] http://www.cpni.nl/informatieknooppunt/internationaal/mpcsie.

186. Meridian. Meridian. [Online] http://www.meridian2007.org.

187. International Electrotechnical Commission (IEC). ISO/IEC 15408: Information technology. Security techniques. Evaluation criteria for IT security. 2009-2011.

188. International Society of Automation (ISA). ISA100, Wireless Systems for Automation. [Online] www.isa.org/isa100.

189. INTERSECTION Project. INfrastructure for heTErogeneous, Resilient, SEcure, Complex, Tightly Inter-Operating Networks (INTERSECTION). [Online] 2008. http://www.intersection-project.eu.

190. Norwegian Oil Industry Association (OLF). Information Security Baseline Requirements for Process Control, Safety, and Support ICT Systems. Norwegian Oil Industry Association. 2009.



191. INSPIRE Project. INcreasing Security and Protection through Infrastructure REsilience. [Online] 2008. http://www.inspire-strep.eu.

192. International Federation for Information Processing (IFIP). IFIP WG 1.7 Home Page. [Online] http://www.dsi.unive.it/~focardi/IFIPWG1_7.

193. —. IFIP Technical Committees. [Online] http://ifiptc.org/?tc=tc11.

194. —. IFIP TC 8 International Workshop on Information Systems Security Research. [Online] http://ifip.byu.edu.

195. Institute of Electrical and Electronics Engineers (IEEE). IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities. 2007.

196. —. IEEE Standard C37.1-1994: Definition, Specification, and Analysis of Systems Used for Supervisory Control, Data Acquisition, and Automatic Control. Institute of Electrical and Electronics Engineers. 1994.

197. International Electrotechnical Commission (IEC). IEC 62443: Security for Industrial Process Measurement and Control: Network and System Security. 2010.

198. —. IEC 61970: Common Information Model (CIM) / Energy Management.

199. —. IEC 61968: Common Information Model (CIM) / Distribution Management.

200. —. IEC 61850-7-2: Communication networks and systems for power utility automation – Part 7-2: Basic information and communication structure – Abstract communication service interface (ACSI). International Electrotechnical Commission. 2010.

201. —. IEC 61850: Communication networks and systems in substations. 2011.

202. —. IEC 60870-6: Telecontrol equipment and systems. 2005.

203. —. IEC 60870-5: Telecontrol equipment and system. 2007.

204. ICT4SMARTDG. ICT Solutions to enable Smart Distributed Generation. 2011.

205. International Atomic Energy Agency (IAEA). IAEA Technical Meeting on Newly Arising Threats in Cybersecurity of Nuclear Facilities. [Online] 2011. http://www.iaea.org/NuclearPower/Downloads/Engineering/files/InfoSheet-CybersecurityTM-May-2011.pdf.

206. Energie Vortex. http://www.energyvortex.com. [Online] http://www.energyvortex.com/energydictionary/blackout__brownout__brown_power__rolling_blackout.html.

207. IRRIIS Project. Homepage of the IRRIIS project. [Online] 2006. http://www.irriis.org.

208. Department of Homeland Security (DHS). Homeland Security Presidential Directive-7. [Online] 2003. http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm#1.



209. Department of Energy (DoE). Hands-on Control Systems Cyber Security Training of National SCADA Test Bed. [Online] 2008. http://www.inl.gov/scada/training/d/8hr_intermediate_handson_hstb.pdf.

210. BBC news. Hackers 'hit' US water treatment systems. s.l. : http://www.bbc.co.uk/news/technology-15817335, 2011.

211. Swedish Civil Contingencies Agency (MSB). Guide to Increased Security in Industrial Control Systems. Swedish Civil Contingencies Agency. 2010.

212. Commission of the European communities. Green paper. On a European programme for critical infrastructure protection COM(2005) 576 final. 2005.

213. National Infrastructure Security Coordination Centre (NISCC). Good Practice Guide Process Control and SCADA Security. PA Consulting Group. 2006.

214. —. Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks. British Columbia Institute of Technology (BCIT). 2005.

215. McAfee. Global Energy Cyberattacks: “Night Dragon”. [Online] 2011. http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf.

216. National Infrastructure Security Coordination Centre (NISCC). Firewall deployment for scada and process control networks. good practice guide. National Infrastructure Security Coordination Centre. 2005.

217. Centre for the Protection of National Infrastructure (CPNI). Firewall deployment for scada and process control networks. Centre for the Protection of National Infrastructure. 2005.

218. National Institute of Standards and Technology (NIST). FIPS PUB 199. Standards for Security Categorization of Federal Information and Information Systems. [Online] 2004. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf.

219. —. Field Device Protection Profile for SCADA Systems in Medium Robustness Environments. 2006.

220. EU Commission Task Force for Smart Grids. Expert Group 1: Functionalities of smart grids and smart meters. 2010.

221. The White House. Executive Order 13231. [Online] 2001. http://www.fas.org/irp/offdocs/eo/eo-13231.htm.

222. European Commission. Europ2 2020. Europe 2020 targets. [Online] http://ec.europa.eu/europe2020/reaching-the-goals/targets/index_en.htm.

223. Eur Lex. [Online] http://eur-lex.europa.eu/en/index.htm.

224. European Network and Informations Security Agency (ENISA). EU Agency analysis of ‘Stuxnet’ malware: a paradigm shift in threats and Critical Information Infrastructure



Protection. [Online] 2010. http://www.enisa.europa.eu/media/press-releases/eu-agency-analysis-of-2018stuxnet2019-malware-a-paradigm-shift-in-threats-and-critical-information-infrastructure-protection-1.

225. Instituto de Investigaciones Eléctricas de México. Estado del arte en Redes Inteligentes "Smart Grids". Automatización de la Distribución en las Redes Inteligentes. México : s.n.

226. eSEC. eSEC. Plataforma Tecnológica Española de Tecnologías para Seguridad y Confianza. [Online] http://www.idi.aetic.es/esec.

227. Energie.gov. Energy Storage. [Online] http://energy.gov/oe/technology-development/energy-storage.

228. Department of Energy (DoE). Energy Infrastructure Risk Management Checklists for Small and Medium Sized Energy Facilities. Department of Energy. 2002.

229. Energy Independence and Security Act of 2007. s.l. : http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=110_cong_bills&docid=f:h6enr.txt.pdf, 2007.

230. Energiened. Energiened Documentation. [Online] http://www.energiened.nl/Content/Publications/Publications.aspx.

231. U.S. Department of Energy. Electricity sector cyber-security risk management process guideline. 2011.

232. Government Accountability Office (GAO). Electricity grid modernization. Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed. s.l. : http://www.gao.gov/new.items/d11117.pdf, 2011.

233. Smarter Grid Solutions. Dynamic Line Rating - managing capacity. [Online] http://www.smartergridsolutions.com/index.html?pid=153.

234. National Institute of Standards and Technology (NIST). Draft NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0. 2011.

235. DLMS User Association. DLMS/COSEM: Conformance Testing Process. 2010.

236. —. DLMS/COSEM: Architecture and Protocols. 2009.

237. Wikipedia. Distribution mangagement system. [Online] http://en.wikipedia.org/wiki/Distribution_mangagement_system.

238. Commission of the European communities. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 1995.

239. DigitalBond. DigitalBond. ICS Security Tool Mail List. [Online] http://www.digitalbond.com/tools/ics-security-tool-mail-list.

240. Department of Homeland Security (DHS). DHS officials: Stuxnet can morph into new threat. [Online] 2011. http://www.homelandsecuritynewswire.com/dhs-officials-stuxnet-can-morph-new-threat.



241. Department of Energy (DoE). Cybersecurity for Energy Delivery Systems Peer Review. [Online] 2010. http://events.energetics.com/CSEDSPeerReview2010.

242. Department of Homeland Security (DHS). Cyber storm III Final Report. Department of Homeland Security Office of Cybersecurity and Communications National Cyber Security Division. 2011.

243. Centre for the Protection of National Infrastructure (CPNI). Cyber security assessments of industrial control systems. Centre for the Protection of National Infrastructure. 2011.

244. CRUTIAL Project. CRitical Utility InfrastructurAL resilience. [Online] 2006. http://crutial.rse-web.it.

245. Thales. Critical Infrastructure Security. A Holistic Security Risk Management Approach. s.l. : http://www.securitymanagement.com.au/content/file/CriticalISThales.pdf?asm=ad05637d37e2a8c1afeeda016804c85, 2008.

246. United States General Accounting Office (GAO). Critical infrastructure protection. Challenges and Efforts to Secure Control Systems. United States General Accounting Office. 2004.

247. CI2RCO Project. Critical information infrastructure research coordination. [Online] 2008. http://cordis.europa.eu/fetch?CALLER=PROJ_ICT&ACTION=D&CAT=PROJ&RCN=79305.

248. SINTEF. CRIOP: A scenario method for Crisis Intervention and Operability analysis. 2011.

249. Centre for the Protection of Critical Infrastructure (CPNI). CPNI. [Online] http://www.cpni.gov.uk/advice/infosec/business-systems/scada.

250. Commission of the European communities. Council directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. 2008.

251. Council decision on a Critical Infrastructure Warning Information Network (CIWIN) COM(2008) 676». Commission of the European communities. 2008.

252. DLMS User Association. COSEM: Identification System and Interface Classes. 2010.

253. —. COSEM: Glossary of Terms. 2003.

254. Department of Energy (DoE). Control Systems Security Publications Library. [Online] http://energy.gov/oe/control-systems-security-publications-library.

255. United States Computer Emergency Readiness Team (US-CERT). Control Systems Security Program: Industrial Control Systems Joint Working Group. [Online] http://www.us-cert.gov/control_systems/icsjwg/index.html.

256. —. Control Systems Security Program: Industrial Control Systems Cyber Emergency Response Team. [Online] http://www.us-cert.gov/control_systems/ics-cert/.



257. Interstate Natural Gas Association of America (INGAA). Control Systems Cyber Security Guidelines for the Natural Gas Pipeline Industry. Interstate Natural Gas Association of America. 2011.

258. ICT4SMARTDG. Consensus on ICT solutions for a Smart Distribution at Domestic Level. 2011.

259. Centre for the Protection of National Infrastructure (CPNI). Configuring & managing remote access for industrial control systems. Centre for the Protection of National Infrastructure. 2011.

260. Commission of the European communities. Communication from the commission. Energy infrastructure priorities for 2020 and beyond – A Blueprint for an integrated European energy network. COM(2010) 677. 2010.

261. —. Communication from the commission to the european parliament, the council, the european economic and social committee and the committee of the regions: A Digital Agenda for Europe. COM(2010)245 final. 2010.

262. —. Communication from the commission to the european parliament, the council, the european economic and social committee and the committee of the regions. Energy 2020: A strategy for competitive, sustainable and secure energy. COM(2010) 639 final. 2010.

263. —. Communication from the commission to the european parliament, the council, the european economic and social committee and the committee of the regions. Digital Agenda for Europe. COM(2010) 245. 2010.

264. —. Communication from the commission to the council, the European parliament, the European economic and social commitee and the commitee of the regions. A strategy for a Secure Information Society – 'Dialogue, partnership and empowerment' COM(2006) 251. 2006.

265. —. Communication from the commission to the council and the European parliament. Prevention, preparedness and response to terrorist attacks COM(2004) 698 final. 2004.

266. —. Communication from the commission to the council and the European parliament. Critical Infrastructure Protection in the fight against terrorism COM(2004) 702 final. 2004.

267. —. Communication from the commission on a European Programme for Critical Infrastructure Protection COM(2006) 786. 2006.

268. North American Electric Reliability Corporation (NERC). CIP-009-4: Cyber Security — Recovery Plans for Critical Cyber Assets. North American Electric Reliability Corporation (NERC). 2011.

269. —. CIP-008-4: Cyber Security — Incident Reporting and Response Planning. North American Electric Reliability Corporation. 2011.

270. —. CIP-007-4: Cyber Security — Systems Security Management. North American Electric Reliability Corporation. 2011.



271. —. CIP-006-4: Cyber Security — Physical Security. North American Electric Reliability Corporation. 2011.

272. —. CIP-005-4: Cyber Security — Electronic Security Perimeter(s). North American Electric Reliability Corporation. 2011.

273. —. CIP-004-4: Cyber Security — Personnel and Training. North American Electric Reliability Corporation. 2011.

274. —. CIP-003-4: Cyber Security — Security Management Controls. North American Electric Reliability Corporation. 2011.

275. —. CIP-002-4: Cyber Security — Critical Cyber Asset Identification. North American Electric Reliability Corporation. 2011.

276. —. CIP-001-1a: Sabotage Reporting. North American Electric Reliability Corporation. 2010.

277. Department of Homeland Security (DHS). Catalog of Control Systems Security: Recommendations for Standards Developers. 2009.

278. Council of the European Union. Brussels European Council 8/9 march 2007. Presidency conclusions. 2007.

279. Power Systems Engineering Research Center. Automated Circuit Breaker Monitoring. 2007.

280. Gartner. Assessing the Security Risks of Cloud Computing. Gartner. [Online] 2008. http://www.gartner.com/DisplayDocument?id=685308.

281. American Petroleum Institute (API) energy. API Standard 1164. Pipeline SCADA Security. American Petroleum Institute. 2009.

282. American National Standard (ANSI). ANSI/ISA-TR99.00.01-2007 Security Technologies for Industrial Automation and Control Systems. International Society of Automation (ISA). 2007.

283. —. ANSI/ISA–99.02.01–2009 Security for Industrial Automation and Control Systems. Part 2: Establishing an Industrial Automation and Control Systems Security Program. International Society of Automation (ISA). 2009.

284. —. ANSI/ISA–99.00.01–2007 Security for Industrial Automation and Control Systems. Part 1: Terminology, Concepts, and Models. International Society of Automation (ISA). 2007.

285. —. ANSI C12.21: American National Standard for Protocol Specification for Telephone Modem Communication. 2006.

286. —. ANSI C12.19: American National Standard for Utility Industry End Device Data Tables. 2008.

287. —. ANSI C12.18: American National Standard for Protocol Specification for ANSI Type 2 Optical Port. 2006.

288. AMI-SEC-ASAP. AMI System Security Requirements. 2008.



289. American Gas Association (AGA). AGA Report No. 12, Cryptographic Protection of SCADA Communications. Part 2 Performance Test Plan. American Gas Association. 2006.

290. —. AGA Report No. 12, Cryptographic Protection of SCADA Communications. Part 1 Background, policies and test plan. American Gas Association. 2006.

291. Wikipedia. Advanced Distribution Automation. [Online] [Cited: 02 01 2012.] http://en.wikipedia.org/wiki/Advanced_Distribution_Automation.

292. IBM Global Services. A Strategic Approach to Protecting SCADA and Process Control Systems. 2007.

293. Europe 2020. A resource-efficient Europe – Flagship initiative of the Europe 2020 Strategy. [Online] http://ec.europa.eu/resource-efficient-europe/index_en.htm.

294. EOS Energy Infrastructure Protection & Resilience Working Group. A global european approach for energy infrastructure protection & resilience. s.l. : http://www.eos-eu.com/LinkClick.aspx?fileticket=DEvuI/4l1jU=&tabid=232, 2009.

295. Department of Energy (DoE). 21 Steps to Improve Cyber Security of SCADA Networks. Department of Energy.

296. Security of Industrial Control Systems, What to Look For. Zwan, Erwin van der. 2010, ISACA Journal Online.

297. IEC. IEC TS 62351-5: Power systems management and associated information exchange – Data and.

298. En. [Online]

299. Taylor, Dr. Gary. DEVELOPING NOVEL ICT BASED SOLUTIONS FOR SMART DISTRIBUTION NETWORK OPERATION. [Online] http://dea.brunel.ac.uk/hiperdno/files/UPEC%202010%20HiPerDNO%20Project%20Presentation.pdf.

300. NIST -SGIP. SGIP Catalog of Standards. [Online] 2012. http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/SGIPCatalogOfStandards.



13 Abbreviations ACER Agency for the Cooperation of Energy Regulators

ADA Advanced Distribution Automation

AMI Advanced Metering Infrastructure

AMR/AMM Advanced Metering Reading/Measures

ANSI American National Standards Institute

AoR Assessment of the Resilience

BAN Building Area Networks

BPL Broadband over power line

C&DM Control & Data Management

CC Common Criteria

CEN European Committee for Standardization

CENELEC European Committee for Electrotechnical Standardization

CEO chief executive officer

CERT centre emergency response team

CIA Confidentially, Integrity and Availability

CIWIN Critical Infrastructure Warning Information Network

C-level Chief level (CEO, CIO, ...)

CO2 Carbon dioxide

COTS Commercial of the Self

CS Control Systems

CZ Czech Republic

DAE Digital Agenda for Europe

DCA Distribution Contingency Analysis

DE Germany

DER Distributed Energy Resources

DG ENER Directorate-General for Energy

DK Denmark

DLF/DLE Distribution Load Forecasting and Estimation

DLMS/COSEM Device Language Message specification/COmpanion Specification for Energy Metering

DLR Dynamic Line Ratings

DMS Distribution Management System

DoS Denial of Service

DPF Distribution Power Flow

DSE Distribution State Estimation

DSM Demand Side Management

DSO Distribution System Operators

EACI European Association for Creativity and Innovation



EC European Commission

ECI European Critical Infrastructures

EG Expert Group

EII European Industrial Initiatives

EISAS European Information Sharing and Alert System

EL Greek

EMS Energy Management System

ENISA European Network and Information Security Agency

ENTSO European Network of Transmission System Operators for Electricity

EP3R European Public Private Partnership for Resilience

EPCIP European Programme for Critical Infrastructure Protection

ES Spain

ESI Energy service interface

ETN Electrical Transmission Network

ETP Executive Training Programme

ETP European Technology Platform

ETSI European Telecommunications Standards Institute

EU European Union

EV Electric Vehicle

FAN Field Area Network

FDIR Fault Detection Isolation and Restoration

FP7 Framework Programme 7

FTP File Transfer Protocol

GDP Gross domestic product

GHG Greenhouse Gas

GIS geographic Information system

GPRS General Packet Radio Service

HAN Home Area Network

HMI Human Machine Interface

HPC High Performance Computing

HTTP Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure

HVDC High-Voltage Direct Current

HW Hardware

IAC Integrity, Availability, Confidentiality

IAN Industrial Area Networks

ICS Industrial Control Systems

ICT Information and communications technology

IE Information Exchange

IEC International Electrotechnical Commission



IED Intelligent Electronic Devices

IEEE Institute of Electrical and Electronics Engineers

IoE Internet of Energy

IPS/IDS Intrusion Protection/Detection System

IP-Sec Internet Protocol Secure

ISA International Society of Automation

ISM Information Security Management

ISMS Information Security Management System

ISO International Organization for Standardization

IST Information Society Technologies

IT Information Technology

IT Italy

IVVC Integrated Voltage/Var Control

JHA Justice and Home Affairs

JRC Joint Research Center

JWG Joint Working Group

KF Key Finding

LAN Local Area Network

LV Low Voltage

MAN Metropolitan Area Network

MDMS Meter data management system

MID Measuring Instruments Directive

MPLS Multiprotocol Label Switching

MS Member State

MV Medium Voltage

NAN Neighbourhood Area Network

NCA National Certification Authorities

NCI National Critical Infrastructures

NERC North American Electric Reliability Corporation

NIS Network and Information Security

NIST National Institute of Standards and Technology

NL Nederland

NO Norway

NRA National Regulatory Authorities

OFC Optimal Feeder Configuration

OFDM Orthogonal Frequency Division Multiplexing

OMS Outage Management System

OWASP Open Web Application Security Project

PCD Process Control Domain

PLC Power Line Communications



PMU Phasor Measurement Units

PP Protection Profiles

QoS quality of service

R&D Research and Development

RBAC Role Based Access Control

RF Radio Frequency

RISI Repository of Industrial Security Incidents

RMP Risk Management Process

RTD Research and Technology Development

RTP Real-Time Pricing

RTU Remote Terminal Units

SCADA Supervisory Control and Data Acquisition

SES Smart Electricity System

SFTP Secure File Transfer Protocol

SG Smart Grid

SGIS Smart Grid Information Security

SIEM Security information and event management

SL Slovenia

SMART Standardization, Monitoring, Accounting, Rethink, Transformation

SOC Security Operations Centre

SSH Secure Shell

ST Security Targets

SW Software

TCP/IP Transmission Control Protocol/Internet Protocol

Telnet Telecommunications Network

TF Task Force

TOE Target of Evaluation

TP Topology Processor

TSO Transmission System Operators

UK United Kingdom

USA/US United States of America

USB Universal Serial Bus

VPN Virtual Private Network

WAAPCA wide-area adaptive protection, control and automation

WAMS Wide Area Monitoring System

WAN Wide Area Networks

WASA Wide-Area Situational Awareness

WG Working Group

WMD Weapon of Mass Destruction



P.O. Box 1309, 71001 Heraklion, Greece www.enisa.europa.eu