smart grid in the critical national infrastructure
TRANSCRIPT
![Page 1: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/1.jpg)
Smart grid in the Critical National Infrastructure
Ollie Whitehouse, Technical Director - NCC Group
NCC Group Technical Security Consulting
NCC Group Risk Management & Governance
![Page 2: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/2.jpg)
Agenda
Managing the interface with government
Regulatory bodies – what are they doing?
Interoperability and standardisation
Managing the security of interconnections
![Page 3: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/3.jpg)
Before we begin
-v-
![Page 4: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/4.jpg)
Why interface with government?
Get guidance early on
Gain situational awareness
Gain insight from peers
Provide feedback and insight
Ensure ongoing operational preparedness
![Page 5: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/5.jpg)
Interfaces with government
![Page 6: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/6.jpg)
Managing the interface with government
https://www.cert.gov.uk/
https://www.cert.gov.uk/cisp/
https://www.cpni.gov.uk
SCADA andControlSystemInformationExchange
![Page 7: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/7.jpg)
Managing the interface with government
https://www.cpni.gov.uk/advice/cyber/scada/
primarily developed 2008 - 2011
![Page 8: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/8.jpg)
Managing the interface with government
https://www.cesg.gov.uk/servicecatalogue/Product-Assurance/CPA/Pages/Security-Characteristics.aspx
![Page 9: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/9.jpg)
Regulatory bodies – what are they doing?
Department of Energy & Climate Change (DECC) sets policy and legislative framework for UK networks.
- including Energy Emergencies Executive Committee (E3C)
OFGEM benefits from UK Regulators Network
- including cyber
Both sit in Smart Grid Forum
https://www.ofgem.gov.uk/press-releases/uk-regulators-launch-new-network-bring-cross-sector-regulation-closer-together
ENA Energy Network Cyber Security Forum (ENCSF)
![Page 10: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/10.jpg)
Regulatory bodies – what are they doing?
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/386626/E3C_Annual_Report_2014.pdf
December 2014 report
![Page 11: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/11.jpg)
Regulatory bodies – what are they doing?
http://www.parliament.uk/documents/lords-committees/science-technology/Resilienceofelectricityinfrasrtucture/CfEResilienceofElectricityInfrastructure.pdf
Launched July 2014
![Page 12: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/12.jpg)
Regulatory bodies – what are they doing?
http://www.parliament.uk/documents/lords-committees/science-technology/Resilienceofelectricityinfrasrtucture/Resilienceofelectricityinfrastructureevidence.pdf
Over 600 pages and cyber mentioned 68 times
![Page 13: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/13.jpg)
Regulatory bodies – what are they doing?
http://www.energynetworks.org/modx/assets/files/news/consultation-responses/Consultation%20responses%202014/House%20of%20Lords%20Committee%20Inquiry%20into%20Electricity%20Network%20Resilience%20-%20ENA%20Submission_2014.pdf
![Page 14: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/14.jpg)
Interoperability and standardization
CEN = European Committee for Standardization
CENELEC = European Committee for Electro-technical Standardization
ESTI = European Telecommunications Standards Institute
http://www.smartgrids.eu/CEN-CENELEC-ETSI
![Page 15: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/15.jpg)
Interoperability and standardization
http://www.energynetworks.org/modx/assets/files/electricity/engineering/Standards/SGCG%20Reports%20071014/SGCG_WGSGIS_Sec0078_INF_ReportforComments.pdf
over 90 pages
![Page 16: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/16.jpg)
Interoperability and standardization
http://www.energynetworks.org/modx/assets/files/electricity/engineering/Standards/SGCG%20Reports%20071014/SGCG_WGSGIS_Sec0078_INF_ReportforComments.pdf
![Page 17: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/17.jpg)
Interoperability and standardization
http://www.energynetworks.org/modx/assets/files/electricity/engineering/Standards/SGCG%20Reports%20071014/SGCG_WGSGIS_Sec0078_INF_ReportforComments.pdf
![Page 18: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/18.jpg)
Interoperability and standardization
http://www.energynetworks.org/modx/assets/files/electricity/engineering/Standards/SGCG%20Reports%20071014/SGCG_WGSGIS_Sec0078_INF_ReportforComments.pdf
![Page 19: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/19.jpg)
Interoperability and standardization
http://www.energynetworks.org/modx/assets/files/electricity/engineering/Standards/SGCG%20Reports%20071014/SGCG_WGSGIS_Sec0078_INF_ReportforComments.pdf
![Page 20: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/20.jpg)
Managing the Security of Interconnections
Prevent: design, build, test, sustain
Detect: changes in posture and active attacks
Respond: monitor and/or mitigate
![Page 21: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/21.jpg)
Managing the Security of Interconnections
http://www.amazon.co.uk/Software-Security-Austerity-security-development-ebook/dp/B007H76ABC
![Page 22: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/22.jpg)
Managing the Security of Interconnections
http://www.amazon.co.uk/Software-Security-Austerity-security-development-ebook/dp/B007H76ABC
![Page 23: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/23.jpg)
Managing the Security of Interconnections
Contractual terms
Vendors/suppliers and their supply chains
- ability to receive vulnerability data
- set expectation that it will be pushed to you
Interconnect partners
- can’t be trusted all the time – avenue of attack
- information sharing agreements and/or forums
![Page 24: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/24.jpg)
Managing the Security of Interconnections
![Page 25: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/25.jpg)
Conclusions
We have only scratched the surface
Focus on:
• Considering cyber from the outset
• Building relationships
• Consuming the vast amount of information already available
• Sharing experiences
• Sharing intelligence
• Accept that cyber is a shared problem
…
![Page 26: Smart grid in the Critical National Infrastructure](https://reader030.vdocuments.us/reader030/viewer/2022032619/55c39699bb61eb83338b473d/html5/thumbnails/26.jpg)
Europe
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Milton Keynes
Amsterdam
Copenhagen
Munich
Zurich
North America
Atlanta
Austin
Chicago
Mountain View
New York
San Francisco
Seattle
Australia
Sydney
Thanks! Questions?
Ollie [email protected]