You are on page 1of 97

Smart grid security

Annex V. Related initiatives


[Deliverable 2012-03-31]

Smart Grid Security


I
Annex V. Related initiatives

This document is Annex 5 (of 5) to the ENISA study Smart grid security: Recommendations for
Europe and Member States, June 2012.

Contributors to this report


ENISA would like to recognise the contribution of the S21sec1 team members that prepared
this report in collaboration with and on behalf of ENISA:
Elyoenai Egozcue,
Daniel Herreras Rodrguez,
Jairo Alonso Ortiz,
Victor Fidalgo Villar,
Luis Tarrafeta.

Agreements or Acknowledgements
ENISA would like to acknowledge the contribution of Mr. Wouter Vlegels and Mr. Rafa
Leszczyna to this study.

S21sec, the contractor of ENISA for this study is an international security services company with offices in several countries.

Smart Grid Security

II

Annex V. Related initiatives

About ENISA
The European Network and Information Security Agency (ENISA) is a centre of network and
information security expertise for the EU, its member states, the private sector and Europes
citizens. ENISA works with these groups to develop advice and recommendations on good
practice in information security. It assists EU member states in implementing relevant EU
legislation and works to improve the resilience of Europes critical information infrastructure
and networks. ENISA seeks to enhance existing expertise in EU member states by supporting
the development of cross-border communities committed to improving network and
information security throughout the EU. More information about ENISA and its work can be
found at www.enisa.europa.eu.

Contact details
For contacting ENISA or for general enquiries on CIIP & Resilience, please use the following
details:
E-mail: resilience@enisa.europa.eu
Internet: http://www.enisa.europa.eu
For questions related to Smart grid security: Recommendations for Europe and Member
States, please use the following details:
E-mail: Konstantinos.Moulinos@enisa.europa.eu

Legal notice
Notice must be taken that this publication represents the views and interpretations of the
authors and editors, unless stated otherwise. This publication should not be construed to be a
legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC)
No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not
necessarily represent state-of the-art and ENISA may update it from time to time.
Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the
external sources including external websites referenced in this publication.
This publication is intended for information purposes only. It must be accessible free of charge.
Neither ENISA nor any person acting on its behalf is responsible for the use that might be made
of the information contained in this publication.
Reproduction is authorised provided the source is acknowledged.
European Network and Information Security Agency (ENISA), 2012

Smart Grid Security


III
Annex V. Related initiatives

Contents
1

Introduction .......................................................................................................................... 2

Europe ................................................................................................................................... 6

Belgium ............................................................................................................................... 37

Denmark .............................................................................................................................. 38

Germany.............................................................................................................................. 39

Italy...................................................................................................................................... 42

The Netherlands.................................................................................................................. 44

United Kingdom .................................................................................................................. 46

USA ...................................................................................................................................... 48

10 International ....................................................................................................................... 58
11 Other web 2.0 initiatives ..................................................................................................... 67
12 Bibliography ........................................................................................................................ 71
13 Abbreviations ...................................................................................................................... 90

Smart Grid Security

Annex V. Related initiatives

Introduction

The aim of this section is to highlight a number of security initiatives and organisations that
are important for the cyber security of smart grids. These initiatives have been classified
according to their geographical origin and type. Furthermore, their mission/objectives and
primary activities related to smart grid cyber security are also described.
There are two groups of initiatives that have been excluded in this annex. On one side, all
those initiatives which addressed safety and security aspects of power generation and the
electricity grid, but not directly addressing cyber security are not included. Only those major
initiatives at the EU-level, which in the near term might also address cyber security, are
included. In the following lines we provide a list of these initiatives:

ETPIS
E-Energy
BDEW
Smart Grid Network
Electricity Regulatory Forum
ESIA Smart Grid Task Force
EUTC - ICT4SDG ICT for Smart Distributed Generation
More Microgrids
ELECPOR
Slovenian Technology Platform SmartGrids
FUTURED
e-CIP
HiperDNO

On the other hand, there is another group of initiatives which address cyber security issues of
general Industrial Control Systems (ICS). However, these documents could be an important
source of information for any stakeholder of the smart grid which needs to deal with
industrial automation or control systems security. For a detailed outlook on all these
documents we refer the reader to annex IV of ENISAs report Protecting Industrial Control
Systems - Recommendations for Europe and Member States (1). What follows is a list of
these initiatives:

IFAC
IFIP
ISACA
MERIDIAN Conference
SANS

Smart Grid Security


3
Annex V. Related initiatives

TCG
EPCIP
IMG-S
Sixth Framework Programme
NAMUR
VDI
CPNI
Byres Security Blog
WIB
National Risk Assessment
CPNI.NL
OLF
AMETIC
CNPIC
GIPIC
Protect-IC
Test bed Framework for Critical Infrastructure Protection Exercise (Cloud CERT)
PESI
SEMA
The MSB Industrial Control System Security Program
ACC
AGA
API
DoE
DHS
Digital Bond- S4 workshop
TISP
SCADA hacker
SCADAsec
SCADA/Control System Security Professionals
Water Security
Cyber Security in Real-Time Systems
MPCSIE

Finally, the following lines provide a brief explanation of some of the key fields that will be
used for the classification of the initiatives/organisations which are presented in this chapter:

Smart Grid Security

Annex V. Related initiatives

Name: Name of the initiative/organisation.


Type: Type of organisation/initiative (see below).
Line of action: The activities the group is related to (i.e. policy, standards, information
sharing, dissemination and awareness, economic or financial, technical, training and
education, R&D).
Participants: Stakeholder types which participate in the organisation/initiative (i.e.
manufacturer or integrator, security tools and services provider, DSO, TSO, power
generation, smart grid services provider (e.g. marketer), academia and R&D, public
bodies, standardisation bodies).
Mission/Objectives: Purpose of the group.
Activities related to smart grid security: Describes all those activities that the
initiative or the organisation being described has undertaken or is currently
undertaken on the field of smart grid (cyber) security and resilience.
Results: Standards, Good Practices, Regulations, Technical Reports, Technical
Solutions, etc.
Comments: Additional information about the organisation/initiative.
URL: The reference URL for the initiative being described.

The values of the Type field can be one of the following:


International agency: An association of public bodies from different countries, which
support its members, seeks to achieve common goals and collaborates with other
similar agencies and even non-member countries.
Industry association: An association that supports and protects the rights of a
particular industry and the people who work in that industry, and which seeks to
achieve the common goals of its members. There may be a public entity within these
associations, but it does not have a leading role.
Public Private Partnership: A government service or private business venture which is
funded and operated through a partnership of government and one or more private
sector companies.
Public body: An organization whose work is part of the process of government, but is
not a government department. 2
Regular private organisation: An organisation which is privately run and does not rely
on money from the government and funds from charities. They get make their own
money by providing a service at a cost.
Professional association: Also called a professional body, professional organization, or
professional society. A professional association is usually a non-profit organization
seeking to represent a particular profession, the interests of individuals engaged in
that profession, and the public interest.
European Technology Platform (ETP): are industry-led stakeholder for a charged with
defining research priorities in a broad range of technological areas where achieving EU

Smart Grid Security


5
Annex V. Related initiatives

growth, competitiveness and sustainability requires major research and technological


advances in the medium to long term.
Specialized event: Workshops, forums, conferences or summits focusing on ICS
security and CIP.
Online resource: A specialised website, blog, e-forum, online group, and similar
resources.
Project: Projects made by European Union countries and related to the security of
smart grids.
Other: When an initiative or an organisation does not match with any of the previously
defined types, it will be classified with this value.

Smart Grid Security

Annex V. Related initiatives

Europe

Name

Action plan on CIIP

Type

Other

Line of action

Organisational and Policy, Dissemination and awareness, Information


sharing, Technical, Economic or financial.

Participants

Public bodies, Manufacturers, Integrators, Operators, Security tools


and services providers.

Mission/Objectives

In order to enhance the security and resilience of CIIs, this integrated


EU action plan was devised by the European Commission to
complement and add value to existing national programmes as well as
to the existing bilateral and multilateral cooperation schemes
between Member States.This action plan was firstly introduced in
COM(2009)149 (19) and consisted of five main pillars:
Preparedness and prevention:
Baseline of capabilities and services for pan-European cooperation.
The Commission invites Member States and concerned stakeholders
to: define, with the support of ENISA, a minimum level of capabilities
and services for National/Governmental CERTs and incident response
operations in support to pan-European cooperation; make sure
National/Governmental CERTs act as the key component of national
capability for preparedness, information sharing, coordination and
response.
European Public Private Partnership for Resilience (EP3R). The
Commission will foster the cooperation between the public and the
private sector on security and resilience objectives, baseline
requirements, good policy practices and measures.
European Forum for information sharing between Member States
(EFMS). The Commission will establish a European Forum for Member
States to share information and good policy practices on security and
resilience of CIIs.
Detection and response:
European Information Sharing and Alert System (EISAS). The
Commission supports the development and deployment of EISAS,
reaching out to citizens and SMEs and being based on national and
private sector information and alert sharing systems.
Mitigation and recovery:
National contingency planning and exercises. The Commission invites

Smart Grid Security


7
Annex V. Related initiatives

Member States to develop national contingency plans and organise


regular exercises for large scale networks security incident response
and disaster recovery, as a step towards closer pan-European
coordination.
Pan-European exercises on large-scale network security incidents. The
Commission will financially support the development of pan-European
exercises on Internet security incidents, which may also constitute the
operational platform for pan-European participation in international
network security incidents exercises, like the US Cyber Storm.
Reinforced cooperation between National/Governmental CERTs. The
Commission invites Member States to strengthen the cooperation
between National/Governmental CERTs, also by leveraging and
expanding existing cooperation mechanisms like the EGC.29.
International cooperation:
Internet resilience and stability. Three complementary activities are
envisaged: A Europe-wide debate, involving all relevant public and
private stakeholders, to define EU priorities for the long term
resilience and stability of the Internet; the definition of guidelines for
the resilience and stability of the Internet, focusing inter alia on
regional remedial actions, mutual assistance agreements, coordinated
recovery and continuity strategies, geographical distribution of critical
Internet resources, technological safeguards in the architecture and
protocols of the Internet, replication and diversity of services and
data; work o na roadmap to promote principles and guidelines at the
global level.
Global exercises on recovery and mitigation of large scale Internet
incidents. The Commission invites European stakeholders to reflect on
a practical way to extend at the global level the exercises being
conducted under the mitigation and recovery pillar, building upon
regional contingency plans and capabilities.
Criteria for European Critical Infrastructures in the ICT sector:
ICT sector specific criteria. By building on the initial activity carried out
in 2008, the Commission will continue to develop, in cooperation with
Member States and all relevant stakeholders, the criteria for
identifying European critical infrastructures for the ICT sector.
The EP3R, the EFMS and EISAS can be interesting platforms for any
future action plan on ICS security at the European level.
Activities related to
smart grid security

Future activities of EP3R will also address cyber security challenges of


smart grids, building on the preparatory work being carried out by the
Commission and ENISA.

Smart Grid Security

Annex V. Related initiatives


Results

Policies

Comments

N/A

URL

http://ec.europa.eu/information_society/policy/nis/strategy/activities
/ciip/index_en.htm

Name

CEN/CENELEC/ETSI JWG and SG-CG

Type

International agency

Line of action

Standards

Participants

public bodies, standardization bodies

Mission/Objectives

The Smart Grids Task Force highlighted the importance of new


standards for a successful deployment of smart grids together with a
need for change and improvement of the existing standards. In
addition, this group of experts identified the risk of too many
standardization bodies providing an inconsistent set of standards. As
a result, the Expert Group 1 of the EC Smart Grid Task Force
concluded there was a need for a joint CEN/CENELEC/ETSI group on
standards for smart grids, to deal more intensively with establishing
detailed recommendations to selected standardization bodies. For
this reason the CEN/CENELEC/ETSI Joint Working Group (JWG) on
standards for the smart grid was established. It worked between June
2010 and March 2011 on the production of a report addressing
standards for smart grids. This document was called final report of
CEN/CENELEC/ETSI JWG on standards for smart grids.
In M/490 the European Commission requested ESOs to develop a
framework to enable ESOs to perform continuous standard
enhancement and development in the field of smart grids, while
maintaining transverse consistency and promote continuous
innovation. The focal point addressing the ESO's response to M/490 is
the CEN/CENELEC/ETSI Smart Grids Coordination Group (SG-CG)
which was built around the membership of the previous JWG.
Besides, M/490 requires the work to build on already existing
material delivered through other mandates such as the M/441 and
M/468. The SG-CG is the main and visible body of a larger structure
which includes four Working Groups (WG) which are coordinated by
the SG-CG. These working groups include:

Reference architecture WG.

First set of standards WG.

Sustainable processes WG.

Security WG (also referred sometimes as Smart Grid


Information Security Working Group - SGIS WG).

Smart Grid Security


9
Annex V. Related initiatives

Activities related to
smart grid security

In addition to other standardisation aspects (e.g. reference


architecture, communication interfaces, generation, transmission,
distribution, smart metering, etc.), the CEN/CELEC/ETSI JWG final
report on standards for smart grids includes a number of
recommendations for smart grid standarisation on the field of
information security.
On the other hand, the SGIS WG of the SG-CG is defining a number of
essential security requirements for smart grids based on
confidentiality, integrity, availability, reliability/resiliency, privacy and
interoperability criteria. Moreover, this WG is working on the
establishment of different security levels to classify the
infrastructures that the smart grid will comprise. Besides, it is also
revising international standars onsmart grid security, identifying gaps
and differences in current European regulations and standards.
Finally, the working group is also defining a set of tools and
methodologies to help clasiffying assets, assessing risks and filling the
aforementioned gaps and other requirements.

Results

Standard recommendations, Standards, Policies.

Comments

SG-CG is built upon the previous JWG

URL

http://www.cen.eu/cen/Sectors/Sectors/UtilitiesAndEnergy
/SmartGrids/Pages/default.aspx

Name

CEN/CENELEC/ETSI SM-CG

Type

International agency

Line of action

Standards

Participants

All stakeholders

Mission/Objectives

The European Commission and EFTA addressed Mandate M/441 to


CEN, CENELEC and ETSI and a Smart Meters Coordination Group (SMCG) was set up to answer this request. This group provides a focal
point concerning smart metering standardization issues in respect to
Mandate M/441 (20).
Mandate M/441 has two phases. The first requests the European
Standards Organizations to develop a European standard comprising
a software and hardware open architecture for utility meters that
supports secure bidirectional communication and allows advanced
information, management, and control systems for consumers and
service suppliers. In this context, the SM-CG identified the main
possible functional communication implementations relevant for
smart metering systems and the standards relevant to meeting the
requirements of mandate M/441, in particular to assist the active
participation of consumers in the energy markets.

Smart Grid Security

10

Annex V. Related initiatives


The second phase of Mandate M/441 requests the European
Standards Organizations to develop European Standards containing
harmonized solutions for additional meter functionalities within an
interoperable framework, using where needed the open architecture
developed under the first phase of Mandate M/441. To clarify
standardization requirements and to ensure consistency in the smart
meter dataflow, it is helpful to consider functionalities in details
through Use Cases.
Activities related to
smart grid security

The SM-CG produced a technical report, CEN-CLC-ETSI TR 50572:2011


'Functional reference architecture for communications in smart
metering systems'(21). This technical report identifies a functional
reference architecture for communications relevant for smart
metering systems and the standards relevant to meeting the
technical/data communications requirements of Mandate M/441, in
particular to assist the active participation of consumers in the energy
markets. Particularly, it addresses privacy and data security aspects
for the definition of the functional reference architecture,
emphasising also general security principles for smart meters.

Results

Technical Report

Comments

CENELEC Smart Meter Coordination Group

URL

http://www.cenelec.eu

Name

DG CONNECTs Ad-hoc Expert Group on the Security and Resilience of


Communication Networks and Information Systems for Smart Grids

Type

Public Private Platform

Line of action

Policy, standards, technical, dissemination and awareness

Participants

All stakeholders

Mission/Objectives

The European Commission created the Ad-hoc Expert Group to better


understand the views and objectives of the private and public sectors
on the ICT security and resilience challenges for the smart grids as
well as to identify and discuss about the related policies at EU level.
COM(2011) 163(22) on Critical Information Infrastructure Protection
as well as COM(2011) 202 (23) on smart grids were presented are the
two main pillars backin up this initiative. Specifically, COM (2011) 202
declares that the Commission should continue bringing together the
energy and ICT communities within an expert group to assess the
network and information security and resilience of smart grids.
The two main objectives of the Expert Group are:

The identification of European priority areas for which action


should be undertaken to address the security and resilience of

Smart Grid Security


11
Annex V. Related initiatives

communication networks and information systems for smart


grids, as well as the definition of recommendations on how to
progress on each of these areas at the European level.

Activities related to
smart grid security

The identification of which elements of the smart grid should


be addressed by the EG (e.g. smart appliances, smart
metering, smart distribution, smart (local) generation, smart
transmission) as well as the identification of key strategic and
high level security requirements, good practices based on
learned lessons and the proposition of mechanisms to raise
awareness among decision makers.

Based on the aforementioned two main objectives, a Programme of


Work(24) was defined with the mission of contributing to a coherent
and increased effort to improve the cyber security of the smart grids
and which focuses on the security and resilience of communication
and information systems that are critical for the performance of the
physical electricity infrastructure. This programme of work includes
four main areas, divided into twelve work packages. The areas and
WPs are the following:
I. Area 1. Risks, threats and vulnerabilities
a. WP 1.1 Identify and categorize all relevant smart grid
assets
b. WP 1.2 Develop an attach/threat taxonomy for
relevant assets
c. WP 1.3 Develop a countermeasure taxonomy for
relevant assets
d. WP 1.4 Develop a high-level security risk assessment
methodology for relevant assets
II. Area 2. Requirements and technology
a. WP 2.1 Security requirements
b. WP 2.2 Extend smart grid requirements to include
effective security measures
c. WP 2.3 Research smart grid communication protocols
and infrastructures to incorporate data security
measures
d. WP 2.4 (Public) procurement
III. Area 3. Information and knowledge sharing
a. WP 3.1 Develop a cross-border alliance between
Member States (MS) and relevant competent bodies
IV. Area 4. Awareness, education and training
a. WP 4.1 High level conference for strategic leaders

Smart Grid Security

12

Annex V. Related initiatives


b. WP 4.2 Propose initiatives to increase stakeholder
awareness on data security
c. WP 4.3 Skilled personnel on cyber security in energy
industry
Results

Technical reports, Recommendations

Comments

The first conclusions of the group will be made public in the second
quarter of 2012

URL

http://ec.europa.eu/dgs/information_society/index_en.htm

Name

Smart Grid Task Force

Type

Public Body

Line of action

Policy, Regulation

Participants

public bodies, standardization bodies

Mission/Objectives

To facilitate and support the process of an European Union-wide


smart grid implementation, the European Commission decided to set
up a Task Force on Smart Grids. The Task Force Smart Grids was
designed to provide a joint regulatory, technological and commercial
vision on smart grids taking into account accumulated experiences
worldwide and the technological challenges to be faced mainly during
next decade/s, so as to coordinate the first steps towards the
implementation of smart grids under the provision of the Third
Energy Package.
The Task Force aims to jointly agree among the regulatory
authorities, regulated companies and end users on key issues such as
the estimated cost/benefits, the associated risks and the incentives
needed. The ultimate goal of the initial work programme of the task
force is to identify and produce a set of regulatory recommendations
to ensure European Union -wide consistent, cost-effective, efficient
and fair implementation of smart grids, while achieving the expected
Smart Grids' services and benefits for the network users. The planned
efforts of this Work Programme are focussed on:

Functionalities of smart grid and smart meters: The key


deliverable is to provide an agreement among all actors
involved on a set of minimum functionalities for smart grids
and smart meters.

Regulatory recommendations for data safety, data handling


and data protection: The key deliverable is to identify the
appropriate regulatory scenario and recommendations for
data handling, safety and consumer protection.

Roles and responsibilities of actors involved in the smart

Smart Grid Security


13
Annex V. Related initiatives

grids deployment: The key deliverable is the development of


recommendations on the roles and responsibilities of all
involved actors in the implementation of the smart grids as
well as the definition of criteria and recommendations for
funding of smart grid deployment.
In the beginnning the Smart Grid Task Force comprised three Expert
Groups (EG) to which a fourth one was added afterwards. These EGs
are the following:

Activities related to
smart grid security

Expert Group 1: Functionalities of smart grids and smart


meters.
Expert Group 2: Regulatory recommendations for data safety,
data handling and data protection.
Expert Group 3: Roles and Responsibilities of Actors involved
in the smart grids deployment.
Expert Group 4: Smart grid aspects related to gas.

The EG2 is involved directly insmart grid security. This group aims to:

Identify the benefits and concerns of customers with regard to


smart grids.

Provide an overview of European legislation on data


protection, privacy and its enforcement.

Recommend whether further protective measures should be


put in place.

Identify possible risks in the handling of data, safety and data


protection.

Identify ownership of data and access rights.

Identify responsible parties for data protection


enforcement mechanisms.

Develop a framework in which way data can be used.

Provide recommendations on the Communication of Smart


Grid benefits to consumers, citizens and politicians.

and

The EG2 issued in February 2011 a report titled Regulatory


recommendations for data safety, data handling and data
protection(25) which focuses on identifying the appropriate
regulatory scenario and recommendations for data handling, security
and data protection.
Results

Regulations, policies, and policy recommendations.

Comments

The initial duration of the task force was 20 months, till May 2011

Smart Grid Security

14

Annex V. Related initiatives


URL

http://ec.europa.eu/energy/gas_electricity/smartgrids/
taskforce_en.htm

Name

Seventh Framework Programme (FP7)

Type

Other (Research and development programme)

Line of action

information sharing, dissemination and awareness.

Participants

All stakeholders

Mission/Objectives

The FP7 is the main Euroepan research programme with a 7 year


duration (2007-2013). The programme has a total budget of over 50
billion and its main objectives are to strengthen the scientific and
technological base of European industry, encouraging its international
competitiveness, while promoting research that supports EU policies.
The five main Specific Programmes that constitute FP7 are:
Cooperation, Ideas, People, Capacities and Nuclear Research.
The Funding schemes are the types of projects, by which FP7 is
implemented. They are the following:

Collaborative projects: collaborative projects are focused on


research projects with clearly defined scientific and
technological objectives and specific expected results (such as
developing new knowledge or technology to improve
European competitiveness). They are carried out by consortia
made up of participants from different countries, and from
industry and academia.

Networks of excellence: the Networks of Excellence are


designed for research institutions willing to combine and
functionally integrate a substantial part of their activities and
capacities in a given field, in order to create a European virtual
research centre in this field. This is achieved through a Joint
Programme of Activities based on the integrated and
complementary use of resources from entire research units,
departments, laboratories or large teams. The implementation
of this Joint Programme of Activities will require a formal
commitment from the organisations integrating part of their
resources and their activities.

Coordination and support actions: these are actions that

Smart Grid Security


15
Annex V. Related initiatives

cover not the research itself, but the coordination and


networking of projects, programmes and policies. This
includes, for example:
o Coordination and networking activities, dissemination
and use of knowledge
o Studies or expert groups assisting the implementation
of the FP.
o Support for transnational access to major research
infrastructures.
o Actions to stimulate the participation of SMEs, civil
society and their networks.
o Support for cooperation with other European research
schemes (e.g. frontier research).
Activities related to
smart grid security

There are some projects under the scope of the FP7 which are related
to smart grid security. The following sets out a number of them:

ELVIRE(26): It is an Information and Communication


Technologies (ICT) research project. Its purpose is to develop
an effective system which is able to neutralize the drivers
range anxiety. In order to ease and optimize energy
management of Electric Vehicles (EV) and to cope with the
sparse distribution of electrical supply points during the rampup phase, innovative Information and Communications
Technologies and service concepts are being developed. The
participants of this project are working on procedures to
secure data transmission between vehicles and external
services, sending the information in real time.

AFTER (27): This project addresses vulnerability evaluation and


contingency planning of the energy grids and energy plants,
considering also the ICT systems used in protection and
control. It aims to develop a methodology and a tool for
vulnerability analysis and risk assessment of interconnected
electrical power systems considering their interdependencies.
Moreover, it also aims at developing develop algorithms and
tools supporting contingency planning in a two-fold approach:
preventing or limiting system disruption, by means of physical
security techniques and defence plans; and re-establishing the

Smart Grid Security

16

Annex V. Related initiatives


system after a major disruption, by means of restoration plans.

Open Meter (28): The main objective of the OPEN meter


project is to specify a comprehensive set of open and public
standards for Advanced Metering Infrastructure
(AMI)
supporting multi commodities (Electricity, Gas, Water and
Heat), based on the agreement of the most relevant
stakeholders in the area. The general requirements include
aspects such as security, interoperability, robustness,
scalability, maintenance, performance and management. Part
of its work focuses on the identification and specification of
security requirements and on the determination of security
clauses. The project includes specific tasks devoted to cyber
security in smart grid environments. Besides, a series of
deliverables providing an overview on the steps to be
implemented to achieve a secure smart grid.

Internet of Energy (29) (30): The objective of this project is to


develop hardware, software and middleware for seamless,
secure connectivity and interoperability achieved by
connecting the Internet with the energy grids. The project will
evaluate and develop the needed ICT for the efficient
implementation in future smart grid structures, including
security capabilities.

DLC+VIT4IP: this project will develop, verify and test a highspeed narrow-band power line communications infrastructure
using the Internet Protocol (IP) which is capable of supporting
existing and extending new and multiple communication
applications. These shall include the existing power
distribution network for novel services in smart electricity
distribution networks such as demand side management,
control of distributed generation and customer integration.
This projects develops, among other things, reference designs
and embedded systems architectures for the high efficiency
and secure smart network systems addressing requirements
on compatibility, networking, security, robustness, diagnosis,
maintenance, integrated resource management and selforganization.

Results

Technical reports, good practices.

Comments

FP7 is the short version for Seventh Framework Programme

Smart Grid Security


17
Annex V. Related initiatives

URL

http://cordis.europa.eu/fp7/home_en.html

Name

Smartgrids ETP

Type

European Technology Platform

Line of action

Dissemination and awareness, Policy, R&D

Participants

All smart grid stakeholders

Mission/Objectives

The Smartgrids ETP is the European Technology Platform for


Electricity Networks of the Future. It is the key European forum for
the crystallisation of policy and technology research and the
development of pathways for the smart grids sector, as well as the
linking glue between EU-Level related initiatives.
The mission of the Smartgrids ETP includes:

To foster and support the deployment of SmartGrids in


Europe by advising and coordinating the stakeholders:
European Commission, TSO, DSO, Energy System and
Component vendors, Energy Research Centres, Smart
Metering Industry, Energy Consumers, Utilities Telecom
Providers and Grid Regulators.

To ensure the strategic relevance of the Platform and its


consistency with EU policy.

To link with relevant technology platforms dealing with


energy matters that have an impact both at the generation
and the demand side, on the future of the grid.

To provide relevant input to the EU initiatives such as the SETplan and its European Industrial Initiatives.

The Smartgrids ETP main objectives are:

To ensure that the vision and its implementation remain


focused on responding to the needs of customers and the
delivery of European policy.

To maintain a high level strategic overview of sector


developments, opportunities and threats, bringing forward
issues of priority for attention.

To be a facilitator, working with the grain of sustainable


energy policy for a competitive Europe.

To
promote
SmartGrids
research,
demonstration and deployment projects.

To build and maintain a shared vision for the future of


Europes electricity networks and to be a catalyst for its

development,

Smart Grid Security

18

Annex V. Related initiatives


implementation.
The European Technology Platform for Electricity Networks of the
Future actively engages with smart grids stakeholders (researchers,
academia, civil societies, industry), European Commission-funded
research projects and initiatives, related European Technology
Platforms and global grids organisations in a wide range of activities
relevant to the R&D&I of electricity networks in Europe:

Activities related to
smart grid security

Publishing the following documents: vision paper, strategic


research agenda, strategic deployment document

Formulating proposals and recommendations for the


European Electricity Grid Initiative under the framework of
the SET-Plan

Monitoring Research, Studies, Pilot Plants and Demonstration

Responding and disseminating relevant public consultations

Organising Workshops of stakeholders to engage them in its


activities

Taking awareness and communication actions, including the


organisation general assemblies, and development of a
website. A video to disseminate the concept of the ETP vision
for the future was also released in 2007.

In the Smartgrid ETPs document Strategic research agenda for


Europes electricity networks of the future(31), the security
dimenssion, in its broadest sense, is considered one of the strategic
pillars. Besides, it defines several research areas which acknowledge
the importance of ICT in the new smart grid and the reliability and
security factors. Other research areas consider security from the
point of view of performance expectations, including topics such as
graceful degradation to maximize reliability, availability and resilience
of the grid. In any case cyber security or privacy aspects related to
Information and communication technology are not directly
addressed.
The strategic deployment document of 2010 describes the priorities
for the deployment of innovation in the electricity networks and the
benefits that such innovations will deliver for all takeholders. As it
happens with the strategic research agenda, security is at the
fundamentals of the document. However it is mainly focused on
operational security, relience, reliability and availability, leaving out
cyber security or privacy issues.

Results

Research plans, Recommendations on future strategies

Comments

N/A

URL

http://www.smartgrids.eu

Smart Grid Security


19
Annex V. Related initiatives

Name

EU-US Working Group on Cyber-security and Cybercrime

Type

Other

Line of action

Information sharing, dissemination and awareness, training and


education, organisational and policy.

Participants

Public Bodies

Mission/Objectives

The EU-US Working Group (EU-US WG) on Cyber-security and


Cybercrime was established in the context of the EU-US summit of
20th of November 2010 held in Lisbon. Its main objective is to tackle
new threats to the global networks upon which the security and
prosperity of our free societies increasingly depend. The EU-US WG
addresses a number of specific priority areas and was planned to
report progress within a year time after its establishment. The efforts
include:

Activities related to
smart grid security

Expanding incident management response capabilities jointly


and globally, through a cooperation programme culminating
in a joint EU-US cyber-incident exercise by 2012.

A broad commitment to engage the private sector, sharing of


good practices on collaboration with industry, and pursuing
specific engagement on key issue areas such as fighting
botnets, securing industrial control systems and smart grid
(such as water treatment and power generation), and
enhancing the resilience and stability of the Internet.

A programme of immediate joint awareness raising activities,


sharing messages and models across the Atlantic, as well as a
roadmap towards synchronised annual awareness efforts and
a conference on child protection online in Silicon Valley by
end 2011.

Continuing EU/US cooperation to remove child pornography


from the Internet, including through work with domain-name
registrars and registries.

Advancing the Council of Europe Convention on Cybercrime,


including a programme to expand accession by all EU Member
States, and collaboration to assist states outside the region in
meeting its standards and become parties.

With respect to ICS andsmart grid security the proposed tasks include
the stock taking and comparative analysis of existing initiatives,
pilots, good practices and methods addressing ICT risks, privacy and
security. The input from the EU side includes:

Activities at national level (NL, DE, UK, SE) as well as at


European level (Euro-SCSIE, possibly via Member States

Smart Grid Security

20

Annex V. Related initiatives


experts in the WG and during the stock taking of the ENISA
studies on ICS and smart grids security)

Ongoing ENISA studies on industrial control systems and


interdependencies of ICT sector to energy

Activities of the Expert Group on the Security and Resilience


of Communication Networks and Information Systems for
Smart Grids, composed of European public and private
stakeholders and coordinated by DG CONNECT.

The input from the US side includes:

Experiences in international public-private coordination to


mature acceptance of voluntary security standards.

Specific methodology and mechanisms to engage with the


private sector to achieve cooperation and mutual engagement
in public-private control system security coordination.

The deliverables expected from this cooperation include:

Strategy for EU and US engagement on the control


system/smart grid priority area;

Plan of Action for EU and US public private engagement on


cyber security of industrial control systems and smart grids;
this will also draw on an analysis of existing coordination
bodies for security of industrial control systems and
highlighting best practices for voluntary participation
developed within them.

Results

Good practices

Comments

N/A

URL

http://europa.eu/rapid/pressReleasesAction.do?reference=
MEMO/10/658&type=HTML

Name

JRC, Smart Electricity Systems Group (SES)

Type

Public Platform

Line of action

Policy and standards

Participants

All stakeholders

Mission/Objectives

The Smart Electricity Systems (SES) group of the JRC provides


scientific support to Directorates-General of the European
Commission on policies and initiatives on smart electricity grids. SES
supports the policy-making process on the developments of the
trans-European and power distribution networks, focusing also on
advances towards super and smart grids architectures. The SES Action

Smart Grid Security


21
Annex V. Related initiatives

concentrates on the following activities:

Design, set up and run the first JRC experimental activities on


smart grids to assess the adequacy and reliability of micro grid
systems embedding renewables and Distributed Energy
Resources, including storage.

Provide technical and policy support to customer DGs on


initiatives related to the development and the operation of
the current and future transmission and distribution
networks, taking into account advances in smart and super
grids concepts; this will be done particularly with relation to
the Strategic Energy Technology Plan (SET-Plan) and the
Energy Infrastructure Package.

Further develop and improve dedicated models and tools to


assess the vulnerability, reliability and security of supply
challenges of the EU electricity transmission and distribution
systems, during both normal and special operational
conditions. The models will be combined with an energy
security Geographic Information System (GIS) framework and
database, especially designed to communicate results in a
user-friendly and geo-referenced manner.

Strengthen cooperation on research and demonstration on


smart transmission and distribution grids with key
stakeholders at the EU, Member State and international level.

Contribute assessing the interdependencies of the ICT and


power systems and to implement the work plan of the new
FP7 AFTER competitive project on power systems vulnerability
identification, defence and restoration.

Activities related to
smart grid security

As it has already been mentioned in the mission/objectives section,


the SES group of the JRC aims to further develop and improve
dedicated models and tools to assess the vulnerability, reliability and
security of supply challenges of the EU electricity transmission and
distribution systems, during both normal and special operational
conditions. The models are envisioned to be combined with an
energy security Geographic Information System (GIS) framework and
database, especially designed to communicate results in a userfriendly and geo-referenced manner.

Results

Good Practices, Technical Reports.

Comments

Following a request from DG ENER, the JRC Smart Electricity Systems


Action carried out an independent assessment of smart grid projects
throughout Europe. They launched a survey to collect smart grid
experiences in Europe and support analysis on trends and
developments in smart grids implementation.

URL

http://ses.jrc.ec.europa.eu

Smart Grid Security

22

Annex V. Related initiatives

Name

CEER

Type

International Agency

Line of action

Policy, standards

Participants

Europe's national regulators of electricity and gas at EU and


international level.

Mission/Objectives

The Council of European Energy Regulators (CEER) is the voice of


Europe's national regulators of electricity and gas at EU and
international level. Through CEER, a non-for-profit association, the
national regulators cooperate and exchange best practice. A key
objective of the CEER is to facilitate the creation of a single,
competitive, efficient and sustainable EU internal energy market that
works in the public interest. Besides, CEER works closely with and
supports the work of the Agency for the Cooperation of Energy
Regulators (ACER).
The Electricity Working Group (EWG) of
related to the European electricity grids
market. According to them, in 2012, the
following areas of work: quality of supply,
development, security of supply.

Activities related to
smart grid security

CEER deals with issues


and the EU electricity
EWG will focus on the
smart grids, sustainable

During 2012 CEER will see the continuation of the previous efforts to
address the challenges of security of supply from the viewpoint of
generation adequacy, elaborating guidelines of good practices.
Three task forces have been defined, from which two of them are
directly related to security aspects of the smart grid. These task
forces are:
Electricity Quality of Supply and Smart Grids (EQS) Task Force, which
is working on quality issues and the regulatory aspects of smart
grids.
Electricity Security of Supply (ESS) Task Force which is addressing the
challenges of security of supply from the viewpoint of generation
adequacy.
Even though security and reliability of the grid are the focus of many
of the efforts of this agency, cyber security issues are not still being
considered as a key aspect.

Results

Annual overview and future work programme documents; Annual


national reports for each EU country; Regulatory guidelines and good
practices; Newsletter

Comments

Council of European Energy Regulators

Smart Grid Security


23
Annex V. Related initiatives

URL

http://www.energy-regulators.eu

Name

ANEC

Type

Other

Line of action

Standardisation

Participants

Represents the European consumer

Mission/Objectives

ANEC is the European consumer voice in standardisation. This


association represents the European consumer interest in the
creation of technical standards, especially those developed to
support the implementation of European laws and public policies.
ANEC participates principally through its voluntary experts in the
standards development work of the three European Standards
Organisations (ESOs) recognised by the European Union and EFTA:
CEN, CENELEC, and ETSI.
ANEC is governed by a general assembly which comprises one one
individual from each of the 30 countries of the European Union and
EFTA. The individual is nominated through a collective decision of the
national consumer organisations in each country and acts as the
interlocutor between them and ANEC.

Activities related to
smart grid security

ANEC was invited by ESOs to participate in both, Smart Meter Coordination Group (SM-CG) established to execute Mandate
M/441(20) on Measuring Instruments and Smart Grid Coordination
Group (SG-CG) established to execute M/490(32) to support
European smart grid deployment.
Additionally, and in order to defend the consumer interests in the
policy and standardisation activities related to the implementation of
the third EU Energy Package, ANEC has joined the European
Commission Smart Grid Task Force where it helps identifying
regulatory recommendations for implementing Smart Grids.
As a result of the participation of ANEC in such initiatives, several
documents were developed. These documents include a number of
aspects considered key by consumers on data privacy and security,
mostly referring to keep data confidential and secure both during
their transmission and storage. Besides, some of these documents
have been a basis for developing COM (2011) 202(23) and SEC (2011)
463(33).

Results

Papers and annual technical reports

Comments

N/A

URL

www.anec.eu

Smart Grid Security

24

Annex V. Related initiatives

Name

DIGITALEUROPE

Type

Industry Association

Line of action

Policy, information sharing, dissemination and awareness

Participants

Integrators and services providers

Mission/Objectives

DIGITALEUROPE represents the digital technology industry in Europe.


This initiative has more than 100 members and include some of the
world's largest IT, telecoms and consumer electronics companies and
national associations from every part of Europe. Digital Europe wants
European businesses and citizens to benefit fully from digital
technologies and for Europe to grow, attract and sustain the world's
best digital technology companies.
DIGITALEUROPE aims to facilitate non-commercial collaboration and
coordination between member companies and national trade
associations across the European Union, and assist them in sharing
best-practices in many business operations and facilitating the
agreement of international standards in close collaboration with
international standards bodies. DIGITALEUROPE provides a full range
of services to its membership and generally to stakeholders in the
digital economy. Including:

Promoting the development of best practices and


benchmarking within the DIGITALEOPE membership
Providing up-to-date, high-value industry data and
information to members on all aspects of the Digital Economy
in Europe and around the world
Delivering a forum for knowledge exchange and information
sharing between members through industry programmes and
pan European events.
Monitoring all relevant initiatives to industring, informing
members through regular mailings, emails, newsletters and
information transfer, as well as the hosting and and
organisation of meetings and events.

The organisation is dedicated to improving business environment for


the European digital technology industry and to promoting their
sectors contribution to economic growth and social progress in the
European Union. It represents the interests of both, national
associations and corporate organisations, operating in the

Smart Grid Security


25
Annex V. Related initiatives

information technology and consumer electronics sector in European


towards.The European parliament and the European Commission.

Activities related to
smart grid security

DIGITALEUROPE is one of 25 European Associations representing all


European Stakeholders that are assumed to play a role in the
implementation of smart grids. It participates actively in the Smart
Grids Task Force through the participation in the 3 working groups
that have been setup, the Steering Committee and the issue of the
present position paper representing the position of DIGITALEUROPE
members.
DIGITALEUROPE have grouped some experts on smart grids to create
a technical and regulatory group on privacy and security.
DIGITALEUROPEs Privacy & Security group is focusing on three key
areas:

Data protection: the group is actively engaged in developing


common industry agreements on how to balance the
opportunities and challenges to harmonisation to enable
businesses take a Europe-wide and global view of data
protection compliance.

Online advertising: the group is contributing to discussions on


the benefits and potential risks of monitoring consumer
behaviour for commercial purposes, as well as the
technologies used for such purposes.

Network Information and Security (NIS): the Privacy &


Security group is contributing its expertise to initiatives and
consultations lead by the Commission and the European
Network Information Security Agency (ENISA).

Results

Technical reports

Comments

N/A

URL

http://www.digitaleurope.org

Name

EDSO-SG

Type

Industry Association

Line of action

Awareness and dissemination, training and education

Participants

DSOs

Mission/Objectives

EDSO for smart grids aims to be the key reference point in the
coordination of all European DSOs efforts.
The purpose of the Association is to structure, lead and enhance, not
for profit cooperation between European distribution system

Smart Grid Security

26

Annex V. Related initiatives


operators for electricity as well as assure, manage, represent and
promote their common interests, specifically on smart grids
development and implementation.
Together with ENTSO-E and European Technology Platform
SmartGrids (ETP Smart Grids), they play an important role in the
planning, monitoring and dissemination of the European Electricity
Grid Initiative.
Activities related to
smart grid security

EDSO for smart grids plays an active role in the European regulatory
process on smart grids development and implementation.
Some of its goals include the security of supply and the promotion of
the reliability of electricity distribution grids.

Results

Technical reports

Comments

EDSO-SG stands for European Distribution System Operators for


Smart Grids

URL

http://edsoforsmartgrids.eu

Name

ENTSO-E

Type

International Agency

Line of action

Standards, policy, dissemination and awareness,


economical/financial, technical.

Participants

TSO

Mission/Objectives

The European Network of Transmission System Operators for


Electricity represents all electric TSOs in the EU and others connected
to their networks, with one voice for all regions, and for all their
technical and market issues.
ENTSO-E's mission is to promote important aspects of energy policy
in the face of significant challenges:

Security: it pursues coordinated, reliable and secure


operations of the electricity transmission network.

Adequacy: it promotes the development of the


interconnected European grid and investments for a
sustainable power system.

Market: it offers a platform for the market by proposing and


implementing standardized market integration and
transparency frameworks that facilitate competitive and truly
integrated continental-scale wholesale and retail markets.

Sustainability: it facilitates secure integration of new


generation sources, particularly growing amounts of

Smart Grid Security


27
Annex V. Related initiatives

renewable energy and thus the achievement of the EU's


greenhouse gases reduction goals.
Activities related to
smart grid security

WG European operational standards (WG EOS) (34): The WG EOS


provides proposals for the harmonization of operational standards on
the pan-European level and for the promotion of operational
coherence among regions, thus facilitating the market processes. It
contributes to ensure compatibility between system operation,
market solutions and system development issues. The WG EOS
analyses proposals for definitions and updating of technical and
operational standards for implementation by regions and individual
TSOs.
WG Critical System Protection (WG CSP) (35): The WG CSP copes
with the development of critical system and infrastructure protection
on European level. The WG CSP is responsible for coordinating critical
system protection issues regarding electricity transmission. The main
function of the WG CSP is to follow the development of the critical
infrastructure protection at European level, and to contribute to the
dialog with the European Commission on critical infrastructure
protection.
WG Electronic Highway (WG EH) (36): The WG EH coordinates the
usage and extension of the electronic highway in order to provide a
secure and reliable information exchange for system operations
throughout Europe.

Results

Technical reports, recommendations.

Comments

ENTSO-E stands for European network of transmission system


operators for electricity

URL

https://www.entsoe.eu/

Name

EEGI

Type

Other

Line of action

R&D

Participants

TSOs and DSOs

Mission/Objectives

The EEGI is one of the European Industrial Initiatives under the


Strategic Energy Technologies Plan (SET Plan) and proposes a 9 years
European research, development and demonstration (RD&D)
programme initiated by electricity transmission and distribution
network operators (ENTSO) to accelerate innovation and the
development of the electricity networks of the future in EU.
Both ENTSO-E and EDSO-SG are the main two organisations behind

Smart Grid Security

28

Annex V. Related initiatives


the EEGI.
The programme focuses on system innovation rather than on
technology innovation, and addresses the challenge of integrating
new technologies under real life working conditions and validating
the results.
The strategic objectives of the EEGI are:

Activities related to
smart grid security

To transmit and distribute up to 35% of electricity from


dispersed and concentrated renewable sources by 2020 and a
completely decarbonized electricity production by 2050.

To integrate national networks into a market-based, truly panEuropean network, to guarantee a high-quality of electricity
supply to all customers and to engage them as active
participants in energy efficiency.

To anticipate new developments such as the electrification of


transport.

To substantially reduce capital and operational expenditure


for the operation of the networks while fulfilling the
objectives of a high-quality, low-carbon, pan-European,
market based electricity system.

The EEGIs Research, Development and Demonstration (RD&D)


programme defines 4 barriers: Technology barriers,
RD&D
organisation barriers, Market failures and distortions, Public
barriers. Technology barrier includes aspects such as cyber security
and data privacy on smart grid.
All project inside EEGi need to include a cyber secutiry policy besides
other policies or strategies.

Results

N/A

Comments

EEGI stands for European Electricity Grid Initiative

URL

https://www.entsoe.eu/rd/eegi/

Name

ENCS

Type

Public Private Partnership

Line of action

Technical, information sharing, dissemination and awareness

Participants

DSO, Academia and R&D, public bodies, standardization bodies

Mission/Objectives

The ENCS aims to be the partner for organisations working on the


security and protection of critical digital infrastructures, to help them
to make accurate risk assessments and to take the appropriate
measures to safeguard these infrastructures and guaranteeing the

Smart Grid Security


29
Annex V. Related initiatives

continuity and smooth running of the systems. ENCS is the evolution


of CyberTECH group.
ENCS is an independent European public-private collaboration. Their
Founding members are Alliander (Dutch DSO), City of The Hague,
CPNI.NL, KEMA, KPN (Biggest Dutch Telecom provider), Radboud
University Nijmegen and TNO. The idea of ENCS is that it contributes
to the resilience of CI by connecting people and organizations, being
an information and knowledge sharing catalyst and educating people
to the highest management levels. The ENCS will not only focus on
the technical, but also on physical and personnel security.
Activities related to
smart grid security

The ENCS focuses primarily on the protection of smart grids and


critical infrastructures Process Control Domains, which still present
substantial cyber security issues and challenges. To address them, the
ENCS connects existing organisations. The ENCS is planned to
constantly scan the international arena for relevant developments,
innovating and creating new initiatives to enable others. Besides the
public-private network of experts and organizations, the ENCS will
focus on four main areas:

Research & Development

Test Bed

Information & Knowledge Sharing

Education & Training

All four focus areas are interconnected, providing collaborative input


and optimal synergy. The ENCS will start primarily on the protection
of smart grids and CIs Process Control Domains. These still present
substantial cyber security issues and challenges. To address them, the
ENCS will connect existing organisations as the European
Commission, ENISA, Joint Research Centre and national public and
private initiatives across Europe and beyond collaboration with the
DHS Control Systems Security Program and Idaho National Labs are
prime examples.
Results

Research & development reports, Test beds, Information &


Knowledge Sharing platform, Education & training courses

Comments

ENCS stands for European Network for Cyber Security


ENCS was formerly known as Cyber-TECH

URL

N/A

Smart Grid Security

30

Annex V. Related initiatives


Name

ESMIG

Type

Public Body

Line of action

policy, standards, information sharing, technical

Participants

All stakeholders

Mission/Objectives

The European Smart Metering Industry Group (ESMIG) has the


objective to deliver the benefits of Smart Metering across Europe.
The association and membership, through their internal working
groups and involvement in several stakeholder groups, are providing
expertise and advice to European institutions and organisations on
the key issues for a European-wide implementation and roll-out of
Smart Metering technologies.
There are four working groups:

Activities related to
smart grid security

ESMIG - European Business Systems Integration and


Interoperability Group (EBSII)

ESMIG - Communications Technology Group (CTG)

ESMIG - Regulation And Policy Group (RPG)

ESMIG - Multi Utility Metering Group (MUM)

External activities of ESMIG supports the SM-CG (Smart Meter


Coordination Group) with the definition of a functional reference
architecture of the Advanced Metering Infrastructure (AMI), the
definition of a glossary of commonly used terms and finally, with the
definition of functional requirements by Use Cases.
ESMIG is represented in the steering committee and in the various
working Groups of the SG-CG (Smart Grid Coordination Group).
ESMIG ensures that the work of the Smart Grid Expert Groups and
the SM-CG is taken into consideration and finds its way in the work
packages and the results of the SG-CG. ESMIG is one of the industry
associations represented in this group. Proposals for changes in the
MID are reviewed by the MUM group of ESMIG while its comments
are taken into account and discussed by the WGMI (Working Group
Measuring Instruments).
ESMIG is represented in the European Electricity Grid Initiative (EEGI),
which is one of the six European Industrial Initiatives (EII) laid down in
the Strategic Energy Technology Plan (SET).
ESMIG's RPG group formulates responses to the public consultations
of
the
EEGI(37).http://www.esmig.eu/about-us/smart-metercoordination-group-sm-cg-new
Since its foundation in July 2008, ESMIG has achieved in a short time
a very high level of recognition and visibility at EU-level and is
recognised as an honest broker of industrys interest in the energy
area with a specific focus on smart metering and smart grid.

Smart Grid Security


31
Annex V. Related initiatives

Results

Technical reports

Comments

ESMIG stands for European Smart Metering Industry Group

URL

http://www.esmig.eu/

Name

EURELECTRIC

Type

Electricity Industry

Line of action

policy making level

Participants

Operators, DSO, TSO, Public Bodies

Mission/Objectives

The Union of the Electricity Industry - EURELECTRIC is also the


association of the electricity industry within the European Union,
representing it in public affairs, in particular in relation to the
institutions of the EU and other international organisations.
Its mission is to contribute to the development and competitiveness
of the electricity industry and to promote the role of electricity in the
advancement of society. As a centre of strategic expertise, The Union
of the Electricity Industry - EURELECTRIC identifies and represents the
common interests of its members and assists them in formulating
common solutions to be implemented and in coordinating and
carrying out the necessary actions. To that end it also acts in liaison
with other international associations and organisations, respecting
the specific missions and responsibilities of these organisations.
EURELECTRIC identifies and represents the common interests of its
members and assists them in formulating common solutions to be
implemented and in coordinating and carrying out the necessary
actions. To that end it also acts in liaison with other international
associations and organisations, respecting the specific missions and
responsibilities of these organisations.

Activities related to
smart grid security

This initiative develops many projects and one of them is a project


about smart grids, 10StepsTosmartGrids(38). One of this project
steps is focused on DSO Ensuring security and reliability of supply for
good practices on a regulation environment.

Results

White Paper, Events

Comments

N/A

URL

http://www2.eurelectric.org/

Name

EuroSCSIE

Smart Grid Security

32

Annex V. Related initiatives


Type

Public Private Partnership

Line of action

Dissemination and Awareness, Technical.

Participants

Academia and R&D, Public bodies, Standardisation bodies

Mission/Objectives

The EuroSCSIE aim is from European industry, government, and


research to benefit from the ability to collaborate on a range of
common issues, and to focus effort and share resource where
appropriate. Its main focus is Information Sharing and the
expectations are to raise the level of protection adopted across
Europes SCADA and Control Systems (SCADA/CS).
Among its objectives, we highlight the following ones:

Activities related to
smart grid security

To define a European information exchange system for


security-related information about SCADA and control
systems.

To share and exchange information using the Traffic Light


Protocol.

To cultivate a network of relevant government, industrial and


research actors.

To establish the basis for a pan-European system for the


exchange of security-related information concerning SCADA
and control systems.

Some of the activities carried out by EuroSCSIE related with smart


grid include:

Sharing of incidents and good practices

Questionnaire on Control System Cyber-Security (aimed at


vendors) 2008/2009

Standards and requirements (e.g. WIB Process Control


Domain Security Requirements for Vendors (39))

Self Assessment tools (like the one from CPNI UK)

Smart Grids (e.g. Smart Grid Conference in Baarn - 2010)

Results

Information exchange, technical report, reference manuals

Comments

EuroSCSIE stands for European SCADA and Control Systems


Information Exchange

URL

sta.jrc.ec.europa.eu/index.php/competitive-projects-/21-scni/8-escsie
http://www.cpni.nl/informatieknooppunt/internationaal/euroscsie

Smart Grid Security


33
Annex V. Related initiatives

Name

GEODE

Type

Industry association

Line of action

Information sharing

Participants

DSO

Mission/Objectives

Founded in 1991, this association represents more than 600


companies in 12 countries, both privately & publicly owned. GEODE
defends the interest of the local distributors in front of energy
authorities on national and international level and allows the
exchange of expertise, the share of data and competence.
The mission statement of GEODE is to establish equal opportunity
access to European energy infrastrutures for all those involved in
serving the customer needs on energy, with the aim to create a truly
competitive European energy market.

Activities related to
smart grid security

GEODE has created a questionaire where question to stakeholders on


issues of energy efficiency, renewable energy sources and energy
awareness, and some question about smart grid security

Results

Technical report, questionaire

Comments

GEODE stands for Groupment Europen des Entreprises et


Organismes de Distribution dEnergie (European Group of Energy
Distribution Companies and Organizations).

URL

http://www.geode-eu.org/

Name

PRIME Alliance

Type

Industry association

Line of action

technical

Participants

DSO, TSO, Manufacturers

Mission/Objectives

The PRIME Alliance provides a forum for the creation of an open,


single specification and standard for narrowband power line for
smart grid products and services. The mission of the Alliance is to
accelerate the demand for products and services based on the
worldwide standard and promote the broad adoption and use of the
specification while promoting multi-vendor interoperability and
compatibility with the global standard.
The main goals are:

To provide a forum for the creation (definition, establishment


and support) of an open single specification and standard for

Smart Grid Security

34

Annex V. Related initiatives


narrowband powerline for SmartGrid products and services;

To accelerate the demand for products and services based on


the worldwide standard through the sponsorship of the
market and user education programs;

To encourage and to promote broad and open industry


adoption and use of such specification; and

To promote PRIME as a global powerline standard and to


promote multi-vendor interoperability for markets/equipment
and compatibility under the PRIME standard.

The PRIME (PoweRline Intelligent Metering Evolution) specification


represents a
new
public,
open
and
non-proprietary
telecommunications architecture which will support present and
future AMM functionalities and enable the building of the electricity
networks of the future, or smart grids.
PRIME technology uses Orthogonal Frequency Division Multiplexing
(OFDM) in CENELEC A-band. The final target of PRIME is to establish a
complete set of international standards which will allow for
interoperability among equipment and systems from different
manufacturers. Thus, competition in the metering market will benefit
consumers.
Unlike other commercially available solutions, the components of this
new architecture (modulation and coding techniques, protocols, data
formats, etc.) will not be subject to any Intellectual Property Right.
Thanks to PRIME, specifications of an AMM system will be
comprehensive and detailed enough so that any new entrant will be
able to provide interoperable solutions to the market.

Activities related to
smart grid security

PRIME defines lower OSI layers of a PLC narrowband data


transmission system over the electricity grid. The whole system has
been designed to be low cost and high performance.
The PRIME protocol specifications includes varoius security profiles.
The security functionality provides privacy, authentication and data
integrity to the MAC layer through a secure connection method and a
key management policy. Several security profiles are provided to
manage different security needs, which can arise in different network
environments. The current version of the specification enumerates
two security profiles and leaves scope for adding up to two new
security profiles in future versions.

Smart Grid Security


35
Annex V. Related initiatives

Results

Protocols , standard, technical report

Comments

N/A

URL

http://www.prime-alliance.org/

Name

DLMS User Association

Type

Public Private Partnership

Line of action

Standard

Participants

DSO, Manufacturers, System provide, Utilities, Public Bodies,


Standardisation Bodies

Mission/Objectives

The DLMS Use Association is a non-profit organisation, located in


Geneva, Switzerland. Its mission is to develop, promote and maintain
the DLMS/COSEM specification. It provides an information exchange
forum for users, manufacturers and system providers, test houses
and standardisation bodies. It also provides a conformance testing
and certification scheme for metering equipment implementing the
specification. The DLMS UA is formally liased with IEC TC 13 WG 14.
DLMS stands for Distribution Line Message Specification. It is an
application layer specification, independent of the lower layers and
thus of the communication channel, designed to support messaging
to and from (energy) distribution devices in a computer-integrated
environment. It is an international standards established by IEC TC 57
and published as IEC 61334-4-41.
COSEM stands for COmpanion Specification for Energy Metering. It is
an interface model of communicating energy metering equipment,
providing a view of the functionality available through the
communication interfaces. The modelling uses an object-oriented
approach.

Activities related to
smart grid security

DLMS/COSEM is used in metering systems for electricity, gas, water


and heat. Strong and growing interest from all continents provide a
positive feedback on the achievement of the objectives set by the
DLMS UA. Some countries have already included DLMS/COSEM in
their national regulations. Others are considering it.
The DLMS/COSEM specification devotes several sections to privacy,
security and non-repudiation of the metering communications.

Results

Standard, technical report, protocol

Smart Grid Security

36

Annex V. Related initiatives


Comments

N/A

URL

http://www.dlms.com/organization/index.html

Smart Grid Security


37
Annex V. Related initiatives

Belgium

Name

Smartgrids Flanders

Type

Public body

Line of action

R&D, information sharing.

Participants

All stakeholders

Mission/Objectives

Smart Grids Flanders is the driving force behind the deployment of


smart grids, not only in Flanders but also abroad. The involvement
and participation of members are important, as a good relationship
with the government, which determines the rules.
The objective of the Smartgirds Flanders is to establish and suppor a
multidisciplinary long-term collaboration across sectors between
Flemish smart grid operators, in order to develop, maintain and
valorize an international competitive advantage by a large group of
Flemish
companies
(commercial
breakthroughs)
through
differentiated support depending on the breakthrough and
collaborative potential of the identified smart grid domains.

Activities related to
smart grid security

Thematic Groups and seminars bring together participants around


different themes, where cyber security is an incipient topic. Besides,
SmartGrid Flanders organizes several (network) events every year
with international speakers and, in order to increase the know-how
about smart grids, they distribute a newsletter about Flemish and
European projects and initiatives. Finally, SmartGrid Flanders help its
members to find the appropriate test infrastructure for their projects.

Results

Projects. Theme groupes and seminars. Events. Newsletters. Blogs.

Comments

Smart Grids Flanders is continuously seeking for suitable experts to


speak.

URL

www.smartgridsflanders.be

Smart Grid Security

38

Annex V. Related initiatives

Denmark

Name

Second1 - Security concept for DER

Type

Project

Line of action

Technical, R&D

Participants

Manufacturers and Integrators, academia and R&D, security tools and


services providers

Mission/Objectives

The project objective is to analyze and implement a security concept


that can be used in a power system with a high degree of
decentralized production and with many actors in an unbundled
market. It will also investigate various forms of role based access
control (RBAC).

Activities related to
smart grid security

Secure communication is becoming increasingly more relevant in an


electricity system with great volumes of distributed energy resources
(DER). This project aimed to analyse and implement a security
concept that can be used in electricity systems with a high degree of
local production and with many players.
The project analysed the needs for communication between energy
operators and matched these needs with a design for secure role
based access control.

Results

Technical reports.

Comments

Mar 2010 - Jul 2011

URL

http://www.second1.dk/

Smart Grid Security


39
Annex V. Related initiatives

Germany

Name

DIN

Type

Regular private organisation

Line of action

Policy, standardization

Participants

All

Mission/Objectives

DIN, the German Institute for Standardization, offers stakeholders a


platform for the development of standards as a service to industry,
the state and society as a whole. A registered non-profit association,
DIN has been based in Berlin since 1917.
DIN's primary task is to work closely with its stakeholders to develop
consensus-based standards that meet market requirements. Some
26,000 experts contribute their skills and experience to the
standardization process. By agreement with the German Federal
Government, DIN is the acknowledged national standards body that
represents German interests in European and international standards
organizations. Ninety percent of the standards work now carried out
by DIN is international in nature.
Tasks and objectives of DIN:

Ensuring the participation of all stakeholders regardless of


their economic position and language skills.

Promoting the free movement of goods through active


involvement in international and European standardization.

Holding the secretariats of international committees.

Adopting European and international standards at national


level.

Maintaining the uniformity and consistency of the standards


collection.

Actively contributing to consensus building.

Taking legal regulations into consideration.

Providing an
development.

Avoiding duplication of work.

electronic

infrastructure

for

standards

DIN represents Germanys standardization interests as a member of


the European Committee for Standardization (CEN). DIN holds
almost 30% of all CEN working committee secretariats.
Activities related to
smart grid security

DIN has published several papers on Electromobility(40) systems


dealing with the security of the managed data, potential threats and

Smart Grid Security

40

Annex V. Related initiatives


standards to be followed to avoid such problems.
Another topic covered by this initiative is the roadmap
recommendations for standardization, which provides a series of
recommendations on IT security and data protection.
Results

Standards, reports

Comments

Deutsches Institut fr Normung or The German Engineering Society

URL

http://www.din.de

Name

VGB

Type

Industry association

Line of action

Technical, Information sharing

Participants

Operators

Mission/Objectives

VGB was already founded as the federation of the owners of large


boilers. During its course of 80 years VGB has set off a range of
activities in own companies. These companies are dealing with:

Training of power plant personnel.

Research activities.

The production and distribution of media.

VGB represents the German power plant operators in the WANO


(World Association of Nuclear Operators). VGBs technical
committees on nuclear power plant engineering and operation and
nuclear fuel cycle are actively taking part in the world-wide exchange
of experience as well as in the analysis of particular events in nuclear
power plants. For this purpose, VGB is operating a reporting and
evaluation centre (ZMA - Zentrale Melde- und Auswertestelle) to
collect, evaluate and forward the occurrences of nuclear power
plants.
Activities related to
smart grid security

They have made contributions to the security of smart grid by


publishing guidelines and instructions sheets, organising forums and
training experts.
One of the most important results is the VGB R175 guideline on IT
security for generating plants(41).

Results

Standard, technical reports, good practices, conferences

Comments

VGB means Verband der Grokraftwerks-Betreiber.


As an international technical association for power and heat
generation VGB is working - on European level - in close co-operation
with EURELECTRIC, the umbrella association of the European

Smart Grid Security


41
Annex V. Related initiatives

electricity industry. Within the framework of a memorandum of


understanding association agreement between EURELECTRIC and
VGB, VGB's professional competence is integrated into the
political/strategic work of EURELECTRIC in all questions regarding the
generation of power and heat including issues of environmental
protection.
URL

http://www.vgb.org

Smart Grid Security

42

Annex V. Related initiatives

Italy

Name

ASTROM

Type

Project

Line of action

Technical

Participants

R&D

Mission/Objectives

ASTROM Project was funded by European Union FP6 programme.


The main objectives of this project are:

Activities related to
smart grid security

Identification of the boundaries of


Control & Data
Management Systems (C&DM) in electrical transmission
networks.

Determination of the properties of C&DM systems of


electrical transmission networks, in particular those relevant
for resilience assessment.

Identification of external threats to C&DM system, such as ICT


and physical attacks, and vulnerabilities.

Definition of a method and a metric for AoR of C&DM system.


The activity will be performed by modeling system behavior.

Evaluation of the framework application to an EU context and


dissemination activities. The feasibility of policies and
recommendations definition will be investigated in details.

This project aimed to identify, analyze and evaluate the external


threats and vulnerabilities applicable to Control & Data Management
System in order to define an innovative methodological framework
for the quantitative assessment of the resilience (AoR) of Control &
Data Management System (C&DM) in electrical transmission network
(ETN) towards external threats. The need for such a methodological
framework stems from the fact that, although the resilience of this
critical system is becoming more important than just securing it,
there are not many frameworks covering this topic in a well
structured way.
Definition of the architecture, properties, functionalities and Mission
requirements of a complex Power Systems C&DM that it is coherent
with the majority of the SCADA systems built in Europe;
Definition of a methodology to assess the resilience of a C&DM
system for its external threats (physical and ICT threats) at any level
(component, subsystem and system level); Development of a
software tool to allow improving the previous topics.

Results

Technical Paper, Methodology, Software, ASTROM Final Workshop

Smart Grid Security


43
Annex V. Related initiatives

Comments

Mar 2009-Mar 2011


ASTROM stands for Assessment of resilience to Treats of cOntrol and
data Management systems of electrical transmission network

URL

http://utmea.enea.it/projects/int/#astrom

Smart Grid Security

44

Annex V. Related initiatives

The Netherlands

Name

ESNA

Type

Asociation

Line of action

Dissemination, technical

Participants

Manufacturers, DSO, Power Plant, services providers

Mission/Objectives

ESNA is an association by Dutch law, established in 2006.


The main objective of ESNA is to bring together and form a
platform for all those who in one way or another deal with
NES technology in their day to day operations.
This initiative promotes the application of advanced energy
management systems, including AMR/AMM, based on the NES AMI
architecture and its value added chain in order to build and expand
the interoperability standard for utility networks. ESNA promotes the
change in perspective of the current metering business.

Activities related to
smart grid security

ESNA represents its members by being active in standardisation


activities across Europe and the rest of the world to promote the use
of open interoperable standards for the smart grid and smart
metering. This initiative organizes conferences and workshops to
share the technical security aspects and the Network Energy Services
(NES) in the smart grid value chain, which goes far beyond metering
and invoicing only. It also organices events where the international
leaders of both EU and USA have a disscussion depth review of
current security and landscape surrounding the Global Emergence of
the smart grid initiative. ESNA also does monthly abstracts where
certain items are related to cybersecurity in smart grid.
ESNA represents its members in the most important European
organizations such as CEN/CENELEC/ETSI or the Smart Grid Task
Force.

Results

organising various conferences and workshops

Comments

ESNA stands for Energy Services Network Association

URL

http://www.esna.org

Name

Working Group Privacy and Security of Smart Grids of Netbeheer


Nederland

Type

Industry association

Line of action

Technical

Participants

All stakeholders

Smart Grid Security


45
Annex V. Related initiatives

Mission/Objectives

This initiative is the point of contact for matters affecting the energy
market, such as environmental issues, free market performance and
security of supply. EnergieNed is the forum in which energy
producers consult each other on issues such as the environment and
investment conditions, traders consult each other on the functioning
of the wholesale market and the integration of European markets,
and retailers discuss a wide range of topics varying from stimulation
of energy saving to consumer protection.

Activities related to
smart grid security

This working group has written several good guides papers and use a
clear example is Privacy and Security of the Advanced Metering
Infrastructure(42).

Results

Information exchange, good practices, technical reports

Comments

This working group is very active on this topic on a European level.

URL

N/A

Smart Grid Security

46

Annex V. Related initiatives

United Kingdom

Name

DECC

Type

Public Body

Line of action

Standardisation, policy

Participants

public bodies

Mission/Objectives

Department of Energy and Climate Change is a small department of


the United Kingdom government.
The four key priorities of the department are:

Activities related to
smart grid security

Save energy with the Green Deal and support vulnerable


consumers: Reduce energy use by households, businesses and
the public sector, and help to protect the fuel poor.

Deliver secure energy on the way to a low carbon energy


future: Reform the energy market to ensure that the UK has a
diverse, safe, secure and affordable energy system and
incentivise low carbon investment and deployment.

Drive ambitious action on climate change at home and abroad:


Work for international action to tackle climate change, and
work with other government departments to ensure that we
meet UK carbon budgets efficiently and effectively.

Manage our energy legacy responsibly and cost-effectively:


Ensure public safety and value for money in the way we
manage our nuclear, coal and other energy liabilities.

DECC is divided into many experts groups and task forces. Some of the
most important are the following.
STEG (Smart Meter Design Security Technical Experts Group): This is
an advisory group of technical security specialists formed in
November 2010 to provide advice and support to the programme on
security issues. The STEG membership includes experts from industry
and other sectors such as energy suppliers, trade associations, meter
manufacturers, system integrators and telecommunications
providers. Government is also represented through the Centre for
Protection of National Infrastructure, CESG (National Technical
Authority for Information Assurance) and technical security specialists
working in the programme team. Consumer representatives were also
invited to join.
Smart grid policy in the UK: DECC published a vision document,
Smarter Grids: the opportunity in December 2010. DECC is rolling out
Smart electricty and gas meters to all GB homes by 2020.
UK Smart Grid Cyber Security Report: The Energy Networks

Smart Grid Security


47
Annex V. Related initiatives

Association (ENA) published an independent report into smart grid


cyber security on 29 June 2011. The report commissioned by ENA for
DECC considered how government and networks should develop a
strategy to secure the future UK electricity infrastructure together.
Smart Grids Forum: Identify future challenges for electricity networks
and system balancing, including current and potential barriers to
efficient deployment of smart grids. Guide the actions that
DECC/Ofgem are taking to address future challenges, remove barriers
and aid efficient deployment. Identify actions that DECC/Ofgem, the
industry or other parties could be taking to facilitate the deployment
of smart grids
DECC realized a series of security related report, such as Smarter
Grids: the opportunity(43) and UK Smart Grid Cyber Security
Report(44).
Results

N/A

Comments

DECC stands for Department of Energy and Climate Change

URL

http://www.decc.gov.uk/

Smart Grid Security

48

Annex V. Related initiatives

USA

Name

ANSI

Type

International agency

Line of action

Standard

Participants

Standardisation Bodies

Mission/Objectives

ANSI was founded on 1918 by five engineering societies and three


government agencies; the Institute remains a private, non-profit
membership organization supported by a diverse constituency of
private and public sector organizations.
ANSI accredits standards that are developed by representatives of
standards developing organizations, government agencies, consumer
groups, companies, and others. These standards ensure that the
characteristics and performance of products are consistent, that
people use the same definitions and terms, and that products are
tested the same way.

Activities related to
smart grid security

ANSI has develop and standard series related to smart grid:

ANSI C12.18: used for two-way communications with an


electricity meter, mostly used in North American markets.

ANSI C12.19: This includes encryption, authentication,


credential management (through the security tables in
Decade4)

ANSI C12.22: security and authentication services, combined


with the event logger of ANSI C12.19.

Results

Stasndards

Comments

ANSI stands for American National Standard Institute

URL

http://www.ansi.org/

Name

NERC

Type

Public Private Partnership

Line of action

Standards, Dissemination and Awareness, Technical

Participants

Manufacturers and Integrators, Security Tools and services providers,


Operators, Public bodies, Standardisation bodies

Mission/Objectives

NERC was founded in 1968 by the electric utility industry to develop


and promote rules and protocols for the reliable operation of the
bulk power electric transmission systems of North America.

Smart Grid Security


49
Annex V. Related initiatives

The North American Electric Reliability Corporations (NERC) mission


is to ensure the reliability of the North American bulk power system.
NERC is the electric reliability organization (ERO) certified by the
Federal Energy Regulatory Commission to establish and enforce
reliability standards for the bulk-power system.
Among other activities, NERC:

Activities related to
smart grid security

Works with the industry to develop reliability standards

Enforces compliance with those reliability standards and


assesses monetary and non-monetary penalties for
noncompliance.

Assesses future bulk power system reliability via annual


summer, winter and 10-year forecasts.

Analyzes system events.

Promotes a culture of excellence by identifying areas for


improvement and Examples of Excellence during regular
readiness evaluations.

Monitors the status of the bulk power system.

Coordinates physical and cyber security needs.

Identifies trends and potential reliability issues.

Helps the industry train and educate system operators.

Certifies system operators.

NERC has developed the NERC-CIP Standards, a nine documents


series about security and cyber security aspects of the Bulk Electric
System in the USA. Two new documents are being developed.
Based on these documents, NERC provides specific guidelines and
concept papers. This is the case of the Categorization system based
on Bulk Electric System Reliability Functions (45).
Inside de NERC there are some working groups related to smart grid
security such as:
NERC SGTF (Smart Grid Task Force)(46): Their work review smart grid
characteristics, identifies reliability concerns including cyber-security
vulnerability, and provides recommendations to NERC and to the
industry.
NERC SGWG (Smart Grid Working Group) (47): NERC SGWG is tasked
to review existing and new CIPC initiated security guidelines and
coordinate their development with electric industry personnel and
committees and to promote awareness and application of these
guidelines.

Results

Technical reports, Regulatory documents

Smart Grid Security

50

Annex V. Related initiatives


Comments

North American Electric Reliability Corporation

URL

http://www.nerc.com

Name

NIST

Type

Public body

Line of action

Organizational and Policy, Standards, Dissemination and Awareness,


Economic or Financial, Technical

Participants

Public bodies

Mission/Objectives

NIST, an agency of the U.S. Department of Commerce, was founded


in 1901 as the nation's first federal physical science research
laboratory
Its mission is to promote U.S. innovation and industrial
competitiveness by advancing measurement science, standards, and
technology in ways that enhance economic security and improve our
quality of life.
NIST is one of the most important standardisation organizations in
the USA. They have developed several standards on ICS security. We
highlight the following ones:

NIST SP 800-82, Guide to Industrial Control Systems (ICS)


Security (48).

NIST SP 800-53, Recommended Security Controls for Federal


Information Systems (49).

Field Device Protection Profile for SCADA Systems in Medium


Robustness Environments.

NIST has also defined a security smart grid workgroup to develop an


overall cyber security strategy for the smart grid. This overall strategy
includes a risk mitigation strategy to ensure interoperability of
solutions across different domains/components of the infrastructure.
This group has created the following document of interest:

Activities related to
smart grid security

NIST IR 7176, System Protection Profile Industrial Control


Systems (50).

NIST has also defined a security smart grid workgroup to develop an


overall cyber security strategy for the smart grid. This overall strategy
includes a risk mitigation strategy to ensure interoperability of
solutions across different domains/components of the infrastructure.
This group has created the following document of interest:

NISTIR 7628, Guidelines for Smart Grid Cyber Security (51).

Smart Grid Security


51
Annex V. Related initiatives

NIST works together other groups:


NIST ASAP-SG(52): The goal of this group is to develop system-level
security requirements for smart grid applications such as advanced
metering, third-party access for customer usage data, distribution
automation, home area networks, synchrophasors, etc. NIST ASAP-SG
was responsible for developing AMI Security Profile v2.0 (53) and
AMI security implementation Guide (54), documents directly related
to smart grid.
NIST Smart Grid Federal Advisory Commitee(55): The Committee
provides input to NIST on the smart grid standards, priorities and
gaps, and on the overall direction, status and health of the smart grid
implementation by the smart grid industry including identification of
issues and needs. Input to NIST will be used to help guide Smart Grid
Interoperability Panel activities and also assist NIST in directing
research and standards activities.
NIST initiated in 2009 the Smart Grid Interoperability Panel (SGIP) to
carry out a variety of tasks related to the development of a smart grid
framework for interoperability and cybersecurity standards. It plays a
leadership role in facilitating and developing the national policy for
the transformation of the power system to the smart grid. The SGIP
supports NIST in fulfilling its responsibilities under the 2007 Energy
Independence and Security Act
The SGIP has several priority-specific committees and working
groups.
Smart Grid Architecture Committee (SGAC) (56): Maintains a
conceptual reference model for the smart grid and develops
corresponding high-level architectural principles and requirements. It
is responsible for creating and refining a conceptual reference model,
including lists of the standards and profiles necessary to implement
the vision of the smart grid. It has developed a new reference
framwork for the smart grid.
Smart Grid Testing and Certification Committee (SGTCC): Creates
and maintains the necessary framework for compliance,
interoperability and cyber security testing and certification for
recommended smart grid standards.
Cyber Security Working Group (CSWG) (57): Identifies and analyzes
security requirements and develops a risk mitigation strategy to
ensure the security and integrity of the smart grid. It was formerly
known as the Cyber Security Coordination Task Group (CSCTG) (58).
This group has developed the document NIST IR 7628 (51).
It was formerly known as the Cyber Security Coordination Task Group

Smart Grid Security

52

Annex V. Related initiatives


(CSCTG) and was founded by NIST and SGIP organizations. The
primary goal of this group is to develop an overall cyber security
strategy for the smart grid that includes a risk mitigation strategy to
ensure
interoperability
of
solutions
across
different
domains/components of the infrastructure. NIST SGIP/CSWG
developed the document NIST IR 7628 (51).
Priority Action Plans (PAPs) (59): Currently totaling 16, PAPs address
specific standards-related gaps and issues for which resolution is
most urgently needed. New PAPs are added as necessary.
Domain Expert Working Groups (DEWGs)(60): DEWGs perform
analyses and provide expertise in specific application domains. There
are seven specific application domains. DEWG is organized by smart
grid domains. The six DEWGs are: transmission and distribution,
building to grid, industry to grid, home to grid, business and policy,
and a cross-cutting cyber security coordination task group.
Results

Technical reports, Standards, good practices

Comments

National Institute for Standards and Technology

URL

http://www.nist.gov

Name

FERC- NARUC smart response collaborative

Type

Specialized event

Line of action

Policy and standard

Participants

Public bodies (Federal and State Regulators (USA))

Mission/Objectives

The mission of the FERC-NARUC Collaborative on Smart Response is


to provide a forum for Federal and State Regulators to discuss Smart
Grid and Demand Response policies, share best practices and
technologies, and address issues that benefit from State and Federal
collaboration.

Educate Commissioners and staff on Smart Grid and Demand


Response in order to promote better Smart Grid and Demand
Response regulatory decisions and policy.

Promote consistency across State policies and awareness of


State and Federal policy; coordinate and harmonize policies
and procedures where possible.

Promote Federal
cooperation.

Provide a forum for consumer perspective and to shape the


Smart Grid and Demand Response value proposition to ensure
that the policies benefit consumers.

and State

regulatory dialogue and

Smart Grid Security


53
Annex V. Related initiatives

Activities related to
smart grid security

Create a forum for communication to and with stakeholderssignaling areas of regulatory interest.

Compile research where needed and communicate best


practices.

Gather updates from other Federal agencies working on


related issues.

This initiative makes a series of reference guides, providing support


for members to have key knowledge about the smart grid. Note that
in addition to reference guides also make webinar where one of his
themes is the security and privacy. The reference guides in a matter
of security are still not published but the volume of privacy is now
available.
Projects under this collaborative union must explain how the project
will address cyber security and must highlight cybersecurity
attributes.

Results

Technical reports, webinar

Comments

FERC-NARUC stands for Federal Energy Regulatory Commission National Association of Regulatory Utility Commissioners

URL

http://www.naruc.org/Ferc/default.cfm?c=3

Name

GridWise alliance

Type

Industry association

Line of action

Organization, standards, technical

Participants

All the stakeholders.

Mission/Objectives

Founded in 2003, they have developed into an organization that


represents a broad range of the energy supply chain from utilities to
large tech companies to academia to venture capitalists to emerging
tech companies. This variety of stakeholders gives the Alliance a
unique diversity of perspectives which enables interactive dialogue
between members.
Their main mission its transform the electric grid to archive a
sustainable energy future.

Activities related to
smart grid security

GridWise alliance works specially on smart grid. They have been


created a cyber security division to study the problems of US grid.
The five key principles endorsed by the Alliance for cyber security are:
1. Involve all stakeholders and take full advantage of and be
aligned with existing recognized processes and work.

Smart Grid Security

54

Annex V. Related initiatives


2. Utilize a comprehensive risk management approach.
3. Provide clarity to all stakeholders.
4. Construct a cyber security framework that is focused
specifically for electric grid applications.
5. Create and adopt uniform verification and test procedures for
standards and guidelines.
Results

Technical reports

Comments

N/A

URL

http://www.gridwise.org/gridwisealli_about.asp

Name

NEMA

Type

Standards

Line of action

Standards, dissemination and awareness

Participants

Manufacturers

Mission/Objectives

National Electrical Manufacturers Association (NEMA)(61) was


founded on 1926 and it is the trade association of choice for the
electrical manufacturing industry.
NEMA promotes the competitiveness of the U.S. electrical product
industry through the development of standards, advocacy in federal
and state legislatures and executive agencies, and the collection and
analysis of economic data.
NEMA members are leading the way in smart grid technologies by
encouraging investment in the national electricity grid and
developing new product standards.

Activities related to
smart grid security

The NEMAs objectives for Cyber Security in smart grid are twofold:

the risk to business operations from security breaches

the risk to product development and marketing as the federal


government adopts preventive measures.

The NEMA member companies agree that first and foremost, security
must be part of the design consideration for any smart grid
component (and its corresponding interactions with other grid
elements) from its inception (62).
Results

Technical reports, Standards and policies

Comments

NEMA stands for National Electrical Manufacturers Association

URL

http://www.nema.org/gov/energy/smartgrid/index.cfm

Smart Grid Security


55
Annex V. Related initiatives

Name

NESCOR - Annual Conference & workshops

Type

Specialized event

Line of action

Dissemination and Awareness, training and education

Participants

All stakeholders

Mission/Objectives

Its primary purpose is to:

Activities related to
smart grid security

Bring together a broad spectrum of industry stakeholders to


meet face to face with the EPRI led National Electric Sector
Cyber Security Organization Resources team to discuss the
critical cyber security and data privacy issues facing the
electric sector

Share the research results already achieved by the three


technical working groups of the National Electric Sector Cyber
Security Organization Resources with the industry

Review the 12-month project plan for the National Electric


Sector Cyber Security Organization Resources in each of the
three technical working groups to make changes,
modifications, and additions with input from the industry
participants

Accelerate the technical deliberations of the three working


groups by having focused round table exercises in the
breakout sessions between the National Electric Sector Cyber
Security Organization Resource team and the industry
participants

Provide DoE a written report on the key findings from the


Summit including the 12-month National Electric Sector Cyber
Security Organization Resources project plan

NESCOR have defined three technical working groups to do their jobs:

Cyber security Requirements & Standards Assessment Group

Cyber security Technologies Testing & Validation Group

Threat & Vulnerability Assessment & Mitigation

The three Working Groups will focus their R&D efforts in Year 1 on
securing the following 6 critical grid functions end-to-end:
1. Advanced Metering Infrastructure
2. Demand Response
3. Electric Transportation
4. Distributed Energy Resources

Smart Grid Security

56

Annex V. Related initiatives


5. Distribution Grid Management
6. Wide Area Monitoring, Protection & Control
Results

Annual conference and workshops, Advisories, Technical reports(63)

Comments

National Electric Sector Cyber Security Organization Resources

URL

http://www.cvent.com/events/nescor-annual-conferenceworkshops/event-summaryff2fb887488c4af1aa572813885fd034.aspx

Name

TIA

Type

Industrial association

Line of action

Policy, standard, dissemination and awareness

Participants

Manufacturers, security tools and services providers

Mission/Objectives

Telecommunications Industry Association (TIA) was formally formed


in April 1988 after a merger of USTSA and the Information and
Telecommunications Technologies Group of EIA
The Telecommunications Industry Association is the leading trade
association representing the global informationand communications
technology (ICT) industries through :

Activities related to
smart grid security

Standards Development

Government Affairs

Market Intelligence

TR-51 Smart Utility Networks Standards Working Group develops


and maintains air-interface, network, and conformance standards in
support of Smart Utility Networks. The committee will focus on airinterface and network standards with wireless mesh network
topology, optimized for Smart Utility Network applications. TR-51
liaises with other TIA committees, international and national
standards bodies, and other appropriate organizations, as required,
to avoid duplication of work and to foster collaboration among
organizations addressing various aspects of smart device
communication networks.
TR45.5 has been participating in the Smart Grid Interoperability
Panels (SGIP) Priority Action 2 (Wireless Technologies for Smart Grid)
since early 2010, which is in charge of doing a new standard.

Results

Standard

Comments

Telecommunications Industry Association

URL

www.tiaonline.org

Smart Grid Security


57
Annex V. Related initiatives

Smart Grid Security

58

Annex V. Related initiatives

10 International
Name

CIGRE, Study Commitees B5 and D2

Type

Industry association

Line of action

Organizational and Policy, Standards, Economic or Financial,


Technical, Information sharing

Participants

Manufacturer or Integrator, DSO, TSO, Academia and R&D

Mission/Objectives

CIGRE (International Council on Large Electric Systems) is a


permanent international, non government, non-profit-making
Association, founded in France, in 1921. Its aim is to develop and
distribute technical knowledge in the field of the generation and
transmission of high voltage electricity. CIGRE deals with all the main
themes of the field of electricity, i.e. organisation of utilities,
development and adaptation of grids, optimisation of maintenance
and life expectancy of electrical equipment, as well as the analysis of
the impact on the environment, etc.

Activities related to
smart grid security

Study Committee B5 (SC B5) mission is to facilitate and promote the


progress of engineering and the international exchange of
information and knowledge in the field of protection and automation
and also to add value to this information and knowledge by means of
synthesising
state-of-the-art
practices
and
developing
recommendations. Study committee B5 covers principles, design,
applications, coordination, performance and asset management of
system protection, substation control and automation, remote
control systems and equipment and metering systems.
Study Committee D2 (SC D2) covers the specification, design,
engineering, performance, operation, maintenance, economic and
management aspects of the Information and the Telecommunication
systems in the EPI both for operational and business activities, as well
as the different devices, media and networks to support all that
services: speech, data, video, internet, specialised signalling for
teleprotection, SCADA, EMS, DSM. It also covers security aspects of
related Information Systems and Telecommunications.
The results are published as technical reports and summarised in the
bi-monthly CIGRE journal, ELECTRA. Some of its articles are related to
security in ICS environments. i.e.: The Impact of Implementing Cyber
Security Requirements using IEC 61850(2).

Results

Technical Reports

Comments

International Council on Large Electric Systems

URL

http://www.cigre-b5.org/
http://www.cigre-d2.org/

Smart Grid Security


59
Annex V. Related initiatives

Name

ITU, ITU-T FG on Smart Grid

Type

Public Private Partnership

Line of action

Policy, standards, technical

Participants

All stakeholders

Mission/Objectives

ITU (International Telecommunication Union) is the United Nations


specialized agency for information and communication technologies.
In February 2010, the Telecommunication Standardization sector of
the ITU, ITU-T, established a Focus Group on Smart Grids (FG Smart).
The Focus Group aims to:

Identify potential impacts on standards development.

Investigate future ITU-T study items and related actions.

Familiarize ITU-T and standardization communities with


emerging attributes of smart grid.

Encourage collaboration between ITU-T and smart grid


communities.

The objective of this group is to collect and document ideas that


would be helpful for developing recommendations to support the
smart grid from a telecommunication/ICT perspective. To achieve this
objective, the Focus Group:

Updates living list of standards bodies, forums, and consortia


dealing with smart grid.

Collects visions and value propositions for the smart grid.

Provide terminology and taxonomy necessary to support


smart grid.

Analyzes communication networking requirement functions


and capabilities to support smart grid.

Gathers new ideas relevant to and identify potential study


areas to support smart grid.

Identifies use cases of smart grid that can be used to derive


communication network requirements.

Suggests future itu-t study items and related actions.

Identifies potential impacts on standards development.

The Focus Group interacts with the various research activities in


order to familiarize ITU-T and standardization communities with the
emerging attributes of smart grid.
Activities related to

FG on Smart Grid identifies security and privacy issues that might


impact standards development. To this regard they have been

Smart Grid Security

60

Annex V. Related initiatives


smart grid security

working on a deliverable which analyses communications networking


requirement functions and capabilities to support smart grid,
including security and reliability aspects.

Results

Technical Reports, standards, good practices.

Comments

Focus Group on Smart Grid concluded in Decemer 2011

URL

http://www.itu.int/en/ITU-T/focusgroups/smart/Pages/Default.aspx

Name

IEC, TC 8, TC 57 and JTC1/SC27

Type

International agency

Line of action

Standards, Technical

Participants

Standardization bodies

Mission/Objectives

The International Electrotechnical Commission (IEC) is the worlds


leading organization that prepares and publishes International
Standards for all electrical, electronic and related technologies.
IEC provides a platform to companies, industries and governments for
meeting, discussing and developing the International Standards they
require.
All IEC International Standards are fully consensus-based and
represent the needs of key stakeholders of every nation participating
in IEC work. Every member country, no matter how large or small, has
one vote and a say in what goes into an IEC International Standard.
The IEC develops a lot of standards and technical reports, alone or in
collaboration with other organizations like ISO, on security and other
technical aspects.
IEC has several groups working for the implementation of security
measures in ICS and smart grid environments. The following points
highlight the most important ones:

IEC TC 8 prepares and coordinates, in cooperation with other


TC/SCs, the development of international standards and other
deliverables with emphasis on overall system aspects of
electricity supply systems and acceptable balance between
cost and quality for the users of electrical energy. Electricity
supply system encompasses transmission and distribution
networks and connected user installations (generators and
loads) with their network interfaces.

IEC TC 57 develops and maintains international standards for


power systems control equipment and systems including EMS
(Energy Management Systems), SCADA (Supervisory Control
And
Data
Acquisition),
distribution
automation,

Smart Grid Security


61
Annex V. Related initiatives

teleprotection, and associated information exchange for realtime and non-real-time information, used in the planning,
operation and maintenance of power systems.
On the other hand, the Joint Technical Committee ISO/IEC JTC 1 of
ISO and IEC is a standardization committee which main objective is
the creation of standards for general methods and techniques in the
area of information security.
Activities related to
smart grid security

IEC TC 8 WG AHG 4 works in smart grid requirements including


electrical system reliability (e.g. system security), as well as in
communication security, metering, etc.
IEC TC 57 WG 15 undertakes the development of standards for
security of the communication protocols defined by the IEC TC57,
specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC
61850 series, the IEC 61970 series, and the IEC 61968 series.
ISO/IEC JTC1/SC27 includes the development of standards for the
protection of information and ICT, including generic methods,
techniques and guidelines to address both security and privacy
aspects.
Some of the most relevant documents on ICS security of IEC are:

IEC 62351 series, Data and communication security (3),(4),


(5),(6),(7),(8) and(9).

IEC 62210, Power system control and associated


communications. Data and communication security (10).

Results

Standards, technical reports

Comments

IEC stands for International Electrotechnical Commission

URL

https://www.iec.ch

Name

IEEE, WGC1, WGC6, E7.1402 and other

Type

Professional association

Line of action

Standards

Participants

All stakeholders

Mission/Objectives

IEEE is the worlds largest professional association dedicated to


advancing technological innovation and excellence for the benefit of
humanity. IEEE and its members inspire a global community through
IEEE's highly cited publications, conferences, technology standards,
and professional and educational activities. In this way, the IEEE
develops standards and technical reports on security and other
technical-related aspects.

Smart Grid Security

62

Annex V. Related initiatives


Activities related to The IEEE is divided into several technical committees. One of the
smart grid security
most important is the standardization technical committee. This
Committee includes several work groups that are devoted to
defining security measures for ICS and smartgGrid environments.
Some of the most important workgroups are:
IEEE WGC1 - Application of Computer-Based Systems: This group
has been responsible for the document 1686-2007 IEEE Standard
for Substation Intelligent Electronic Devices (IEDs) Cyber Security
Capabilities Active Standard (11).
IEEE WGC6 - Trial Use Standard for a Cryptographic Protocol for
Cyber Security of Substation Serial Links: This group has been in
charge of the document 1711-2010 IEEE Trial-Use Standards for a
Cryptographic Protocol for Cyber Security of Substation Serial Links
(12).
IEEE E7.1402 - Physical Security of Electric Power Substations:
Responsible for the treatment of all matters related to the secure
operation of electrical substations with respect to outside intrusions
into the substation. This group has developed the document 14022000 IEEE Guide for Electric Power Substation Physical and
Electronic Security (13).
Another technical committee which makes studies on security is the
IEEE Power & Energy Society (14) who is responsible for Smart Grid
Forum(15). It is worth highlighting workgroup IEES PSACE CAMS
(Power System Analysis, Computing, and Economics) (Computing
and Analytical Methods Subcommittee). The focus of the workgroup
is the cyber security of electric power infrastructures (16).
Results

Standards, technical reports, conferences, educational and training


activities

Comments

IEEE stands for Institute of Electrical and Electronics Engineers

URL

http://www.ieee.org/

Name

ISA, ISA99 and ISA67

Type

Professional association

Line of action

Dissemination and awareness, standards, and education and


training

Participants

All Stakeholders

Mission/Objectives

The International Society of Automation (ISA) is a leading, global,


non-profit organization that is setting the standard for automation
by helping over 30,000 worldwide members and other professionals
solve difficult technical problems, while enhancing their leadership

Smart Grid Security


63
Annex V. Related initiatives

and personal career capabilities.


ISAs mission is to become the standard for automation globally by
certifying industry professionals; providing education and training;
publishing books and technical articles; hosting conferences and
exhibitions for automation professionals; and developing standards
for industry.
Some of the ISA objectives are to develop and establish standards,
recommended practices, technical reports, and related information
that will define procedures for implementing electronically secure
industrial automation and control systems and security practices
and assessing electronic security performance.
Activities related to The ISA is involved in the development of standards and technical
smart grid security
reports about ICS security and smart grid security.
The purpose of the ISA99 committee is to develop and establish
standards, recommended practices, technical reports, and related
information that will define procedures for implementing
electronically secure industrial automation and control systems and
security practices and assessing electronic security performance,
such as ISA99 standard (17) series.
The ISA67 16WG5 is in charge of organizing the cyber security for
the nuclear power industry (18).
Results

Standards, technical reports, good practices, events

Comments

It is not necessary to be a member of ISA in order to be a member of


an ISA committee.

URL

http://www.isa.org/

Name

UCA International Users Group

Type

Industry association

Line of action

Organizational and Policy, Standards, Information sharing.

Participants

Manufacturers, Integrators, Security tools and services providers,


Operators.

Mission/Objectives

The UCA International Users Group is a not-for-profit corporation


focused on assisting users and vendors in the deployment of
standards for real-time applications for several industries with related
requirements. The Users Group does not write standards, however
works closely with those bodies that have primary responsibility for
the completion of standards (notably IEC TC 57: Power Systems
Management and Associated Information Exchange).
The UCAIug as well as its member groups (CIMug, Open Smart Grid,

Smart Grid Security

64

Annex V. Related initiatives


and IEC 61850) draws its membership from utility user and supplier
companies. The mission of the UCA International Users Group is to
enable integration through the deployment of open standards by
providing a forum in which the various stakeholders in the energy
and utility industry can work cooperatively together as members of a
common organization to:

Activities related to
smart grid security

Influence, select, and/or endorse open and public standards


appropriate to the energy and utility market based upon the
needs of the membership.

Specify, develop and/or accredit product/system-testing


programs that facilitate the field interoperability of products
and systems based upon these standards.

Implement educational and promotional activities that


increase awareness and deployment of these standards in the
energy and utility industry.

Influence and promote the adoption of standards and


technologies specific to the ever-increasing smart grid
initiatives worldwide.

UCAIug works in security and in other aspects through its member


groups. For instance, the Open Smart Grid sub-technical committee is
responsible for developing security guidelines, recommendations,
and good practices for AMI system elements. This group fosters
enhanced functionality, lower costs and speed market adoption of
Advanced Metering networks and Demand Response solutions
through the development of an open standards-based
information/data model, reference design & interoperability
guidelines.
There are several task forces inside the UCA Ineternational Users
Group dealing to some extent with the security of smart grid
componentes and architectures. These are the following:

Usability Analysis Task Force

CyberSec-Interop Task Force

AMI-SEC Task Force

Embedded Systems Security Task Force

Among them, the AMI-SEC Task Force is the most directly related to
smart grid cyber security aspects. This task force was established
August 2007 to develop consistent security guidelines,
recommendations, and best practices for AMI system elements as
well as on design specifications. Moreover it tries to support vendors
to produce compliant and compatible security technologies. It
also provides a focus point for industry discussions on security
aspects related to AMI.

Smart Grid Security


65
Annex V. Related initiatives

Open Smart Grid subcommittee have four Working Groups. SG


Security is the charged on provide and study the security on the
smart grid.
Results

Standards, guidelines.

Comments

N/A

URL

http://www.ucaiug.org

Name

Zigbee Alliance

Type

Industry association

Line of action

Standard, Technical

Participants

All stakeholders

Mission/Objectives

The ZigBee Alliance is a non-profit industry consortium of leading


semiconductor manufacturers, technology providers, OEMs and endusers worldwide. Members aim at defining a global specification for
interoperable, cost-effective, low-power wireless applications based
on the IEEE 802.15.4 standard. Current membership is about 200 and
includes both heavyweights (such as Siemens and Texas Instruments)
and small start-ups.
The goal of the ZigBee Alliance is to create an open specification
defining mesh and tree network topologies with interoperable
application profiles for wireless control systems. Its focus is clearly on
standards-based, low-cost, low-power, and low-data rates
applications. Means to certify products are also within the scope of
the ZigBee Alliance.
Zigbee is envisioned as a promising technology in home automation,
due to the technical characteristics that differentiate it from other
technologies:

Its low power consumption.

Its mesh network topology.

Easy integration (nodes can be manufactured with very little


electronics).

Activities related to
smart grid security

Zigbee Alliance is working on a communication method based on


wireless technology. Low cost and low power have done Zigbee an
ideal protocol in industrial automation. The Zigbee Alliance works on
the definition of the security mechanism implemented in the protocol
definition.

Results

Standards, technical Report

Comments

N/A

Smart Grid Security

66

Annex V. Related initiatives


URL

www.zigbee.org

Smart Grid Security


67
Annex V. Related initiatives

11 Other web 2.0 initiatives


Name

Smart Grid Network

Type

Online resource (Social Network)

Line of action

Information sharing, dissemination and awareness, training and


education

Participants

Manufacturer or Integrator, Security tools and services Provider, DSO,


TSO, Retail Energy Provider

Mission/Objectives

The goal of Smart Grid Network is to accelerate the pace of smart grid
deployment by promoting dialog and information exchange among
stakeholders and connecting interested consumers with solution
providers.
The site helps consumers understand how a smarter grid can
empower them to better manage their energy usage and identify
trusted solution providers. Solution providers, big companies and
small start-ups alike, will be able to get the message out about their
innovative solutions to interested customers around the globe.
Smart Grid Network has two components; information from
authorized content providers on smart grid initiatives in a state or
country and a Facebook-style social network allowing:

Consumers, solution providers and enablers to communicate


on issues of interest.

Individuals to develop a network of trusted advisors for


identifying and selecting smart grid solutions.

Countries, states, and communities to highlight smart grid


projects and attract best of class solutions suitable for their
local requirements.

Utilities to learn about their customers needs, expectations


and demands; and inform customers of new offerings.

Universities and research centres to highlight ongoing smart


grid research and education programs.

Solutions providers to advertise their products and services.

Smart Grid Network, Inc. launched this site on October 18, 2011, with
a pilot test for Illinois (US) and is now expanding to other states and
countries.
Activities related to
smart grid security

This site provides information on security and privacy related issues


affecting the smart grid.

Results

Articles and discussions

Comments

Social network project

Smart Grid Security

68

Annex V. Related initiatives


URL

http://www.smartgrid.com/

Name

Smart grid security

Type

Online Resource

Line of action

Technical

Participants

All stakeholders

Mission/Objectives

The Smart Grid Security group is intended to facilitate the exchange


and discussion of ideas and concepts around the implementation of
smart applications and communications technology within the
electric power system.

Activities related to
smart grid security

All exposed in Mission/Objectives

Results

N/A

Comments

N/A

URL

http://www.linkedin.com/groups?home=&gid=
1842898&trk=anet_ug_hm&goback=.gdr_1332346537283_1

Name

Smart Grid Cyber Security (Exclusive Forum & Networking Group)

Type

Online Resource

Line of action

Technical

Participants

DSO, TSO, Security tools and services Provider

Mission/Objectives

The Smart Grid Cyber Security group is an exclusive memberscommunity, thats brings together professionals from across the
International Smart Grid/Utilities sector involved with Cyber and
Critical Infrastructure security. This community extends to both
those security professionals from within the Utilities Sector and their
IT security partners and vendors.
The objective of this group is to create a forum for its members to
discuss, share ideas, best practices, trends, strategies and create a
common community voice to further understand the dynamics
surrounding the global emergence of smart grid initiative and its
security risks.

Activities related to
smart grid security

All exposed in Mission/Objectives

Results

Forum

Smart Grid Security


69
Annex V. Related initiatives

Comments

N/A

URL

http://www.linkedin.com/groups?home=&gid=
4149740&trk=anet_ug_hm&goback=.gdr_1332346537283_1
http://www.smartgridcybersecurity.co.uk

Name

Energy Sector, Smart Grid, and Smart Meter Security

Type

Online Resource

Line of action

Technical

Participants

All stakeholders

Mission/Objectives

The Smart Grid initiative is perhaps the single largest worldwide


technological project mankind will ever witness. The design,
implementation, and maintenance of a secure system will be of
paramount importance in assuring success.

Activities related to
smart grid security

All exposed in Mission/Objectives

Results

N/A

Comments

It is mainly a discussion forum, where experts hare their opinion on


trending topics regarding cyber security.

URL

http://www.linkedin.com/groups?about=&gid=
2693507&trk=anet_ug_grppro

Name

European Smart-Grid Cyber-Security Forum

Type

Online Resource

Line of action

Technical

Participants

N/A

Mission/Objectives

The European Smart-Grid Cyber-Security Forum aims to provide a


much needed professional and open space for discussions,
knowledge sharing, innovation and ideas around Cyber-Security
aspects for Smart-Grids and Smart-Grid projects in Europe. It intends
to attract knowledge and expertise from anyone who has an insight
and experience in this exciting new industry.
All credible candidates are welcome to join and participate, either
individuals or organisations such as smart-energy/grid equipment
manufacturers, research organisations, consultancies, systems
integrators, security advisories, national regulatory bodies, telecoms

Smart Grid Security

70

Annex V. Related initiatives


providers, etc.
The ultimate objective being to foster and provide a centre of
excellence, collective balanced guidance and direction to all countries
and projects in Europe embarking on or already on their journey
towards Smart-Grids.
Activities related to
smart grid security

All exposed in Mission/Objectives

Results

N/A

Comments

N/A

URL

http://www.linkedin.com/groups?about=&gid=
3847044&trk=anet_ug_grppro

Smart Grid Security


71
Annex V. Related initiatives

12 Bibliography
1. European Network and Informations Security Agency (ENISA). Protecting Industrial Control
Systems - Recommendations for Europe and Member States. 2011.
2. CIGR. The Impact of Implementing Cyber Security Requirements using IEC 61850. s.l. :
CIGRE Publication 427, 2010.
3. International Electrotechnical Commission (IEC). IEC TS 62351-1: Power systems
management and associated information exchange Data and communications security. Part
1: Communication network and system security Introduction to security issues. International
Electrotechnical Commission. 2007.
4. . IEC TS 62351-2: Power systems management and associated information exchange
Data and communications security Part 2: Glossary of terms. International Electrotechnical
Commission. 2008.
5. . IEC TS 62351-3: Power systems management and associated information exchange
Data and communications security Part 3: Communication network and system security
Profiles including TCP/IP. International Electrotechnical Commission. 2007.
6. . IEC TS 62351-4: Power systems management and associated information exchange
Data and communications security Part 4: Profiles including MMS. International
Electrotechnical Commission. 2007.
7. . IEC TS 62351-5: Power systems management and associated information exchange
Data and communications security Part 5: Security for IEC 60870-5 and derivatives.
International Electrotechnical Commission. 2009.
8. . IEC TS 62351-6: Power systems management and associated information exchange
Data and communications security Part 6: Security for IEC 61850. International
Electrotechnical Commission. 2007.
9. . IEC TS 62351-7: Power systems management and associated information exchange
Data and communications security. Part 7: Network and system management (NSM) data
object models. International Electrotechnical Commission. 2010.
10. . IEC TR 62210: Power system control and associated communications Data and
communication security. 2003-05.
11. Institute of Electrical and Electronics Engineers (IEEE). WGC1 - Application of ComputerBased Systems. s.l. : http://standards.ieee.org/develop/wg/WGC1.html, 2007.
12. . WGC6 - Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation
Serial Links. s.l. : http://standards.ieee.org/develop/wg/WGC6.html, 2010.
13. . E7.1402 - Physical Security of Electric
http://standards.ieee.org/develop/wg/E7_1402.html, 2000.

Power

14. . IEEE Power & Energy Society. [Online] http://www.ieee-pes.org.

Substations.

s.l. :

72

Smart Grid Security


Annex V. Related initiatives
15. . IEEE-PES Smart Grid Forum. [Online] tp://www.ieee-pes.org/smart-grid-forum.
16. . IEEE PES Computer and Analytical Methods SubCommittee. [Online] 2000.
http://ewh.ieee.org/cmte/psace/CAMS_taskforce.html.
17. International Society of Automation (ISA). ISA99 Committee - Home. [Online]
http://isa99.isa.org/ISA99 Wiki/Home.aspx.
18. . LISTSERV 15.5 bin/wa.exe?A0=ISA67-16WG5.

ISA67-16WG5.

[Online]

http://www.isa-online.org/cgi-

19. Commission of the European communities. Communication from the commission to the
European parliament. Protecting Europe from large scale cyber-attacks and disruptions:
enhancing preparedness, security and resilience. 2009.
20.
European
Commision.
M/441:
http://www.cen.eu/cen/Sectors/Sectors/Measurement/Documents/M441.pdf : s.n., 2009.

21. CEN/CENELEC/ETSI. CEN/CLC/ETSI/TR 50572. Functional reference architecture for


communications
in
smart
metering
systems.
s.l. :
ftp://ftp.cen.eu/cen/Sectors/List/Measurement/Smartmeters/CENCLCETSI_TR50572.pdf,
2011.
22. Commission of the European communities. Communication from the commission to the
European parliament, the European economic and social commitee and the commitee of the
regions. Achievements and next steps: towards global cyber-security. COM(2011) 163. 2011.
23. . Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. COM(2011) 202
final. 2011.
24. DG-INFSO Expert Group on the security and resilience of Communication networks and
Information
systems
for
Smart
Grids.
Programme
of
Work.
s.l. :
https://resilience.enisa.europa.eu/security-and-resilience-of-communication-networks-andinformation-systems-for-smart-grids/program-of-work/draft-final-versionpow/at_download/file, 2011.
25. Task Force Smart Grids. Expert group 2. Regulatory recommendations for data safety,
data
handling
and
data
protection.
s.l. :
http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/expert_group2.pdf, 2011.
26. Elvire. [Online] 2011. http://www.elvire.eu/.
27.
CORDIS
Services.
AFTER.
[Online]
2011.
http://cordis.europa.eu/search/index.cfm?fuseaction=proj.document&PJ_LANG=EN&PJ_RCN
=12231422.
28. The OPEN meter Consortium. Open Meter. [Online] 2009. http://www.openmeter.com/.
29. Aretmis. Internet of Energy. [Online] 2011. http://www.artemis-ioe.eu/.

Smart Grid Security


73
Annex V. Related initiatives

30. O.Vermesan, R.Zafalon, K.Kriegel, R.Mock, R.John, M.Ottella, P.Perlo. Internet Of Energy
pag:33. Advance Microsystems for Automotive Applications 2011. [Online]
http://books.google.es/books?id=Qt7HDlzmrhsC&pg=PA33&lpg=PA33&dq=Internet+of+Energ
y+%E2%80%93+Connecting+Energy+Anywhere+Anytime&source=bl&ots=KlFXHWQYEA&sig=Y
DjZYgFqAevFtfWL6tuFqJxIKOo&hl=es&sa=X&ei=arVdT6mDIuem0AW9v9zWDQ&ved=0CIUBEO
gBMAY#v=onepage&q=Int.
31. European Technology Platform SmartGrids. Strategic research agenda for Europes
electricity
networks
of
the
future.
s.l. :
http://www.smartgrids.eu/documents/sra/sra_finalversion.pdf, 2007.
32. European Commission. Directorate-General for Energy. Standardization Mandate to
European Standardisation Organisations (ESOs) to support European Smart Grid deployment.
M/490.
s.l. :
http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/2011_03_01_mandate_m490_en.
pdf.
33. Commission of the European communities. Commission staff working document
definition, expected services, functionalities and benefits of smart grids SEC(2011)463. 2011.
34. ENTSOE. WG European operational standards. [Online] https://www.entsoe.eu/systemoperations/working-groups/wg-european-operational-standards/.
35. . ENTSOE Working Group System Protection. [Online] https://www.entsoe.eu/systemoperations/working-groups/wg-critical-system-protection/.
36. . WG Electronic Highway. [Online] https://www.entsoe.eu/system-operations/workinggroups/wg-electronic-highway/.
37. ESMIG. External Activities, ESMIG. [Online] http://www.esmig.eu/about-us/smart-metercoordination-group-sm-cg-new.
38.
EUROELECTRIC.
10
Steps
to
http://www.eurelectric.org/10StepsTosmartGrids/.

Smart

Grid.

[Online]

2010.

39. International Instruments Users' Association (WIB). Process control domain - Security
requirements for vendors. EWE (EI, WIB, EXERA). 2010.
40.
DIN.
Electromobility.
[Online]
2011.
http://www.naautomobil.din.de/cmd?contextid=naautomobil&bcrumblevel=1&subcommitte
eid=118124005&projid=149029465&level=tpl-projdetailansicht&committeeid=54738955&languageid=en.
41.
VGB.
VGB-R.175
IT-Sicherheit
http://www.vgb.org/shop/r175.html, 2006.

fr

Erzeugungsanlagen

s.l. :

42. Netbeheer Nederland. Privacy and Security Advance Metering Infraestructure. Apendix A.
s.l. :
http://www.energiened.nl/_upload/bestellingen/publicaties/356_320006%20%20PS%20M%20StakeholderAnalysis.pdf, 2010.

74

Smart Grid Security


Annex V. Related initiatives
43.
DECC.
Smarter
Grids:
The
Opportunity.
s.l. :
http://www.decc.gov.uk/assets/decc/what%20we%20do/uk%20energy%20supply/futureelec
tricitynetworks/1_20091203163757_e_@@_smartergridsopportunity.pdf, 2009.
44. KEMA and ENA. UK Smart Grid Cyber Security Report. http://ses.jrc.ec.europa.eu/.
[Online] 2011. http://energynetworks.squarespace.com/storage/UK Smart Grid Cyber Security
Report.pdf.
45. North American Electric Reliability Corporation (NERC). Categorizing Cyber Systems. An
Approach Based on BES Reliability Functions. Cyber Security Standards Drafting Team for
Project 2008-06 Cyber Security Order 706. 2009.
46. SGTF. Smart Grid Task Force. [Online] http://www.nerc.com/filez/sgtf.html.
47. SGWG. Smart Grid Working Groups. [Online] 2011. http://www.nerc.com/filez/sgwg.html.
48. National Institute of Standards and Technology (NIST). NIST SP 800-82: Guide to
Industrial Control Systems (ICS) Security. National Institute of Standards and Technology. 2011.
49. . NIST SP 800-53: Information Security. National Institute of Standards and Technology.
2009.
50. . NISTIR 7176: System Protection Profile - Industrial Control Systems. Decisive Analytics.
2004.
51. . NISTIR 7628: Guidelines for Smart Grid Cyber Security. Smart Grid Interoperability
PanelCyber Security Working Group (SGIPCSWG). 2010.
52. ASAP-SG. Advanced Security Acceleration Project for the Smart Grid. [Online] 2011.
http://www.smartgridipedia.org/index.php/ASAP-SG.
53. The AMI-SEC Task Force (UCAIug) and The NIST Cyber Security Coordination Task Group.
SECURITY PROFILE FOR ADVANCED METERING INFRASTRUCTURE. 2010.
54. AMI-SEC-ASAP. AMI Security Implementation Guide. 2009.
55. National Institute of Standards and Technology (NIST). NIST Smart Grid Federal Advisory
Commitee. [Online] 2010. http://www.nist.gov/smartgrid/committee.cfm.
56. Smart Grid Architecture Committee. Smart Grid Architecture Committee. [Online]
http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/SmartGridArchitectureCommittee.
57. Cyber Security Working Group. Cyber Security Working Group.
http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG.

[Online]

58. Smart Grid Interoperability Panel (SGIP). SGIP Cyber Security Working Group (SGIP
CSWG).
[Online]
http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/CyberSecurityCTG.
59. NIST SGIP. Priority Action Plans.
sggrid/bin/view/SmartGrid/PriorityActionPlans.

[Online]

http://collaborate.nist.gov/twiki-

Smart Grid Security


75
Annex V. Related initiatives

60. . Domain Expert Working Groups. [Online] 2011. http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/DEWGs.


61. NEMA. National Electrical Manufacturers Association. Position Statement on Cyber
Security.
s.l. :
www.nema.org/gov/energy/smartgrid/upload/Cyber_Security_Position_Statement.pdf.
62. National Electrical Manufacturers Association (NEMA). Position Statement on Cyber
Security.
s.l. :
http://www.nema.org/gov/energy/smartgrid/upload/Cyber_Security_Position_Statement.pdf
.
63.
EPRI.
EPRI
Progress
Report.
[Online]
http://www.smartgrid.epri.com/doc/IntelliGrid%20Newsletter%20Template_June%20053111
.pdf.
64. Zwan, Erwin van der. Security of Industrial Control Systems, What to Look For. 2010.
65. Zhang, Zhen. Smart Grid in America and Europe: Similar Desires, Different Approaches
(Part 2). . 2011.
66. . Smart Grid in America and Europe: Similar Desires, Different Approaches (Part 1). .
2011.
67. Yin Hong, Chang. Cyber Security of a Smart Grid: Vulnerability Assessment. s.l. :
http://www.ece.nus.edu.sg/stfpage/elejp/FYP/CYH09.pdf, 2010.
68.
West,
Andrew.
SCADA
Communication
protocols.
http://www.powertrans.com.au/articles/new pdfs/SCADA PROTOCOLS.pdf.

[Online]

69. Weiss, Joseph. Protecting Industrial Control Systems from Electronic Threats. s.l. :
Momentum Press, 2010.
70. Tsang, Rose. Cyberthreats, Vulnerabilities and Attacks on SCADA networks. 2009.
71. Theriault, Marlene and Heney, William. Oracle Security. First Edition. s.l. : O'Reilly, 1998.
p. 446. 1-56592-450-9.
72. Syngres, Eric Knapp. Industrial Network Security. Securing critical infrastructure Networks
for Smart Grid, SCADA and other Industrial Control Systems. .
73. Suter, Manuel and Brunner, Elgin M. International CIIP Handbook 2008 / 2009. 2008.
74. Stouffer, K. A., Falco, J. A. and Scarfone, K. A. Guide to Industrial Control Systems (ICS)
Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control
Systems (DCS), and other control system configurations such as Programmable Logic
Controllers (PLC). s.l. : National Institute of Standards and Technology, 2011.
75.
Snyder,
Mike.
Smart
Grid
http://ict2020.tiaonline.org/may_june_2009/policy_stimulus.cfm.

Synergy.

76. Smith, Steven S. The SCADA Security Challenge: The Race Is On. 2006.

[Online]

76

Smart Grid Security


Annex V. Related initiatives
77. Identifying, understanding, and analyzing Critical Infrastructure Interdependencies.
Rinaldi, Steven M., Peerenboom, James P. and Kelly, Terrence K. 2001, IEEE Control Systems
Magazine.
78. Mo, Yilin, et al. CyberPhysical Security of a Smart Grid Infrastructure. s.l. :
http://sparrow.ece.cmu.edu/group/pub/Mo-Kim-etal-ProcIEEE-2011.pdf, 2011.
79. Masica, Ken. Securing WLANs using 802.11i. Draft. Recommended Practice. 2007.
80. . Recommended Practices Guide For Securing ZigBee Wireless Networks in Process
Control System Environments. 2007.
81. Lewis, Adam. ERN-CIP: European reference network for critical infrastructure protection.
[Online] http://www.creatif-network.eu/workshop1/Lewis_session3.pdf.
82. Lenzini, G., Oostdijk, M. and Teeuw, W. Trust, Security, and Privacy for the Advanced
Metering Infrastructure. s.l. : https://doc.novay.nl/dsweb/Get/Document-100649, 2009.
83. Kwasinski, A. Implication of Smart-Grids development for communication systems in
normal operation and during disasters. 2010.
84. Jeff Trandahl, Clerk. USA Patriot
http://epic.org/privacy/terrorism/hr3162.html.

Act

(H.R.

3162).

[Online]

2001.

85. International Organization for Standardization (ISO), International Electrotechnical


Commission (IEC). Information technology Security techniques Code of practice for
information security management. International Organization for Standardization,
International Electrotechnical Commission. 2005.
86. Huntington, Guy. NERC CIPs and identity management. Huntington Ventures Ltd. 2009.
87. Holstein, Dennis Cease, Li, Haiyu L and Meneses, Albertin,. The Impact of Implementing
Cyber Security Requirements using IEC 61850. 2010.
88. Holstein, Dennis K. P1711 The state of closure. s.l. : PES/PSSC Working Group C6, 2008.
89. Hayden, Ernie. There is No SMART in Smart Grid Without Secure and Reliable
Communications. s.l. : http://www.verizonbusiness.com/resources/whitepapers/wp_nosmart-in-smart-grid-without-secure-comms_en_xg.pdf.
90. Hart, D.G. Using AMI torealize the Smart Grid. En Powerand energy society general
meeting -Conversion and delivery of electrical energy in the 21st Century. s.l. : IEEE 2008, 2008.
91. Green, Brian D., Cote, J. R. and Simmins, John. Smartgridinformation.info. [Online] 17 8
2010. [Cited: 30 12 2011.] http://www.smartgridinformation.info/pdf/2663_doc_1.pdf.
92. Gorman, Siobhan. Electricity Grid in U.S. Penetrated By Spies.
93. Gomz, J. Antonio. III Curso de verano AMETIC-UPM 2011 hacia un mundo digital: las eTIC motor de los cambios sociales, econmicos y culturales. 2011.
94. Glckler, Oszvald. IAEA Coordinated Research Project (CRP) on Cybersecurity of Digital
I&C
Systems
in
NPPs.
[Online]
2011.

Smart Grid Security


77
Annex V. Related initiatives

http://www.iaea.org/NuclearPower/Downloads/Engineering/meetings/2011-05-TWGNPPIC/Day-3.Thursday/TWG-CyberSec-O.Glockler-2011.pdf.
95. Giordano, Vincenzo, et al. Smart Grid projects in Europe: lessons learned and current
developments. 2011.
96. Ginter, Andrew. An Analysis of Whitelisting Security Solutions and Their Applicability in
Control Systems. 2010.
97. Flick, Tony and Morehouse, Justin. Securing the Smart Grid. Next Generation Power Grid
Security. 2011.
98. Fan, Jiyuan and Zhang, Xiaoling. Feeder Automation within the Scope of Substation
Automation.
[Online]
10
31,
2006.
[Cited:
12
29,
2011.]
http://www.ieee.org/portal/cms_docs_pes/pes/subpages/meetingsfolder/PSCE/PSCE06/panel24/Panel-24-3_Feeder_Automation.pdf.
99. Fan, Jiyuan, du Toit, Willem and Backschneider, Paul. Distribution Substation Automation
in Smart Grid.
100. Falliere, Nicolas, Murchu, Liam O and Chien, Eric. W32.Stuxnet Dossier. Symantec. 2011.
101. Ericsson, Gran. Managing Information Security in an Electric Utility. Cigr Joint Working
Group (JWG) D2/B3/C2-01.
102. Ebinger, Charles and Massy, Kevin. Software and hard targets: enhancing Smart Grid
cyber
security
in
the
age
of
information
warfare.
s.l. :
http://www.brookings.edu/~/media/Files/rc/papers/2011/02_smart_grid_ebinger/02_smart_
grid_ebinger.pdf, 2011.
103. Daz Andrade, Carlos Andrs and Hernandez, Juan Carlos. Smart grid: Las TICs y la
modernizacin de las redes de energa elctrica Estado del arte. 2011.
104. Davis, Mike. SmartGrid Device Security. Adventures in a new medium. s.l. :
https://www.blackhat.com/presentations/bh-usa-09/MDAVIS/BHUSA09-Davis-AMISLIDES.pdf, 2009.
105. Conant, Rob. Toward a Global Smart Grid - The U.S. vs. Europe. [Online]
http://www.elp.com/index/display/article-display/2702271845/articles/utility-automationengineering-td/volume-15/Issue_5/Features/Toward_a_Global_Smart_Grid__The_US_vs_Europe.html .
106. . Toward a Global Smart Grid - The U.S. vs. Europe. [Online]
http://www.elp.com/index/display/article-display/2702271845/articles/utility-automationengineering-td/volume-15/Issue_5/Features/Toward_a_Global_Smart_Grid__The_US_vs_Europe.html.
107.
Coll-Mayor,
Debora.
Overview
of
strategies
and
goals.
[Online]
http://www.4thintegrationconference.com/downloads/Strategies & Goals of Smartgrid in
Europe.pdf.

78

Smart Grid Security


Annex V. Related initiatives
108. Cleveland, Frances. White Paper: Cyber Security Issues for the Smart Grid. s.l. :
http://www.xanthusconsulting.com/Publications/White_Paper_Cyber_Security_Issues_for_the_Smart_Grid.pdf,
2009.
109. Clemente, Jude. The Security Vulnerabilities of Smart Grid. s.l. :
http://www.ensec.org/index.php?option=com_content&view=article&id=198:the-securityvulnerabilities-of-smart-grid&catid=96:content&Itemid=345, 2009.
110. Chebbo, Maher. Recommendations of the SmartGrid ICT consultation Group to the
European Commision. 2010.
111. Carpenter, Matthew and Wright, Joshua. Advanced metering infrastructure attack
methodology. 2009.
112. Brodsy, Jacob and McConnell, Anthony. Jamming and Interference Induced Denial-ofService Attacks on IEEE 802.15.4-Based Wireless Networks. 2009.
113. Boyer, Stuart A. SCADA: Supervisory Control and Data Acquisition. Iliad Development
Inc., ISA. 2010.
114. . SCADA Supervisory and Data Acquisition. 2004.
115. Berkeley III, Alfred R. and Wallace, Mike. A Framework for Establishing Critical
Infrastructure Resilience Goals. Final Report and Recommendations by the Council. s.l. :
National Infrastructure Advisory Council, 2010.
116.
Bartels,
Guido.
Combating
Smart
Grid
Vulnerabilities.
s.l. :
http://www.ensec.org/index.php?option=com_content&view=article&id=284:combatingsmart-grid-vulnerabilities&catid=114:content0211&Itemid=374, 2011.
117. Bailey, David and Wright, Edwin. Practical SCADA for Industry. s.l. : Newnes, 2003.
118.
Asad,
Mohammad.
Challenges
of
http://www.ceia.seecs.nust.edu.pk/pdfs/Challenges_of_SCADA.pdf.

SCADA.

[Online]

119. Anderson, Roger N., et al. Computer-Aided Lean Management for the Energy Industry.
2008.
120. Amin, Saurabh, Sastry, Shankar and Crdenas, Alvaro A. Research Challenges for the
Security of Control Systems. 2008.
121. Amin, S. Massoud. Smart Grid: Overview, Issues and Opportunities. Advances and
Challenges in Sensing, Modeling, Simulation, Optimization and Control. s.l. :
http://central.tli.umn.edu/CDC_Semi_plenary_Smart%20Grids_Massoud%20Amin_final.pdf,
2011.
122. Abbott, Ralph E. The Successful AMI Marriage: When Water AMR and Electric AMI
Converge.
[Online]
http://www.waterworld.com/index/display/articledisplay/328763/articles/waterworld/volume-24/issue-5/editorial-feature/the-successful-amimarriage-when-water-amr-and-electric-ami-converge.html.

Smart Grid Security


79
Annex V. Related initiatives

123.
ZigBee.
ZigBee
Home
Automation
Overview.
http://www.zigbee.org/Standards/ZigBeeHomeAutomation/Overview.aspx.

[Online]

124. International Federation of Automatic Control (IFAC). Working Group 3: Intelligent


Monitoring, Control and Security of Critical Infrastructure Systems IFAC TC Websites.
[Online]
http://tc.ifac-control.org/5/4/working-groups/copy2_of_working-group-1decentralized-control-of-large-scale-systems.
125.
WirelessHART.
WirelessHART.
http://www.hartcomm.org/protocol/wihart/wireless_technology.html.

[Online]

126. Web application Security Consortium. Web Application Firewall Evaluation Criteria.
[Online] 2009. http://projects.webappsec.org/w/page/13246985/Web Application Firewall
Evaluation Criteria.
127. VIKING Project. Vital Infrastructure, Networks, Information and Control Systems
Management. [Online] 2008. http://www.vikingproject.eu.
128. VDI/VDE. VDI/VDE 2182: IT security for industrial automation. 2011.
129. United States Computer Emergency Readiness Team (US-CERT). US-CERT: United States
Compueter Emergency readiness Team. [Online] http://www.us-cert.gov.
130. Institute of Electrical and Electronics Engineers (IEEE). Transmission & Distribution
Exposition & Conference 2008 IEEE PES : powering toward the future. Institute of Electrical and
Electronics Engineers. 2008.
131. Pacific Northwest National Labortory, U.S. Department of Energy. The Role of
Synchronized Wide Area Measurements for Electric Power Grid Operations. 2006.
132. EURELECTRIC Networks Committee. The Role of Distribution System. Operators (DSOs) as
Information Hubs. 2010.
133. The 451 Group. The adversary: APTs and adaptive persistent adversaries. 2010.
134. SANS. The 2011 Asia Pacific SCADA and Process Control Summit - Event-At-A-Glance.
[Online] 2011. http://www.sans.org/sydney-scada-2011.
135. International Energy Agency (IEA). Technology Roadmap. Smart Grids. France :
OCDE/IEA, 2011.
136. EPRI. Technical and System Requirements for Advanced Distribution Automation. 2004.
137. International Federation of Automatic Control (IFAC). TC 6.3. Power Plants and Power
Systems IFAC TC Websites. [Online] http://tc.ifac-control.org/6/3.
138. . TC 3.1. Computers for Control IFAC TC Websites. [Online] http://tc.ifaccontrol.org/3/1.
139. ESCoRTS Project. Survey on existing methods, guidelines and procedures. 2009.
140. CEN/CENELEC/ETSI Joint Working Group. Standards for Smart Grids. 2011.

80

Smart Grid Security


Annex V. Related initiatives
141. Smart Substations. Smart Substations:Desing, Operations and Maintenance. [Online]
http://www.smartsubstations.com.au/Event.aspx?id=664622.
142. EnergieNed. Smart Meter Requirements. Dutch Smart Meter specification and tender
dossier.
s.l. :
http://www.energiened.nl/_upload/bestellingen/publicaties/288_Dutch%20Smart%20Meter
%20%20v2.1%20final%20Main.pdf, 2008.
143.
European
Commision.
Energy.
Smart
Grids
Task
http://ec.europa.eu/energy/gas_electricity/smartgrids/taskforce_en.htm.

force.

[Online]

144. U.S. Department of Energy. Smart Grid System Report. 2009.


145.
Industrial
Defender.
Smart
Grid
http://blog.industrialdefender.com/?p=756, 2011.

Safety

vs

Confidentiality.

s.l. :

146.
Enerweb.
Smart
grid
Information
Report.
http://enerweb.co.za/brochures/Smart%20Grid%20Information%20Report.pdf, 2011.

s.l. :

147. IEEE Smart grid. Smart Grid Conceptual Model. [Online] http://smartgrid.ieee.org/ieeesmart-grid/smart-grid-conceptual-model.
148. Sonoma innovation. Smart Grid Communications Architectural Framework. 2009.
149. EU Commission Task Force for Smart Grids. Expert Group 4. Smart Grid aspects related
to Gas. 2011.
150. European Commision. Smart electricity Systems. European CommisionJoint Research
Centre. [Online] http://ses.jrc.ec.europa.eu/.
151. Siemens. Smart Distribution. Distribution Automation and Protection. [Online] [Cited: 29
12
2011.]
http://www.energy.siemens.com/fi/en/energy-topics/smart-grid/smartdistribution/distribution-automation-and-protection.htm.
152. The Climate Group. smart 2020: enabling the low carbon economy in the information
age. [Online] 2008.
153. Treehugger. SMART 2020 Report: Smart Grids Can Cut CO2 Emissions by 15 Percent.
[Online] 2011. http://www.treehugger.com/clean-technology/smart-2020-report-smart-gridscan-cut-co2-emissions-by-15-percent.html.
154. smart 2020. Smart 2020 . [Online] 2009. http://www.smart2020.org/.
155. ESCoRTS Project. Security of Control and Real Time Systems. [Online] 2008.
http://www.escortsproject.eu.
156.
ABB.
Security
in
the
smart
grid.
s.l. :
http://www02.abb.com/db/db0003/db002698.nsf/0/832c29e54746dd0fc12576400024ef16/
$file/paper_Security+in+the+Smart+Grid+%28Sept+09%29_docnum.pdf, 2009.
157. American Petroleum Institute (API) energy. Security Guidelines for the Petroleum
Industry. American Petroleum Institute. 2005.

Smart Grid Security


81
Annex V. Related initiatives

158. Technical Support Working Group (TSWG). Securing Your SCADA and Industrial Control
Systems. Departmet of Homeland Security. 2005.
159. Rijksoverheid. Scenario's Nationale Risicobeoordeling 2008/2009. [Online] 2009.
http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2009/10/21/scenario-snationale-risicobeoordeling-2008-2009.html.
160. SANS. SCADA Security Advanced Training. [Online] 1989. http://www.sans.org/securitytraining/scada-security-advanced-training-1457-mid.
161. Water Sector Coordinating Council Cyber Security Working Group. Roadmap to Secure
Control Systems in the Water Sector. 2008.
162.
RISI.
Repository
of
http://www.securityincidents.org/.

Industrial

Security

Incidents.

[Online]

163. United States Nuclear Regulatory Commission. Regulatory Guide 5.71: Cyber security
programs for nuclear facilities. 2010.
164. Department of Homeland Security (DHS). Recommended Practice: Improving Industrial
Control Systems Cybersecurity with Defense-In-Depth Strategies. 2009.
165. Wikipedia. Recloser. [Online] [Cited: 12 26, 2011.] http://en.wikipedia.org/wiki/Recloser.
166. Iberdrola. Proyecto tipo para Centro de Transformacin intemperie compacto. [En lnea]
Abril
de
1997.
[Citado
el:
29
de
Diciembre
de
2011.]
http://www.coitiab.es/reglamentos/electricidad/reglamentos/jccm/iberdrola/mt_2-1105.htm.
167. Centre for the Protection of National Infrastructure (CPNI). Process control and SCADA
security. Guide 7. Establish ongoing governance. Centre for the Protection of National
Infrastructure.
168. . Process control and SCADA security. Guide 6. Engage projects. Centre for the
Protection of National Infrastructure.
169. . Process control and SCADA security. Guide 5. Manage third party risk. Centre for the
Protection of National Infrastructure.
170. . Process control and SCADA security. Guide 4. Improve awareness and skills. Centre for
the Protection of National Infrastructure.
171. . Process control and SCADA security. Guide 3. Establish response capabilities. Centre
for the Protection of National Infrastructure.
172. . Process control and SCADA security. Guide 2. Implement secure architecture. Centre
for the Protection of National Infrastructure.
173. . Process control and SCADA security. Guide 1. Understand the business risk. Centre for
the Protection of National Infrastructure.

82

Smart Grid Security


Annex V. Related initiatives
174. . Process control and SCADA security. Centre for the Protection of National
Infrastructure.
175. Institute of Electrical and Electronics Engineers (IEEE). P2030: IEEE Guide for Smart Grid
Interoperability of Energy Technology and Information Technology Operation with the Electric
Power System (EPS), End-Use Applications, and Loads. 2011.
176.
Wikipedia.
Outage
management
http://en.wikipedia.org/wiki/Outage_management_system.

system.

[Online]

177. Open Smart Grid. Open Smart Grid. [Online] http://osgug.ucaiug.org/default.aspx.


178. OpenSG. Open Smart Grid. http://osgug.ucaiug.org. [Online]
179. Norwegian Oil Industry Association (OLF). OLF Guideline No.110: Implementation of
information security in PCSS/ICT systems during the engineering, procurement and
commissioning phases. Norwegian Oil Industry Association. 2006.
180. . OLF Guideline No. 104: Information Security Baseline Requirements for Process.
Norwegian Oil Industry Association. 2006.
181. National Institute of Standards and Technology (NIST). NIST SP 1108: NIST Framework
and Roadmap for Smart Grid Interoperability Standards, Release 1.0. 2010.
182. The White House. National Strategy for Information Sharing. [Online] 2007.
http://georgewbush-whitehouse.archives.gov/nsc/infosharing/index.html.
183. Department of Homeland Security (DHS). National Infrastructure Protection Plan:
Partnering to enhance protection and resiliency. Department of Homeland Security. 2009.
184. NAMUR. NAMUR NA 115 IT-Security for Industrial Automation Systems: Constraints for
measures applied in process industries. 2006.
185. Centre for the Protection of Critial Infrastructure (CPNI). Meridian Process Control
Security
Information
Exchange
(MPCSIE).
[Online]
http://www.cpni.nl/informatieknooppunt/internationaal/mpcsie.
186. Meridian. Meridian. [Online] http://www.meridian2007.org.
187. International Electrotechnical Commission (IEC). ISO/IEC 15408: Information technology.
Security techniques. Evaluation criteria for IT security. 2009-2011.
188. International Society of Automation (ISA). ISA100, Wireless Systems for Automation.
[Online] www.isa.org/isa100.
189. INTERSECTION Project. INfrastructure for heTErogeneous, Resilient, SEcure, Complex,
Tightly Inter-Operating Networks (INTERSECTION). [Online] 2008. http://www.intersectionproject.eu.
190. Norwegian Oil Industry Association (OLF). Information Security Baseline Requirements
for Process Control, Safety, and Support ICT Systems. Norwegian Oil Industry Association.
2009.

Smart Grid Security


83
Annex V. Related initiatives

191. INSPIRE Project. INcreasing Security and Protection through Infrastructure REsilience.
[Online] 2008. http://www.inspire-strep.eu.
192. International Federation for Information Processing (IFIP). IFIP WG 1.7 Home Page.
[Online] http://www.dsi.unive.it/~focardi/IFIPWG1_7.
193. . IFIP Technical Committees. [Online] http://ifiptc.org/?tc=tc11.
194. . IFIP TC 8 International Workshop on Information Systems Security Research. [Online]
http://ifip.byu.edu.
195. Institute of Electrical and Electronics Engineers (IEEE). IEEE Standard for Substation
Intelligent Electronic Devices (IEDs) Cyber Security Capabilities. 2007.
196. . IEEE Standard C37.1-1994: Definition, Specification, and Analysis of Systems Used for
Supervisory Control, Data Acquisition, and Automatic Control. Institute of Electrical and
Electronics Engineers. 1994.
197. International Electrotechnical Commission (IEC). IEC 62443: Security for Industrial
Process Measurement and Control: Network and System Security. 2010.
198. . IEC 61970: Common Information Model (CIM) / Energy Management.
199. . IEC 61968: Common Information Model (CIM) / Distribution Management.
200. . IEC 61850-7-2: Communication networks and systems for power utility automation
Part 7-2: Basic information and communication structure Abstract communication service
interface (ACSI). International Electrotechnical Commission. 2010.
201. . IEC 61850: Communication networks and systems in substations. 2011.
202. . IEC 60870-6: Telecontrol equipment and systems. 2005.
203. . IEC 60870-5: Telecontrol equipment and system. 2007.
204. ICT4SMARTDG. ICT Solutions to enable Smart Distributed Generation. 2011.
205. International Atomic Energy Agency (IAEA). IAEA Technical Meeting on Newly Arising
Threats
in
Cybersecurity
of
Nuclear
Facilities.
[Online]
2011.
http://www.iaea.org/NuclearPower/Downloads/Engineering/files/InfoSheetCybersecurityTM-May-2011.pdf.
206.
Energie
Vortex.
http://www.energyvortex.com.
[Online]
http://www.energyvortex.com/energydictionary/blackout__brownout__brown_power__rolli
ng_blackout.html.
207. IRRIIS Project. Homepage of the IRRIIS project. [Online] 2006. http://www.irriis.org.
208. Department of Homeland Security (DHS). Homeland Security Presidential Directive-7.
[Online] 2003. http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm#1.

84

Smart Grid Security


Annex V. Related initiatives
209. Department of Energy (DoE). Hands-on Control Systems Cyber Security Training of
National
SCADA
Test
Bed.
[Online]
2008.
http://www.inl.gov/scada/training/d/8hr_intermediate_handson_hstb.pdf.
210.
BBC
news.
Hackers
'hit'
US
water
http://www.bbc.co.uk/news/technology-15817335, 2011.

treatment

systems.

s.l. :

211. Swedish Civil Contingencies Agency (MSB). Guide to Increased Security in Industrial
Control Systems. Swedish Civil Contingencies Agency. 2010.
212. Commission of the European communities. Green paper. On a European programme for
critical infrastructure protection COM(2005) 576 final. 2005.
213. National Infrastructure Security Coordination Centre (NISCC). Good Practice Guide
Process Control and SCADA Security. PA Consulting Group. 2006.
214. . Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks.
British Columbia Institute of Technology (BCIT). 2005.
215. McAfee. Global Energy Cyberattacks: Night Dragon. [Online] 2011.
http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-nightdragon.pdf.
216. National Infrastructure Security Coordination Centre (NISCC). Firewall deployment for
scada and process control networks. good practice guide. National Infrastructure Security
Coordination Centre. 2005.
217. Centre for the Protection of National Infrastructure (CPNI). Firewall deployment for
scada and process control networks. Centre for the Protection of National Infrastructure.
2005.
218. National Institute of Standards and Technology (NIST). FIPS PUB 199. Standards for
Security Categorization of Federal Information and Information Systems. [Online] 2004.
http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf.
219. . Field Device Protection Profile for SCADA Systems in Medium Robustness
Environments. 2006.
220. EU Commission Task Force for Smart Grids. Expert Group 1: Functionalities of smart grids
and smart meters. 2010.
221.
The
White
House.
Executive
http://www.fas.org/irp/offdocs/eo/eo-13231.htm.

Order

13231.

[Online]

222. European Commission. Europ2 2020. Europe 2020 targets.


http://ec.europa.eu/europe2020/reaching-the-goals/targets/index_en.htm.

2001.
[Online]

223. Eur Lex. [Online] http://eur-lex.europa.eu/en/index.htm.


224. European Network and Informations Security Agency (ENISA). EU Agency analysis of
Stuxnet malware: a paradigm shift in threats and Critical Information Infrastructure

Smart Grid Security


85
Annex V. Related initiatives

Protection. [Online] 2010. http://www.enisa.europa.eu/media/press-releases/eu-agencyanalysis-of-2018stuxnet2019-malware-a-paradigm-shift-in-threats-and-critical-informationinfrastructure-protection-1.


225. Instituto de Investigaciones Elctricas de Mxico. Estado del arte en Redes Inteligentes
"Smart Grids". Automatizacin de la Distribucin en las Redes Inteligentes. Mxico : s.n.
226. eSEC. eSEC. Plataforma Tecnolgica Espaola de Tecnologas para Seguridad y Confianza.
[Online] http://www.idi.aetic.es/esec.
227.
Energie.gov.
Energy
development/energy-storage.

Storage.

[Online]

http://energy.gov/oe/technology-

228. Department of Energy (DoE). Energy Infrastructure Risk Management Checklists for
Small and Medium Sized Energy Facilities. Department of Energy. 2002.
229. Energy Independence and Security Act of 2007. s.l. : http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=110_cong_bills&docid=f:h6enr.txt.pdf, 2007.
230.
Energiened.
Energiened
Documentation.
http://www.energiened.nl/Content/Publications/Publications.aspx.

[Online]

231. U.S. Department of Energy. Electricity sector cyber-security risk management process
guideline. 2011.
232. Government Accountability Office (GAO). Electricity grid modernization. Progress Being
Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed. s.l. :
http://www.gao.gov/new.items/d11117.pdf, 2011.
233. Smarter Grid Solutions. Dynamic Line Rating - managing capacity. [Online]
http://www.smartergridsolutions.com/index.html?pid=153.
234. National Institute of Standards and Technology (NIST). Draft NIST Framework and
Roadmap for Smart Grid Interoperability Standards, Release 2.0. 2011.
235. DLMS User Association. DLMS/COSEM: Conformance Testing Process. 2010.
236. . DLMS/COSEM: Architecture and Protocols. 2009.
237.
Wikipedia.
Distribution
mangagement
http://en.wikipedia.org/wiki/Distribution_mangagement_system.

system.

[Online]

238. Commission of the European communities. Directive 95/46/EC of the European


Parliament and of the Council of 24 October 1995 on the protection of individuals with regard
to the processing of personal data and on the free movement of such data. 1995.
239.
DigitalBond.
DigitalBond.
ICS
Security
Tool
http://www.digitalbond.com/tools/ics-security-tool-mail-list.

Mail

List.

[Online]

240. Department of Homeland Security (DHS). DHS officials: Stuxnet can morph into new
threat. [Online] 2011. http://www.homelandsecuritynewswire.com/dhs-officials-stuxnet-canmorph-new-threat.

86

Smart Grid Security


Annex V. Related initiatives
241. Department of Energy (DoE). Cybersecurity for Energy Delivery Systems Peer Review.
[Online] 2010. http://events.energetics.com/CSEDSPeerReview2010.
242. Department of Homeland Security (DHS). Cyber storm III Final Report. Department of
Homeland Security Office of Cybersecurity and Communications National Cyber Security
Division. 2011.
243. Centre for the Protection of National Infrastructure (CPNI). Cyber security assessments
of industrial control systems. Centre for the Protection of National Infrastructure. 2011.
244. CRUTIAL Project.
http://crutial.rse-web.it.

CRitical

Utility

InfrastructurAL

resilience.

[Online]

2006.

245. Thales. Critical Infrastructure Security. A Holistic Security Risk Management Approach.
s.l. :
http://www.securitymanagement.com.au/content/file/CriticalISThales.pdf?asm=ad05637d37
e2a8c1afeeda016804c85, 2008.
246. United States General Accounting Office (GAO). Critical infrastructure protection.
Challenges and Efforts to Secure Control Systems. United States General Accounting Office.
2004.
247. CI2RCO Project. Critical information infrastructure research coordination. [Online] 2008.
http://cordis.europa.eu/fetch?CALLER=PROJ_ICT&ACTION=D&CAT=PROJ&RCN=79305.
248. SINTEF. CRIOP: A scenario method for Crisis Intervention and Operability analysis. 2011.
249. Centre for the Protection of Critical Infrastructure (CPNI). CPNI. [Online]
http://www.cpni.gov.uk/advice/infosec/business-systems/scada.
250. Commission of the European communities. Council directive 2008/114/EC of 8
December 2008 on the identification and designation of European critical infrastructures and
the assessment of the need to improve their protection. 2008.
251. Council decision on a Critical Infrastructure Warning Information Network (CIWIN)
COM(2008) 676. Commission of the European communities. 2008.
252. DLMS User Association. COSEM: Identification System and Interface Classes. 2010.
253. . COSEM: Glossary of Terms. 2003.
254. Department of Energy (DoE). Control Systems Security Publications Library. [Online]
http://energy.gov/oe/control-systems-security-publications-library.
255. United States Computer Emergency Readiness Team (US-CERT). Control Systems
Security Program: Industrial Control Systems Joint Working Group. [Online] http://www.uscert.gov/control_systems/icsjwg/index.html.
256. . Control Systems Security Program: Industrial Control Systems Cyber Emergency
Response Team. [Online] http://www.us-cert.gov/control_systems/ics-cert/.

Smart Grid Security


87
Annex V. Related initiatives

257. Interstate Natural Gas Association of America (INGAA). Control Systems Cyber Security
Guidelines for the Natural Gas Pipeline Industry. Interstate Natural Gas Association of
America. 2011.
258. ICT4SMARTDG. Consensus on ICT solutions for a Smart Distribution at Domestic Level.
2011.
259. Centre for the Protection of National Infrastructure (CPNI). Configuring & managing
remote access for industrial control systems. Centre for the Protection of National
Infrastructure. 2011.
260. Commission of the European communities. Communication from the commission.
Energy infrastructure priorities for 2020 and beyond A Blueprint for an integrated European
energy network. COM(2010) 677. 2010.
261. . Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions: A Digital Agenda
for Europe. COM(2010)245 final. 2010.
262. . Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. Energy 2020: A
strategy for competitive, sustainable and secure energy. COM(2010) 639 final. 2010.
263. . Communication from the commission to the european parliament, the council, the
european economic and social committee and the committee of the regions. Digital Agenda
for Europe. COM(2010) 245. 2010.
264. . Communication from the commission to the council, the European parliament, the
European economic and social commitee and the commitee of the regions. A strategy for a
Secure Information Society 'Dialogue, partnership and empowerment' COM(2006) 251. 2006.
265. . Communication from the commission to the council and the European parliament.
Prevention, preparedness and response to terrorist attacks COM(2004) 698 final. 2004.
266. . Communication from the commission to the council and the European parliament.
Critical Infrastructure Protection in the fight against terrorism COM(2004) 702 final. 2004.
267. . Communication from the commission on a European Programme for Critical
Infrastructure Protection COM(2006) 786. 2006.
268. North American Electric Reliability Corporation (NERC). CIP-009-4: Cyber Security
Recovery Plans for Critical Cyber Assets. North American Electric Reliability Corporation
(NERC). 2011.
269. . CIP-008-4: Cyber Security Incident Reporting and Response Planning. North
American Electric Reliability Corporation. 2011.
270. . CIP-007-4: Cyber Security Systems Security Management. North American Electric
Reliability Corporation. 2011.

88

Smart Grid Security


Annex V. Related initiatives
271. . CIP-006-4: Cyber Security Physical Security. North American Electric Reliability
Corporation. 2011.
272. . CIP-005-4: Cyber Security Electronic Security Perimeter(s). North American Electric
Reliability Corporation. 2011.
273. . CIP-004-4: Cyber Security Personnel and Training. North American Electric
Reliability Corporation. 2011.
274. . CIP-003-4: Cyber Security Security Management Controls. North American Electric
Reliability Corporation. 2011.
275. . CIP-002-4: Cyber Security Critical Cyber Asset Identification. North American
Electric Reliability Corporation. 2011.
276. . CIP-001-1a: Sabotage Reporting. North American Electric Reliability Corporation.
2010.
277. Department of Homeland Security (DHS). Catalog of Control Systems Security:
Recommendations for Standards Developers. 2009.
278. Council of the European Union. Brussels European Council 8/9 march 2007. Presidency
conclusions. 2007.
279. Power Systems Engineering Research Center. Automated Circuit Breaker Monitoring.
2007.
280. Gartner. Assessing the Security Risks of Cloud Computing. Gartner. [Online] 2008.
http://www.gartner.com/DisplayDocument?id=685308.
281. American Petroleum Institute (API) energy. API Standard 1164. Pipeline SCADA Security.
American Petroleum Institute. 2009.
282. American National Standard (ANSI). ANSI/ISA-TR99.00.01-2007 Security Technologies for
Industrial Automation and Control Systems. International Society of Automation (ISA). 2007.
283. . ANSI/ISA99.02.012009 Security for Industrial Automation and Control Systems. Part
2: Establishing an Industrial Automation and Control Systems Security Program. International
Society of Automation (ISA). 2009.
284. . ANSI/ISA99.00.012007 Security for Industrial Automation and Control Systems. Part
1: Terminology, Concepts, and Models. International Society of Automation (ISA). 2007.
285. . ANSI C12.21: American National Standard for Protocol Specification for Telephone
Modem Communication. 2006.
286. . ANSI C12.19: American National Standard for Utility Industry End Device Data Tables.
2008.
287. . ANSI C12.18: American National Standard for Protocol Specification for ANSI Type 2
Optical Port. 2006.
288. AMI-SEC-ASAP. AMI System Security Requirements. 2008.

Smart Grid Security


89
Annex V. Related initiatives

289. American Gas Association (AGA). AGA Report No. 12, Cryptographic Protection of SCADA
Communications. Part 2 Performance Test Plan. American Gas Association. 2006.
290. . AGA Report No. 12, Cryptographic Protection of SCADA Communications. Part 1
Background, policies and test plan. American Gas Association. 2006.
291. Wikipedia. Advanced Distribution Automation. [Online] [Cited: 02 01 2012.]
http://en.wikipedia.org/wiki/Advanced_Distribution_Automation.
292. IBM Global Services. A Strategic Approach to Protecting SCADA and Process Control
Systems. 2007.
293. Europe 2020. A resource-efficient Europe Flagship initiative of the Europe 2020
Strategy. [Online] http://ec.europa.eu/resource-efficient-europe/index_en.htm.
294. EOS Energy Infrastructure Protection & Resilience Working Group. A global european
approach for energy infrastructure protection & resilience. s.l. : http://www.eoseu.com/LinkClick.aspx?fileticket=DEvuI/4l1jU=&tabid=232, 2009.
295. Department of Energy (DoE). 21 Steps to Improve Cyber Security of SCADA Networks.
Department of Energy.
296. Security of Industrial Control Systems, What to Look For. Zwan, Erwin van der. 2010,
ISACA Journal Online.
297. IEC. IEC TS 62351-5: Power systems management and associated information exchange
Data and.
298. En. [Online]
299. Taylor, Dr. Gary. DEVELOPING NOVEL ICT BASED SOLUTIONS FOR SMART DISTRIBUTION
NETWORK
OPERATION.
[Online]
http://dea.brunel.ac.uk/hiperdno/files/UPEC%202010%20HiPerDNO%20Project%20Presentati
on.pdf.
300. NIST -SGIP. SGIP Catalog of Standards. [Online] 2012. http://collaborate.nist.gov/twikisggrid/bin/view/SmartGrid/SGIPCatalogOfStandards.

Smart Grid Security

90

Annex V. Related initiatives

13 Abbreviations
ACER
ADA
AMI
AMR/AMM
ANSI
AoR
BAN
BPL
C&DM
CC
CEN
CENELEC
CEO
CERT
CIA
CIWIN
C-level
CO2
COTS
CS
CZ
DAE
DCA
DE
DER
DG ENER
DK
DLF/DLE
DLMS/COSEM
DLR
DMS
DoS
DPF
DSE
DSM
DSO
EACI

Agency for the Cooperation of Energy Regulators


Advanced Distribution Automation
Advanced Metering Infrastructure
Advanced Metering Reading/Measures
American National Standards Institute
Assessment of the Resilience
Building Area Networks
Broadband over power line
Control & Data Management
Common Criteria
European Committee for Standardization
European Committee for Electrotechnical Standardization
chief executive officer
centre emergency response team
Confidentially, Integrity and Availability
Critical Infrastructure Warning Information Network
Chief level (CEO, CIO, ...)
Carbon dioxide
Commercial of the Self
Control Systems
Czech Republic
Digital Agenda for Europe
Distribution Contingency Analysis
Germany
Distributed Energy Resources
Directorate-General for Energy
Denmark
Distribution Load Forecasting and Estimation
Device Language Message specification/COmpanion Specification for Energy
Metering
Dynamic Line Ratings
Distribution Management System
Denial of Service
Distribution Power Flow
Distribution State Estimation
Demand Side Management
Distribution System Operators
European Association for Creativity and Innovation

Smart Grid Security


91
Annex V. Related initiatives

EC
ECI
EG
EII
EISAS
EL
EMS
ENISA
ENTSO
EP3R
EPCIP
ES
ESI
ETN
ETP
ETP
ETSI
EU
EV
FAN
FDIR
FP7
FTP
GDP
GHG
GIS
GPRS
HAN
HMI
HPC
HTTP
HTTPS
HVDC
HW
IAC
IAN
ICS
ICT
IE
IEC

European Commission
European Critical Infrastructures
Expert Group
European Industrial Initiatives
European Information Sharing and Alert System
Greek
Energy Management System
European Network and Information Security Agency
European Network of Transmission System Operators for Electricity
European Public Private Partnership for Resilience
European Programme for Critical Infrastructure Protection
Spain
Energy service interface
Electrical Transmission Network
Executive Training Programme
European Technology Platform
European Telecommunications Standards Institute
European Union
Electric Vehicle
Field Area Network
Fault Detection Isolation and Restoration
Framework Programme 7
File Transfer Protocol
Gross domestic product
Greenhouse Gas
geographic Information system
General Packet Radio Service
Home Area Network
Human Machine Interface
High Performance Computing
Hypertext Transfer Protocol
Hypertext Transfer Protocol Secure
High-Voltage Direct Current
Hardware
Integrity, Availability, Confidentiality
Industrial Area Networks
Industrial Control Systems
Information and communications technology
Information Exchange
International Electrotechnical Commission

Smart Grid Security

92

Annex V. Related initiatives


IED
IEEE
IoE
IPS/IDS
IP-Sec
ISA
ISM
ISMS
ISO
IST
IT
IT
IVVC
JHA
JRC
JWG
KF
LAN
LV
MAN
MDMS
MID
MPLS
MS
MV
NAN
NCA
NCI
NERC
NIS
NIST
NL
NO
NRA
OFC
OFDM
OMS
OWASP
PCD
PLC

Intelligent Electronic Devices


Institute of Electrical and Electronics Engineers
Internet of Energy
Intrusion Protection/Detection System
Internet Protocol Secure
International Society of Automation
Information Security Management
Information Security Management System
International Organization for Standardization
Information Society Technologies
Information Technology
Italy
Integrated Voltage/Var Control
Justice and Home Affairs
Joint Research Center
Joint Working Group
Key Finding
Local Area Network
Low Voltage
Metropolitan Area Network
Meter data management system
Measuring Instruments Directive
Multiprotocol Label Switching
Member State
Medium Voltage
Neighbourhood Area Network
National Certification Authorities
National Critical Infrastructures
North American Electric Reliability Corporation
Network and Information Security
National Institute of Standards and Technology
Nederland
Norway
National Regulatory Authorities
Optimal Feeder Configuration
Orthogonal Frequency Division Multiplexing
Outage Management System
Open Web Application Security Project
Process Control Domain
Power Line Communications

Smart Grid Security


93
Annex V. Related initiatives

PMU
PP
QoS
R&D
RBAC
RF
RISI
RMP
RTD
RTP
RTU
SCADA
SES
SFTP
SG
SGIS
SIEM
SL
SMART
SOC
SSH
ST
SW
TCP/IP
Telnet
TF
TOE
TP
TSO
UK
USA/US
USB
VPN
WAAPCA
WAMS
WAN
WASA
WG
WMD

Phasor Measurement Units


Protection Profiles
quality of service
Research and Development
Role Based Access Control
Radio Frequency
Repository of Industrial Security Incidents
Risk Management Process
Research and Technology Development
Real-Time Pricing
Remote Terminal Units
Supervisory Control and Data Acquisition
Smart Electricity System
Secure File Transfer Protocol
Smart Grid
Smart Grid Information Security
Security information and event management
Slovenia
Standardization, Monitoring, Accounting, Rethink, Transformation
Security Operations Centre
Secure Shell
Security Targets
Software
Transmission Control Protocol/Internet Protocol
Telecommunications Network
Task Force
Target of Evaluation
Topology Processor
Transmission System Operators
United Kingdom
United States of America
Universal Serial Bus
Virtual Private Network
wide-area adaptive protection, control and automation
Wide Area Monitoring System
Wide Area Networks
Wide-Area Situational Awareness
Working Group
Weapon of Mass Destruction

94

Smart Grid Security


Annex V. Related initiatives

P.O. Box 1309, 71001 Heraklion, Greece


www.enisa.europa.eu