A European critical national infrastructure (CNI) security organisation has welcomed National Grid as its first UK member, saying the UK’s transmission system operator (TSO) is among Europe’s “most sophisticated” in terms of cybersecurity posture, and its membership will boost knowledge sharing.
The European Network for Cyber Security (ENCS) is a member-led organisation that works to boost the security of EU energy grids and infrastructure in the face of hyperactive probing by bad actors, and, arguably, distinctly half-baked regulation that fails to penalise manufacturers for insecure components.
See also: New IoT Security Regulations: The Devil’s in the Detail
Among other efforts, ENCS has baked security requirement guidance into procurement cycles across its membership base and developed testing capabilities to risk-assess things like smart metres; this has now expanded to other areas of the grid, like distribution automation and other tools.
(ENCS’s Managing Director Anjos Nijk told Computer Business Review this week that the procurement approach had been taken after initial attempts by TSOs and others to emphasise security flaws in upstream vendors’ hardware and software had drawn a decidedly unhelpful response from many: “They [vendors] were not very open”, he said. “They pushed back…”)
See also: Critical Infrastructure Security: “The NIS Directive Sucks”
Paul Lee, an engineering manager for cyber and control systems at National Grid said in a statement shared by ENCS: “We have robust cybersecurity measures in place across all our operational infrastructure and IT to protect against cyber threats, but our membership will help us to benefit from ENCS knowledge base as we share information with other members, contributing to increased protection across all critical infrastructure”.
ENCS’s MD Nijk told Computer Business Review: “Grid infrastructure has evolved with dramatic speed. Partnering with domain operators to build an expert pool is vital to our members need to be fast and effective [in building up their security] instead of waiting for regulations”.
“National Grid already ranks among the most sophisticated TSOs in terms of cyber security, and by joining ENCS, it demonstrates its commitment to that improving even further” he said in a canned statement.
He added: “With National Grid joining our network, we deepen our ties with this crucial layer of critical energy infrastructure, as well as expanding the network more substantially into the UK and gas markets.
“The energy sector is only becoming more interconnected, and it is vital those of us looking to protect it do the same.”