• News
  • Exclusive Articles
  • PES Essential
  • Solar

Towards a safer smart grid framework


The European solar/PV industry of the near future will live and die by the strength and effectiveness of smart grids, and the organisation charged with ensuring its longevity is the European Network and Information Security Agency. The organisation’s Ulf Bergstrom talks us through some security recommendations for the public and private sector involved in the definition and implementation of smart grids, and offers workable steps forward…

Improve the regulatory and policy framework
The EC should take the lead and develop specific policy documents and regulations on cyber security and privacy of the smart grid in order to improve the current regulatory and policy framework. This extended framework should define and develop, by taking into account existing regulations and policies on smart grid, the root principles, challenges, goals and needs of a long-term European-wide cyber security and privacy strategy for the grid of the future. Policies and regulations should at least look for: 1) considering privacy and cyber security as two intrinsically interdependent topics; 2) defining security measures to be considered in current smart grid deployments (e.g. smart meter roll-outs); 3) demanding grid operators for mandatory risk assessments; 4) demanding manufacturers, integrators, services providers and grid operators to comply with specific security certifications; 5) establishing regulatory pressures (e.g. fines) for not complying companies; 6) making public the compliance results; 7) demanding operators to report on cyber security related incidents to a national or supranational entity.

Objective
The articulation of a broad and complete regulatory and policy framework would bring cyber security to the front-line of action, recognising these matters as key factors for its success and as an essential and fundamental part in the definition of smart grid business models, functionalities, services, etc. Establishing regulatory pressures for not complying companies will help change their mentality, which will be important for evaluating cyber security at the pilot phase or for avoiding companies dismissing cyber security for budgetary or lack of experience reasons. It would change the perception that Europe is not paying enough attention to cyber security and privacy in smart grids. Moreover, cyber security and privacy would be treated as a whole and not as two separate disciplines.

On the other hand, this legal framework would help harmonise existing policies and regulations addressing cyber security, and will be considered as a reference with which to align policies and regulations on other aspects. This would be the case of those promoting smart meter roll-outs or the integration of different energy types (e.g. heat, gas and electricity) at the metering infrastructure. In combination with other recommendations provided in this document, this new framework will ensure a minimum level of harmonisation on security and resiliency requirements across Member States, establishing the basis to allow National Regulatory Authorities (NRAs) to effectively measure security and to make comparisons among different companies.

 

To read the full content,
please download the PDF below.