Enedis manages the public electricity distribution network for 95% of continental France including 1.4 million km of network, and more than 31 million “Linky” smart meters. Enedis is also a major investor in smart grids and the integration of renewable energy. Cybersecurity is a strategic issue for Enedis to guarantee the continuity of electricity serving 37 million customers. Advanced security expertise Enedis joins ENCS in a year where many transformations in the European DSO cybersecurity sector are underway: the upcoming European Network Code Cybersecurity, the revision of NIS & REC Directive, the ambitious ENISA’s schemes development program. ENCS already works with a great number of electricity grid operators across Europe, sharing knowledge and expertise, providing security testing, consultancy, and training services. With Enedis joining, a big step in harmonising best practices throughout Europe is at hand as well as the opportunity for ENCS members and stakeholders to benefit from Enedis’ advanced security expertise. Enhancing cybersecurity Cybersecurity is a particularly demanding field that requires constant questioning of its practices and knowledge Anjos Nijk, Managing Director, ENCS, comments, “Enedis is Europe’s largest DSO with sophisticated cybersecurity expertise. By joining ENCS, it underscores its commitment to improving cybersecurity even further. Enedis and ENCS together bring a wealth of expertise and experience to the table that European society as a whole will benefit from.” Bernard Cardebat, Executive Cybersecurity Director, Enedis, comments, “Cybersecurity is a particularly demanding field that requires constant questioning of its practices and knowledge. ENCS has developed solid expertise in the field of cybersecurity for DSOs, which will help us to further strengthen our practices.” “I am thrilled that Enedis is joining the ENCS community made up of many European DSOs of different sizes. Creating links and working together will foster lasting dialogues and trust between cybersecurity actors. And where trust grows, cybersecurity will grow.”
ENCS, the European Network for Cyber Security, and E.DSO, the European Distribution System Operators’ Association, announced the launch of security requirements for Distribution Automation (DA) of Remote Terminal Units (RTUs). This is the third in a series of security guidelines for a smarter and more secure energy network, after ENCS and E.DSO previously released security requirements for electric vehicle charging points and smart metres. These requirements are an important tool in improving and harmonising the security of data collection and analysis for utilities across Europe, helping to build a more resilient network. Practical considerations The requirements provide European distribution system operators (DSOs) with a defined set of practical considerations for procuring secure RTUs and are a significant step forward to industry wide requirements. These requirements have been split into various parts: DA-201-2019: Security architecture for distribution automation systems (for ENCS members only) DA-301-2019: Security requirements for procuring DA RTUs (Public) DA-401-2019: Security test plan for distribution automation RTUs (Public) ENCS has been active in Distribution Automation security since 2015, where it started analysing vulnerabilities in architectures and systems. Smoother procurement process This would be a huge step forward to ensuring security of critical European energy grids and infrastructure" The DA requirements were developed for all members and used first by Enexis, where they allowed for a secure DA system and a smoother procurement process, delivered at only a marginal extra cost. ENCS also developed a test plan to verify the correct implementation of the security requirements in a standardised manner. By standardising the test plan, test results can be more easily shared between grid operators. Roberto Zangrandi, Secretary General of E.DSO, stated: “These requirements are not only key to the long-term vision of our work with ENCS, but lay a strong foundation for an industry-wide set of recommendations. This would be a huge step forward to ensuring security of critical European energy grids and infrastructure, which can only really be achieved through a collaborative effort between DSOs and cybersecurity experts.” Harmonised and synchronised set of requirements Anjos Nijk, Managing Director of ENCS, stated: “Up until now, Europe has had disparate security requirements due to a scattered approach. However, this work we are doing with E.DSO has allowed for a harmonised and synchronised set of requirements, which will enable manufacturers to implement security cost effectively.” “If these are used by DSOs across Europe it incentivises manufacturers to respond adequately and improve security proactively. This then helps raise security standards across the industry. We aim to replicate this approach in other areas where the industry needs to structurally increase and harmonise security levels.” The new requirements build on ENCS and EDSO’s memorandum of understanding signed in 2016.