Smart grids are a fundamental component of the European critical infrastructure. They are rooted on communication networks that have become essential elements allowing the leveraging of the “smart” features of power grids.
Smart grids provide real-time information on the grid, perform actions when required without any noticeable lag, and support gathering customer consumption information. On the downside, smart grids however, provide an increased attack surface for criminals.
For instance, smart meters can be hacked to cut power bills as happened in Spain in 2014 or due to a DDoS attack or malware infection, communications and control of the network could be lost, causing an energy production halt and affecting several systems across borders.
To protect networks and devices from cyber threats, a new ENISA study focuses on the evaluation of interdependencies to determine their importance, risks, mitigation factors and possible security measures to implement.
There is high exposure of smart grid devices that makes it essential to harmonize the current situation by establishing common interconnection protocols. It has also become imperative to seek aligning policies, standards and regulations across the EU to ensure the overall security of smart grids.
These aspects have currently grown in importance due to the risk that cascading failures could result since smart grid communication networks are no longer limited by physical or geographical barriers, and an attack on one country could transgress physical and virtual borders.
The recommendations of this report are addressed to operators, vendors, manufacturers and security tools providers in the EU and they include the following:
- Foster intercommunication protocol compatibility between devices originating from different manufacturers and vendors
- Develop a set of minimum security requirements to be applied in all communication interdependencies in smart grids
- Implement security measures on all devices and protocols that are part, or make use of the smart grid communication network.