EXPERT CONSULTATION “CYBER SECURITY IN ELECTRIC POWER ENGINEERING”

The workshop “Cybersecurity in Electric Power Utilities” was held on October 17th in Tehnološki park, Ljubljana.

NC CIGRE Slovenia has organized the workshop with selected topics and presentations on Cybersecurity issues in Electric Power Utilities (EPU). Cybersecurity became one of the crucial segments of modern ICT networks and systems in EPU’s, with the goal to protect critical assets and services in EPU’s from the growing cybersecurity threats and risks. A number of examples in recent years show the exposure of the EPUs towards cybersecurity issues. On the other side the development of technology, services and processes give a lot of possibilities to develop cybersecurity strategies in EPUs. The goal of the initiative from Slovenian NC CIGRE is to raise awareness to Cybersecurity topics among different expert public, not only ICT, as the topic became relevant for different departments inside EPUs, including the top management.

The structure of the workshop was divided into three sections and the round table held at the end of the workshop. Each section contained three presentations. After the introductory speech, held by Mr. Marko Hrast, chairman of the Slovenian NC CIGRE the following presentations were carried out by following presenters:

1. A look at cyber security in electricity from the perspective of government institutions; Gorazd Božič, SI-CERT

2. Model for evaluation of cybersecurity; dr. Janez Stergar, The Energy Agency in the Slovenian energy market

3. Cyber Security in Power Systems in the CIGRE WG Working Group D2.46 (Cybersecurity: future threats and impact on Electric Power Utility organizations and operations); Janko Kersnik, Smart Com

4. Concepts of providing cyber security in OT systems; Andrej Matko, ELES

5. Security challenges in IT/OT convergence; dr. Alenka Kolar, Elektro Ljubljana

6. Access to the IT resources using Role-based access control (RBAC) and identity management; Janez Bartol and Andrej Souvent, Milan Vidmar Electric Power Research Institute

7. Specifics of cyber security in energy companies; dr. Ciril Kafol – Informatika d.d., Marko Zavadlav – UnistarPro, Uroš Majcen – S&T Slovenia

8. Nokia’s view on cyber security in power utilities; Dominique Verhulst, Nokia

9. The Security Operations Center – lessons learned; Metod Platiše, Telekom Slovenije

The workshop summaries presented by Peter Ceferin, chairman of Slovenian CIGRE D2 SC, are the following:

1. The field of cyber security has become an inseparable part or a segment that needs to be taken into account in the development of the information and communication infrastructure in the electric power utilities with the introduction of new technologies, solutions and services based on ICT.

2. Examples in recent years, analyzes of the electric power segment exposure to cybersecurity risks and the development of technology require a systematic approach in the electricity sector, taking into account the regulatory frameworks, guidelines they provide and standards by the regulatory and standardization bodies.

3. The legislation on cyber security (the Law on Information Security) also affects the area that relates to the EPUs, so it will be necessary in the future to follow and introduce the necessary solutions and measures that will follow the defined requirements.

4. For the successful further development of information security in EPUs, it is not enough only technological progress, but also awareness of all stakeholders on the need for deployment and the implementation of cyber security measures in both IT and OT environments. The introduction of new organizational approaches is needed and introductory of the rules to ensure protection of critical electrical energy infrastructure against cybersecurity risks and threats.

5. The Slovenian electricity system is interconnected at the Slovenian national level and integrated into the regional and European electricity network. We must be aware that even potential incursions into smaller systems, such as the Slovene in the future, can lead to incidents of wider dimensions, so cooperation in this environment will also be of crucial importance.

6. The security operational centers (SOC) are essential for the systematic management of information security, and it is necessary to enable the further development of these mechanisms and structures to be introduced into implementations inside EPUS.

7. Particular attention in the future must be directed towards the development of professional personnel in the field of cyber security, for this purpose efforts should be made in EPUS, at both Slovenian universities and industry.

8. The role of the Slovenian NC CIGRE is to promote professional discussion, active cooperation within the international CIGRE, and transfer knowledge and orientations to the Slovenian electricity environment. We encourage ICT and cyber security experts to cooperate with new ideas and approaches that would contribute to development and improvement in this field. The next major event will be the 14th conference of Slovenian CIGRE-CIRED Association, May 2019 in Laško. The field of cybersecurity is a priority topic in D2 SC, and authors of articles from this area are invited to participate.

Detailed conclusions were also publiched in ELECTRA newsletter from CIGRE Paris. 

INVITATION

to the Expert Consultation on

“Cyber Security in Electric Power Engineering”

October 17th 2018

8:30 am – 16:00 pm

Tehnoloski park 19, building B, ground floor, lecture room

The security of information systems and related elements in the energy sector is becoming an increasingly important topic every day. The interest in this topic was particularly heightened after the events of December 2015, when cyber-attacks in SCADA systems of Ukrainian electricity distributors occurred. In order to protect themselves from unwanted intrusions, experts are looking for new solutions and approaches every day, not only in the world, but also in Slovenia. At the expert consultation on “Cyber Security in Electric Power Engineering” we will present to the participants of the consultation the daily threats faced by electricity companies, new technologies in this field, user practices, the establishment of elements of cyber security and much more.

Consulation will be presented in 3 main topics:

• Lectures from Slovenian companies working on cyber security
• Lectures from the perspective of electric Power Companies in relation to the cyber security and smart grids
• Lectures from companies, that develop and offer solutions on cyber security

Participation for the members of the Slovenian NC CIGRE-CIRED is free of charge!
Parking is available around the building B and C at Tehnoloski park and across the street on the pebble parking area.

Registration available here.