Smart grids, upgraded versions of electricity networks with two-way digital communication, should make the
European energy system more efficient. But their dependency on computer networks, applications and the Internet
makes society more vulnerable to malicious cyber attacks with potentially devastating results, European Network and
Information Security Agency said in a report published on Tuesday.
Smart grids are built to enhance the communication between the power supplier and consumers to ensure a
sustainable power system with low losses and high quality, security of supply and safety. However, connecting
energy supplies as consumer solar panels and small wind turbines as well as smart meters to the regular power net
creates extra risk, because extra entry points to the power system are created, ENISA said in
a report on European smart grid security.
ENISA is a European Union body that helps the European Commission and E.U. member states to address network and
information security problems.
The threats to the electricity grids are real. Criminals have been able to hack into computer systems via the
Internet, enabling them to cut power to several cities in the U.S., the CIA unveiled in
2008. The hacks were followed by extortion demands, and in at least one case the disruption caused a power
outage affecting multiple cities, according to the CIA at the time. In 2009, the Wall Street Journal reported that cyberspies from Russia, China and other
countries had penetrated the U.S. electricity grid.
Intrusions like these prove that software and hardware used for smart grids are high risk targets, ENISA said,
adding that reducing barriers to information sharing is vital for the success of smart grids.
While cyber security is almost always considered an important topic in any smart grid project, it is often
ignored because of project budgets, scarce funding and lack of expertise when it comes to a practical
implementation, according to the report. Therefore it is necessary to have a robust and resilient grid
infrastructure that is able to overcome potential attacks, especially denial of service (DoS) attacks, ENISA
An end-to-end security approach is needed from the lowest levels where the smart meters are to the upper layers
that include application systems and integrations with corporate systems, ENISA said. Devising a standard
centralized architecture for smart grids in the E.U. is a basic requirement to secure the system, ENISA said.
ENISA said an incident detection system for smart grids is also needed. That system should have security
monitoring sensors using signature-based software distributed across the grid, able to process data in a
centralized and decentralized manner, ENISA said.
Furthermore, a central monitoring center for data collection and analysis is on ENISA’s wish list, as well as
monitoring centers that could perform research, write new signatures and study new threats. Those recommendations
for secure smart grids should also be considered when discussing the creation of a pan-European entity to manage
large-scale cyber incidents, ENISA said.
In total the report contained 10 recommendations to make European smart grids more secure. Besides solving
technical difficulties, the European Commission and the member states should provide a clear regulatory and policy
framework on smart grid security on a national and European level as this is currently missing, ENISA said. The
Commission should also collaborate with ENISA and the private sector to develop a minimum set of security measures
for smart grids, ENISA said.
The implementation of these recommendations is considered urgent because the smart grid, which is being built at
the same time as it is being defined, is the greatest revolution of the electricity power grids since their
creation, the organization said.
Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org