encs/nec research meeting -...

ENCS/NEC RESEARCH MEETING

Benessa Defend

ベネッサ・ディフェンド

Benessa.Defend@encs.eu

April 21, 2014

NEC, Kawasaki

1

PARTNERING FOR CYBER

RESILIENCE

We create and bring together knowledge and resources

to secure European critical infrastructures

2

ENCS: THE HAGUE

- Confidential - 3

ENCS COOPERATIVE ASSOCIATION

• ENCS is independent, not for profit and driven by member

benefits

• Members include owners of critical infrastructures, their

suppliers, academia and regulators

• ENCS provides the network, knowledge and resources

to comply with cyber security regulation and to

stay ahead in cyber security developments

• ENCS creates practical solutions to solve

problems of critical infrastructure owners

4

10 members and partners:

Alliander

KPN

DNV KEMA

Radboud University

TNO

E.ON

Enexis

Westland Infra

Wurldtech

Applied Risk

ORGANIZATION

Research

& Development

Research

& Development

Cyber

Testing

Cyber

Testing

Education

&

Training

Education

&

Training

Information &

Knowledge

Sharing

Information &

Knowledge

Sharing

HR, Finance,

ICT,

Marketing

HR, Finance,

ICT,

Marketing

HR, Finance,

ICT, Marketing

HR, Finance,

ICT, Marketing

ENCS Assembly Committee ENCS Assembly Committee

CEO Office CEO Office

Projects Projects

ENCS Assembly ENCS Assembly

5

PARTNERS WITHIN PROJECTS

6

RESEARCH & DEVELOPMENT

7

ENCS R&D PRINCIPLES

• Dedicated R&D competence in security for ICS and

smart grids

• Research agenda in collaboration with industry and regulators; continuously matched with member needs

• Researchers work on member projects, standardisation groups, advice to regulators etc.

• Integration with test lab and shared projects to push solutions from paper to practice

8

R&D RESEARCH AGENDA

Smart Grid Architecture Model Framework

9

• Security architectures for the smart grid

• Protocol design and analysis

• Testing and attestation methods

• Dependability and security

• Security on constrained devices

• Situational awareness and monitoring

• Privacy by design

PROJECTS

• Recommendations for Europe on SCADA patching, published

by ENISA

• Cyber Security: A Fundamental Basis for Smart Grids

– Monitoring

– Testing

– Privacy

– Standards

• Analysis of smart meter protocols

– DLMS/COSEM

– PRIME

10

FP7 PROJECT: AMADEOS

• Architecture for Multi-criticality Agile Dependable Evolutionary

Open Systems-of-Systems (2013-2016)

• Design methodology and tools to model the development and

evolution of time-sensitive systems of systems (SoS) with

possible emergent behaviors

• Methodology and SoS simulation tools will be tested as part of

a smart grid scenario

• ENCS will lead the task to test the tools and protocols on

smart grid components

• http://amadeos.imag.fr

11

AMADEOS CONSORTIUM

Number Participant organisation name Country

1 Università degli Studi di Firenze Italy

2 Technische Universitaet Wien Austria

3 University of Grenoble France

4 ResilTech Italy

5 Thales Netherlands Netherlands

6 European Network for Cyber Security Netherlands

- Confidential - 12

FP7 PROJECT: PREEMPTIVE

• PREventivE Methodology and Tools to Protect utilitIEs (2014-2017)

• Aims to prevent cyber attacks against ICSs in utility networks

• Develop a context-aware event analysis tool based on specialized

event mining techniques for detecting anomalous behavior

• Execute tests of the PREEMPTIVE tools, analyze the results based

on KPIs, and coordinate dissemination activities

• End User Advisory Board: Israel Electric Corporation, Fundacio

Institut De Recerca De L'Energia De Catalunya, Électricité de

France, ENERGO, CETaqua, GAS Natural Fenosa, and Poste

Italiane

• http://preemptive.eu/

13

PREEMPTIVE CONSORTIUM

14

Number Participant organisation name Country

1 Vitrociset Italy

2 UNIVERSITEIT TWENTE Netherlands

3 SECURITY MATTERS Netherlands

4 APLICACIONES EN INFORMATICA AVANZADA Spain

5 Fraunhofer-Gesellschaft Germany

6 HW Communications UK 7 Università Degli Studi Roma Tre Italy

8 European Network for Cyber Security Netherlands

9 The Israel Electric Corporation Israel

10 Katholieke Universiteit Leuven Belgium 11 Fundacio Institut de Recerca de l’Energia de Catalunya Spain

12 Harnser UK

FP7 PROJECT: SEGRID

• Security for smart Electricity GRIDs (2014-2017)

• Protect smart grids against cyber attacks

• Risk analysis of the SEGRID use cases

• Gap analysis - currently available security standards and the

security level required for the SEGRID use cases

• Improve existing security measures, design new security

solutions and integrate them into the existing environments

• Test the newly developed security solutions in the Security

Integration Test Environment (SITE)

• Starting June 2014

15

SEGRID CONSORTIUM

Number Participant organisation Country

1 TNO Netherlands

2 Swedish Institute of Computer Science Sweden 3 Kungliga Tekniska högskolan Sweden 4 Instituto Consultivo para el Desarrollo Spain 5 European Network for Cyber Security Netherlands 6 Liander Netherlands 7 ABB Schweiz Switzerland 8 ABB AS corporate research Norway 9 Foundation of the Faculty of Sciences of

Lisbon University Portugal

10 Energias de Portugal Portugal

11 ZIV Metering Solutions Spain

16

SEGS WORKSHOP 2014

• Smart Energy Grid Security (SEGS) Workshop

• Topics include

– Smart grid architectures

– Security and dependability in safety-critical real time systems

– Privacy

– Intrusion detection and monitoring

– Risk and threat analysis

– Standards, testing, and certification

– Testbeds and field trials

– Usability and legal issues on grid security

• November 7, 2014 in Scottsdale, Arizona

• In conjunction with ACM Computer and Communications Security Conference

17

COLLABORATION WITH JAPAN

• MOU with CSSC in 2013

– Research

– Testing

– Training

– News and information sharing

• Tomomi Aoyama, Intern from Nagoya Institute of Technology

2013-2014

– Human factors in ACSC (red team/blue team training)

– Professor Ichiro Koshijima

• Mr. Yoshimatsu (CSSC) – SEGS PC 2013, 2014

• CSSC and NIT joined ACSC in The Hague

18

DENSEK

• Distributed ENergy SEcurity Knowledge

• Deliverables

– European Energy ISAC

– Situation Awareness Network

– Information Sharing Platform

• 6-person delegation from NL to Japan April 17-18, 2014

• External Advisory Board Meeting at CSSC Tokyo on April 17

– Uemura-san (METI) EAB member

• Visit to CSSC in Tagajo on April 18

• http://www.densek.eu/

19

Policy and Organisation Assessments (e.g., DoE Maturity Model) Policy and Organisation Assessments (e.g., DoE Maturity Model)

TEST LAB ACTIVITIES

20

Security and Robustness Tests for Devices (e.g., Wurldtech Certification)

Security and Robustness Tests for Devices (e.g., Wurldtech Certification)

Integral End-to-End Test of Systems

Integral End-to-End Test of Systems

Protocol Reviews and Architecture Assessments Protocol Reviews and Architecture Assessments

Test of Research Prototypes and Security Solutions

Test of Research Prototypes and Security Solutions

ENCS ADVANCED

CYBER SECURITY COURSE

• A 5-day advanced cyber security course with a Red Team

Blue Team exercise on a real ICS network

• By attacking or defending a model factory and its network,

participants learn how hackers operate and what you can do

to stop them

• ENCS Advanced Cyber Security Course went live

in Q3 2013

21

WEB-BASED TRAINING

• A 5-module cyber security awareness course for smart grids

and ICS

• Collaboration with Wurldtech

• Launched in 2013

• An official ENCS certificate is provided after successful

completion of the exam

• C-level course in development

22

EXTRA SLIDES

23

PRIVACY ENHANCING

TECHNOLOGIES

24

END-TO-END TESTING

• Test bed for ICS and smart grid networks

– From device/protocol tests to system-wide tests

• Test environment where components, products and systems

can be tested in a real-life environment

• Advice on how to mitigate found vulnerabilities

• Bringing research findings from paper into practice

25

EDUCATION AND TRAINING

• ENCS develops and provides education and training to all

levels across the organisations involved in the critical

infrastructures

• ENCS offers the Advanced Cyber Security Course, web-

based training and customized workshops

• ENCS Research, third party specialists and subject matter

experts participate in training development and delivery

26

WORKING GROUPS AND

STANDARDISATION

European SCADA Control Systems

Information Exchange (EuroSCIE)

European SCADA Control Systems

Information Exchange (EuroSCIE)

Thematic Network for Critical Energy

Infrastructure Protection (TNCEIP)

Thematic Network for Critical Energy

Infrastructure Protection (TNCEIP)

Cyber Security EG: European Network

of Transmission System Operations

for Electricity

Cyber Security EG: European Network

of Transmission System Operations

for Electricity

European Reference Network

Critical Infrastructure

Protection (ERNCIP)

European Reference Network

Critical Infrastructure

Protection (ERNCIP)

European Commission DG

ENER

European Commission DG

ENER

European Commission DG INFSO/CONNECT

European Commission DG INFSO/CONNECT

European Commission DG

HOME

European Commission DG

HOME

Smart Grid Task Force Steering

Committee

Smart Grid Task Force Steering

Committee

M/490 Smart Grid Coordination

Group

M/490 Smart Grid Coordination

Group

Expert Group on Smart Grid

Security

Expert Group on Smart Grid

Security

DG HOME CIIP for SCADA and the

Smart Grid

DG HOME CIIP for SCADA and the

Smart Grid

M/490 Grid Steering

Committee

M/490 Grid Steering

Committee

EUTC EUTC NIS PLATFORM NIS PLATFORM

NIST NIST DECC DECC

Expert Group 2 Data Privacy and

Cyber Security

Expert Group 2 Data Privacy and

Cyber Security

M/490 Working Group for Smart Grid Information

Security (WG SGIS)

M/490 Working Group for Smart Grid Information

Security (WG SGIS)

ETSI ETSI

CEN CEN

CENELEC CENELEC

STEG STEG

Europe

Stand

adisatio

n

Expert Group Minimum Security

Requirements

27