Smart grid security certification in Europe
ENISA issues a report on smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries.
It describes the specific European situation, and discusses the advantages and challenges towards a more harmonized certification practice.
The report, aims to attract the interest of the smart grid experts and the support of certification authorities on open issues of security certification in smart grid environments. The increasing need for smart grid certification derives from the lack of control over the power supply chain (cables, solar panels, wind turbines, etc.), introduced by smart grid automation.
Udo Helmbrecht commented on the project: “Smart grid and renewable energy are very promising for the European industry. Security certification is an important tool towards increasing users’ trust on the energy power supply chain. In this report, ENISA provides recommendations which support certification authorities in reflecting upon their national security requirements and at the same time pave the way towards improved harmonization of European smart grid certification practices”.
Within this framework, ENISA provides ten recommendations to Member States and the European Commission. These are:
- The European Commission should appoint an EU steering committee to coordinate smart grid certification activities
- The EU steering committee should provide guidance and a reference model to implement a chain of trust
- The EU steering committee should perform a mapping exercise amongst available standards and schemes used in the EU
- The EU steering committee should promote international recognition of schemes such as SOG-IS
- The EU steering committee should promote validation that is commensurate with the risk appetite involved in each use smart grid case
- The EU steering committee should facilitate flexibility to update protection profiles so they can cope with the fast moving security threat landscape
- The Member States should use national profiles as detailed specifications of international standards to cover the specific national use cases and nationally supported test and certification methods
- The European Commission should ask technical committees, in collaboration with the European energy associations, to create European profiles
- The EU steering committee should encourage the provision of tools in respect to the proposed certification framework, while the national technical committees should provide pre-assessment tools for specific schemes
- The European Commission and the Member States should promote compliance and harmonization as economic advantage and a cost reduction measure.