WCK announced today that it is participating in the new Taskforce on Smart Grids being run by the EU’s think thank for strategic matters, CEPS (Center for European Policy Studies).
In the inaugural meeting in Brussels on June 14th, WCK CEO and Founder Eyal Adar lectured to the CEPS taskforce on the topic of Security risk Assessments and Frameworks for the Smart Grid, and how they differ from standard IT risk analysis.
Smart Grid Technology
Smart Grid is a group of modern digital technologies working together that a modernize utilities and electricity delivery. Smart grids are expected to become the backbone of future power systems and are considered the key enabler for improving the reliability, production, distribution and economic efficiency of electricity for consumers and providers.
The CEPS Task force e on Smart Grids consists of a well-established group of research and corporate members from the energy and IT sector that will evaluate new standards and governance approaches to smart grids at the EU level and especially, the security aspects of smart grids.
Unique Challenges of Assessing Smart Grid Security Risk
In his presentation to the task force, Eyal Adar described the unique security challenges of protecting smart grids, which have completely different requirements when it comes to, for example: availability, performance, time criticality, accessibility of components and change management. Eyal depicted several scenarios of how smart grid infrastructure and advanced metering technology can be attacked by hackers in innovative ways that cannot be intercepted by standard IT security solutions.
The Power of a Multi-Disciplinary Approach for Smart Grid Risk Management
“The right way to preempt such sophisticated attacks on smart grids” explained Mr. Adar, “is by a multidisciplinary approach that correlates between multiple layers: the IT / Security layer, the Automation and Control layer which consists of operational technology, and the power layer which consists of physical devices. These 3 layers, in turn, need to be correlated with the business processes and services of the electricity sector.”
Mr. Adar continues, “Only by performing risk assessments that incorporate the relationships and interdependencies between all these layers and their individual parts, can we find hidden vulnerabilities in the smart grid and thus, proactively preempt sophisticated hackers.”
Incorporate Unique Know-how in Smart Grid Risk Frameworks
The ability to capture and re-use unique, industry know-how of smart grid components and technology is another key element of successful risk assessment framework for the smart grid. Knowledge about smart grid assets, architecture, dependencies, unique security requirements, vulnerabilities and controls, is often hard to find and is dispersed between different individuals employed by the energy companies.
For the full presentation given by Eyal to the CEPS Smart Grid Task Force, click on the link: WCK presents to CEPS Smart Grid Taskforce on Securing the Smart Grid June 2013.
WCK provides a business-driven, security intelligence and risk management software solution for IT, cyber security and critical infrastructure protection. For more information visit www.wck-grc.com