ENCS and E.DSO release security requirements for distribution automation

ENCS, the European Network for Cyber Security, and E.DSO, the European Distribution System Operators’ Association announced the launch of security requirements for Distribution Automation (DA) of Remote Terminal Units (RTUs).

This is the third in a series of security guidelines for a smarter and more secure energy network, after ENCS and E.DSO previously released security requirements for electric vehicle charging points and smart meters. These requirements are an important tool in improving and harmonising the security of data collection and analysis for utilities across Europe, helping to build a more resilient network.

The requirements provide European distribution system operators (DSOs) with a defined set of practical considerations for procuring secure RTUs and are a significant step forward to industry wide requirements. These requirements have been split into various parts:

ENCS has been active in Distribution Automation security since 2015, where it started analysing vulnerabilities in architectures and systems. The DA requirements were developed for all members and used first by Enexis, where they allowed for a secure DA system and a smoother procurement process, delivered at only a marginal extra cost. ENCS also developed a test plan to verify the correct implementation of the security requirements in a standardised manner. By standardising the test plan, test results can be more easily shared between grid operators.

Roberto Zangrandi, Secretary General of E.DSO, stated: “These requirements are not only key to the long-term vision of our work with ENCS, but lay a strong foundation for an industry-wide set of recommendations. This would be a huge step forward to ensuring security of critical European energy grids and infrastructure, which can only really be achieved through a collaborative effort between DSOs and cybersecurity experts.”

Anjos Nijk, Managing Director of ENCS, stated: “Up until now, Europe has had disparate security requirements due to a scattered approach. However, this work we are doing with E.DSO has allowed for a harmonised and synchronised set of requirements, which will enable manufacturers to implement security cost effectively.

“If these are used by DSOs across Europe it incentivises manufacturers to respond adequately and improve security proactively. This then helps raise security standards across the industry. We aim to replicate this approach in other areas where the industry needs to structurally increase and harmonise security levels.”

The new requirements build on ENCS and EDSO’s memorandum of understanding signed in 2016.