EU CIP Project DENSEK. Joining forces against cyber threats on European level

Transcription

1 EU CIP Project DENSEK Joining forces against cyber threats on European level

2 DENSEK EU CIP Objectives Improving the resilience of the energy infrastructure i.e. improving the security of the Smart Energy Grid How? 1. Joining forces at European Level 2. Involving the whole energy supply chain 3. Improving the know how & awareness of all stakeholders

3 Consortium partners Security Industry Energy Utilities Research/Academia Facilitating partner

4 Alliander is a Distribution System Operator

5 Alliander is a Distribution System Operator Electricity distribution Customers: 3,4 million Grid: km Stations (sub, distribution): Gas distribution Customers: 2,6 million Grid: km Stations (sub, distribution): Company 12 Billion asset value 1.6 Billion revenues 400 Million Investment / Annum FTE KPI, Performance 20.4 SVBM (outage time in minutes per end user)

6 Development of the intelligent grid

7 We change our substations into remote locations

8 What is our worst nightmare scenario?

9 Alliander Cyber Resilience vision Alliander resilience vision*: Alliander is a resilient organization capable of anticipating and responding on a range or threats against her mission Alliander security vision: Protecting the mission of Alliander and her stakeholders by securing our crown jewels against intentionally caused damage through human actions * Underwriting the WEF resilience principles

10 Alliander Situational Awareness vision

11 Deliverables European Energy ISAC Information Sharing Platform Situational Awareness Network

12 European Energy ISAC A trusted Information Sharing and Analysis Center Focus on cyber security within the energy branch Members are stakeholders within the energy supply chain Monitors cyber security within the branch Gathers analyses of events Provides information and education

13 European Energy ISAC Utilities Stakeholders of the Energy Supply Value Chain Vendors Research/ Academia Government/ International Agencies Standardization Organizations

14 Why? Value propositions Share Data/Information/ Knowledge to increase the security level of their infrastructure Improve one s own portfolio of products/services Added Value Promote innovation, understanding the needs of the industry to better define its strategic research, from one hand, and advertising their portfolio of knowledge and services to the other members Improve the security level of Critical Infrastructures by means of appropriate legislation and governance processes Improve the process of standardization

15 Information Sharing Platform Portal for the European Energy ISAC Communication channel for ISAC members Facilitates info sharing through periodical reports, newsletters, webinars, etc. Facilitates E-learning

16 Main functionalities Social kind: Forums / Q&A Messages / News Notification of updates as soon as possible Information Sharing Platform More technical: Technical reports (Anonymous) Raw data from system monitors Configurations, workarounds, tech recipes, (Controlled) Integration with other platform, like operators dashboards

17 Situational Awareness Network Optional service for DENSEK members European Network for participating members Integrating existing Awareness Networks in place at participating members 24/7 monitoring on occurence of cyber threats or attacks Immediate alerts upon on any occurence to all participating members

18 Creating Situational Awareness Situational Awareness is created by extracting information about the industrial processes, people and the lower network layer (SCADA & Process control) by a network of sensors and systems - the Situational Awareness Network (SAN) The information is processed and displayed on the Situational Awareness Dashboard

19 Network Analyzer Situational Awareness Network SA Dashboard SIEM & Correlation Signature- and non-signature based NIDS Other analysis tools and sensor SAN of member X Network feed

20 Network Analyzer Network Analyzer Network Analyzer Network Analyzer Sharing with ISAC European Energy ISAC Information Sharing Platform SA Dashboard SIEM SA Dashboard SIEM Signature NIDS Non-sig. NIDS Sig. NIDS Non-sig. NIDS Log Analy. Malw. Analy. SAN member A SAN member D SA Dashboard SA Dashboard SIEM SIEM Log Analyzer Non-sig. NIDS Sig. NIDS Log Analy. Non-sig. NIDS SAN member B SAN member C

21 Roadmap Timetable European ISAC Live 2. Sit. Awareness Netw. Definition Development Testing Live 3. Info Sharing Platform Dissemination Definition Development Testing Live Reporting

22 International collaboration is crucial!! Johan Rambi : Alliancemanager Privacy & Security Telephone : johan.rambi@alliander.com