Overview and Improvement of Procedures and Practices of Electricity Transmission System Operators in South East Europe to Mitigate Cybersecurity Threats
Abstract
:1. Introduction
1.1. Background on Cybersecurity Issues in Power Systems
1.2. Current Issues Related to Cybersecurity of TSOs in SEE
2. Methods
2.1. Legislation
2.2. Cybersecurity Practices
3. Results
3.1. Analyses of the EU Legislative Framework
3.1.1. NIS Directive
3.1.2. Cybersecurity Act
3.1.3. Blueprint for Rapid Emergency Response
3.1.4. Critical Infrastructure Directive
3.1.5. Clean Energy Package
3.1.6. Recommendation on Cybersecurity in the Energy Sector
3.2. Further Developments of the Legislation in the EU
3.3. Analyses of the Legislative Frameworks in the Western Balkans
3.4. Analyses of the Obligations of TSOs in SEE Emerging from the Current Legislative Frameworks
Incident Notification and Reporting Process
3.5. Analyses of Practices for Security of Assets and CIIs
3.5.1. Risk Management of Threats
3.5.2. Mapping of Assets and Threats
3.5.3. Protection of CIIs and SCADA
4. Discussion
Proposal for Improvements of TSO Cybersecurity Practices
5. Conclusions
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
Abbreviations
BiH | Bosnia and Herzegovina |
CERT-EU | Computer Emergency Response Team for the EU institutions |
CI | Critical Infrastructure |
CII | Critical Information Infrastructure |
CP | Contracting Party |
CPPS | Cyber-Physical Power Systems |
CSIRT | Computer Incident Response Teams |
ECI | European Critical Infrastructure |
EE-ISAC | European Energy – Information Sharing and Analysis Centre |
EMS | Energy Management Systems |
EnC | Energy Community |
ENISA | European Union Agency for Cybersecurity |
EU | European Union |
EU-DSO | EU distribution system operators’ entity |
ENTSO-E | European Network of Transmission System Operators for Electricity |
ICS | Industry Control Systems |
ICT | Information and communication technologies |
OES | Operator of Essential Services |
MS | Member State |
NCA | National Competent Authority |
NIS | Network and Information Systems |
SADA | Supervisory Control and Data Acquisition |
SEE | South East Europe |
SPOC | Single Point of Contact |
TSO | Transmission System Operator |
References
- Krkoleva Mateska, A.; Krstevski, P.; Borozan, S. Overview and Improvement of Procedures and Practices of Electricity Transmission System Operators in South East Europe to Mitigate Cybersecurity Threats. In Proceedings of the 15th Conference on Sustainable Development of Energy, Water and Environment Systems (SDEWES), Cologne, Germany, 1–5 September 2020. paper ID 0620. [Google Scholar]
- Yohanandhan, R.V.; Elvarasan, R.M.; Manoharan, P.; Mihet-Popa, L. Cyber-Physical Power System (CPPS): A Review on Modeling, Simulation, and Analysis with Cyber Security Applications. IEEE Access 2020, 8, 151019–151064. [Google Scholar] [CrossRef]
- Krkoleva Mateska, A.; Krstevski, P.; Borozan, S. Cybersecurity Protection and Defence Measures in the Electricity Transmission Networks in South East Europe. In Proceedings of the ICEST 2019, Ohrid, North Macedonia, 27–29 June 2019. Available online: https://icestconf.org/wp-content/uploads/2019/09/Proceeding_ICEST_2019.pdf (accessed on 16 May 2021).
- CROSSBOW Project. Available online: http://crossbowproject.eu/ (accessed on 10 April 2020).
- Desarnaud, G. Cyber Attacks and Energy Infrastructures: Anticipating Risks, Études de l’Ifri, January 2017. Available online: https://www.ifri.org/en/publications/etudes-de-lifri/cyber-attacks-and-energy-infrastructures-anticipating-risks (accessed on 20 March 2020).
- Hossain, M.M.; Peng, C. Cyber–physical security for on-going smart grid initiatives: A survey. IET Cyber-Phys. Syst. Theory Appl. 2020, 5, 233–244. [Google Scholar] [CrossRef]
- Livingston, S.; Sanborn, S.; Slaughter, A.; Zonnenveld, P. Managing Cyber Risk in the Electric Power Sector: Emerging Threats to Supply Chain and Industrial Control Systems, Delloite. Insight. 2018. Available online: https://www2.deloitte.com/content/dam/insights/us/articles/4921_Managing-cyber-risk-Electric-energy/DI_Managing-cyber-risk.pdf (accessed on 10 April 2020).
- ENISA. The Cost of Incidents Affecting CIIs, Systematic Review of Studies Concerning the Economic Impact of Cyber-Security Incidents on Critical Information Infrastructures (CII), August 2016. Available online: https://www.enisa.europa.eu/publications/the-cost-of-incidents-affecting-ciis (accessed on 20 April 2020).
- Borges Hink, R.C.; Beaver, J.M.; Buckner, M.A.; Morris, T.; Adhikari, U.; Pan, S. Machine learning for power system disturbance and cyberattack discrimination. In Proceedings of the 7th International Symposium on Resilient Control Systems (ISRCS), Denver, CO, USA, 19–21 August 2014; pp. 1–8. [Google Scholar]
- ENISA. Communication Network Dependencies for ICS/SCADA Systems, February 2017. Available online: https://www.enisa.europa.eu/publications/ics-scada-dependencies (accessed on 10 April 2020).
- Daugulis, A. Cyber Security from TSO Perspective; Riga Workshop; USAID, NARUC: Washington, DC, USA, 2018. [Google Scholar]
- Jimada-Ojuolape, B.; Teh, J. Impact of the Integration of Information and Communication Technology on Power System Reliability: A Review. IEEE Access 2020, 8, 24600–24615. [Google Scholar] [CrossRef]
- ENSA. Main Incidents in the EU and Worldwide (January 2019–April 2020), October 2020. Available online: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-main-incidents (accessed on 10 December 2020).
- Krkoleva, A.; Borozan, V.; Krstevski, P.; Borozan, S. D8.4 Cyber Security Communication Procedures and Impact of Disruption Events. V1.0. May 2020. CROSSBOW Project, H2020-773430. Available online: http://crossbowproject.eu/deliverable-8-4/ (accessed on 6 March 2020).
- Soltan, S.; Yannakakis, M.; Zussman, G. Power grid state estimation following a joint cyber and physical attack. IEEE Control. Netw. Syst. 2018, 5, 499–512. [Google Scholar] [CrossRef]
- Lee, R.M.; Assante, M.J.; Conway, T. Analysis of the Cyber Attack on the Ukrainian Power Grid; SANS Industrial Control Systems & E-ISAC: Washington, DC, USA, 2016; Available online: https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf (accessed on 6 March 2020).
- Teixeira, A.; Amin, S.; Sandberg, H.; Johansson, K.H.; Sastry, S.S. Cyber security analysis of state estimators in electric power systems. In Proceedings of the 49th IEEE Conference on Decision and Control (CDC), Atlanta, GA, USA, 15–17 December 2010; pp. 5991–5998. [Google Scholar]
- Ashok, A.; Wang, P.; Brown, M.; Govindarasu, M. Experimental evaluation of cyber-attacks on automatic generation control using a CPS security testbed. In Proceedings of the IEEE Power & Energy Society General Meeting, Denver, CO, USA, 26–30 July 2015; pp. 1–5. [Google Scholar]
- Mohan, A.M.; Meskin, N.; Mehrjerdi, H. A Comprehensive Review of the Cyber-Attacks and Cyber-Security on Load Frequency Control of Power Systems. Energies 2020, 13, 3860. [Google Scholar] [CrossRef]
- Xie, L.; Mo, Y.; Sinopoli, B. Integrity data attacks in power market operations. IEEE Trans. Smart Grid 2011, 2, 659–666. [Google Scholar] [CrossRef]
- Ayad, A.; Farag, H.; Youssef, A.; El-Saadany, E. Cyber–physical attacks on power distribution systems. IET Cyber-Phys. Syst. Theory Appl. 2020. [Google Scholar] [CrossRef]
- Sukumara, T.; Sudarsan, S.D.; Starck, J.; Vittor, T.R. Cyber security—Security strategy for distribution management system and security architecture considerations. CIRED Open Access Proc. J. 2017, 2017, 2653–2656. [Google Scholar] [CrossRef]
- Li, L.; Wang, W.; Ma, Q.; Pan, K.; Liu, X.; Lin, L.; Li, J. Cyber attack estimation and detection for cyber-physical power systems. Appl. Math. Comp. 2021, 400, 126056. [Google Scholar] [CrossRef]
- Carter, B.; Adams, S.; Bakirtzis, G.; Sherburne, T.; Beling, P.; Horowitz, B.; Fleming, C. A Preliminary Design-Phase Security Methodology for Cyber–Physical Systems. Systems 2019, 7, 21. [Google Scholar] [CrossRef] [Green Version]
- Ngyen, T.; Wang, S.; Alhazmi, M.; Nazemi, M.; Estebsari, A.; Dehghanian, P. Electric Power Grid Resilience to Cyber Adversaries: State of the Art. IEEE Access 2020, 8, 87592–87608. [Google Scholar] [CrossRef]
- Sun, C.-C.; Liu, C.-C.; Xie, J. Cyber-Physical System Security of a Power Grid: State-of-the-Art. Electronics 2016, 5, 40. [Google Scholar] [CrossRef] [Green Version]
- Kong, P.Y. Cost efficient data aggregation point placement with interdependent communication and power networks in smart grid. IEEE Trans. Smart Grid 2019, 10, 74–83. [Google Scholar] [CrossRef]
- Yaacoub, J.-P.A.; Salman, O.; Noura, H.N.; Kaaniche, N.; Chehab, A.; Malli, M. Cyber-physical systems security: Limitations, issues and future trends. Micropro. Microsyst. 2020, 77, 103201. [Google Scholar] [CrossRef] [PubMed]
- Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems across the Union. Available online: http://data.europa.eu/eli/dir/2016/1148/oj (accessed on 12 December 2019).
- Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA and on Information and Communications Technology Cybersecurity Certification and Repealing Regulation (EU) No 523/2013, Official Journal of the European Union. 2019. Available online: http://data.europa.eu/eli/reg/2019/881/oj (accessed on 14 March 2020).
- Commission Recommendation (EU) 2017/1584 of 13 September 2017 on Coordinated Response to Large-Scale Cybersecurity Incidents and Crises, Brussles: OJ L 239. 2017. Available online: http://data.europa.eu/eli/reco/2017/1584/oj (accessed on 14 March 2020).
- Directive 2008/114/EC—Identification and Designation of European Critical Infrastructures and Assessment of the Need to Improve their Protection. Available online: http://data.europa.eu/eli/dir/2008/114/oj (accessed on 14 March 2020).
- Regulation (EU) 2019/941 of the European Parliament and of the Council of 5 June 2019 on risk-preparedness in the electricity sector and repealing Directive 2005/89/EC, Brussels: OJ L 158, 2019. Available online: http://data.europa.eu/eli/reg/2019/941/oj (accessed on 20 April 2020).
- Regulation (EU) 2019/943 of the European Parliament and of the Council of 5 June 2019 on the Internal Market for Electricity (recast), Brussels: OJ L 158. 2019. Available online: http://data.europa.eu/eli/reg/2019/943/oj (accessed on 20 April 2020).
- European Commission. Commission Recommendation of 3.4.2019 on Cybersecurity in the Energy Sector; European Commission: Belgium, Brussels, 2019. [Google Scholar]
- Cooperation Group. Reference Document on Security Measures for Operators of Essential Services, CG Publication 01/2018. Available online: https://ec.europa.eu/information_society/newsroom/image/document/2018-30/reference_document_security_measures_0040C183-FF20-ECC4-A3D11FA2A80DAAC6_53643.pdf (accessed on 16 March 2020).
- Huang, X.; Qin, Z.; Liu, H. A Survey on Power Grid Cyber Security: From Component-Wise Vulnerability Assessment to System-Wide Impact Analysis. IEEE Access 2018, 6, 69023–69035. [Google Scholar] [CrossRef]
- Da Silva, L.E.; Coury, D.V. A new methodology for real-time detection of attacks in IEC 61850-based systems. EPSR 2017, 143, 825–833. [Google Scholar] [CrossRef]
- Xiang, Y.; Wang, L.; Liu, N. Coordinated attacks on electric power system in a cyber-physical environment. EPSR 2017, 149, 156–168. [Google Scholar] [CrossRef]
- Borozan, V.; Krkoleva, A.; Krstevski, P.; Taleski, R.; Borozan, S. D3.2 Privacy and Data Protection in a Multi-Actor Environment, V1.0, February 2019. CROSSBOW Project, H2020-773430. Available online: http://crossbowproject.eu/deliverable-3-2/ (accessed on 11 March 2020).
- European Commission. COM (2019) 546 final, Report from the Commission to the European Parliament and the Council Assessing the Consistency of the Approaches taken by Member States in the Identification of Operators of Essential Services in Accordance with Article 23(1) of Directive 2016/1148/EU on Security of Network and Information Systems. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52019DC0546&from=EN (accessed on 14 March 2021).
- European Commission. Evaluation of Council Directive 2008/114 on the Identification and Designation of European Critical Infrastructures and the Assessment of the Need to Improve their Protection. 2019. Available online: https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/european-agenda-security/20190723_swd-2019-308-commission-staff-working-document_en.pdf (accessed on 16 March 2020).
- European Commission. Proposal for a Directive of the European Parliament and of the Council on Measures for a High Common Level of Cybersecurity across the Union, Repealing Directive (EU) 2016/1148, COM/2020/823 Final. 2020. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020PC0823 (accessed on 2 April 2021).
- European Commission. Proposal for a Directive of the European Parliament and of the Council on the Resilience of Critical Entities, COM/2020/829 Final. 2020. Available online: https://ec.europa.eu/home-affairs/sites/default/files/pdf/15122020_proposal_directive_resilience_critical_entities_com-2020-829_en.pdf (accessed on 2 April 2021).
- Smart Grid Task Force Expert Group 2. Recommendations to the European Commission for the Implementation of Sector-Specific Rules for Cybersecurity Aspects of Cross-Border Electricity Flows, on Common Minimum Requirements, Planning, Monitoring, Reporting and Crisis Management. Final Report June 2019. Available online: https://ec.europa.eu/energy/sites/ener/files/sgtf_eg2_report_final_report_2019.pdf (accessed on 5 April 2021).
- Procedural Act of the Ministerial Council of the Energy Community 2018/2/MC-EnC: On the Establishment of an Energy Community Coordination Group for Cyber-Security and Critical Infrastructure, 2018. Available online: https://www.energy-community.org/dam/jcr:a9163c92-fb05-40c3-a74c-acca91fe94c1/PA_02_2018_MC-EnC_CSCG_112018.pdf. (accessed on 10 March 2020).
- Blueprint Energy Solutions GmbH. Study on Cybersecurity in the Energy Sector of the Energy Community; Blueprint Energy Solutions GmbH: Vienna, Austria, 2019. [Google Scholar]
- NIS Cooperation Group. Reference Document on Incident Notification for Operators of Essential Services—Circumstances of Notification, 2018. Available online: https://energy-community.org/dam/jcr:db8e479d-b423-40c9-9ff9-998c7d9045ef/Blueprint_cyber_122019.pdf (accessed on 11 March 2020).
- NIS Cooperation Group. Guidelines on notification of Operators of Essential Services Incidents, Formats and Procedures, 2018. Available online: https://digital-strategy.ec.europa.eu/en/library/nis-cooperation-groups-guidelines-implementing-nis-directive-and-addressing-wider-cybersecurity (accessed on 12 March 2020).
- ENISA. Smart Grids Task Force EG2 Deliverable—Proposal of a List of Security Measures for Smart Grids. 2013. Available online: https://resilience.enisa.europa.eu/security-and-resilience-of-communication-networks-and-information-systems-for-smart-grids/eg2-minimum-security-measures-for-smart-grids/conference-calls/3rd-conference-call/final-document/view (accessed on 2 April 2021).
- ENISA, Threat Landscape Report. 2020. Available online: https://www.enisa.europa.eu/publications/year-in-review (accessed on 6 April 2021).
- Harsch, A.; Moulinos, K.; Seiler, A.; Skouloudi, A. Threat Intelligence Management: An EE-ISAC White Paper. 2020. Available online: https://www.ee-isac.eu/threat-intelligence-management-white-paper/ (accessed on 21 May 2021).
- Stamp, J.E.; Quiroz, J.E.; Ellis, A.; Bhagyavati, B.; Cooley, J.A.; Dahl, K.; Limpaecher, E.R. Cyber Security Gap Analysis for Critical Energy Systems. 2017; SAND2017-1785. Available online: https://www.osti.gov/servlets/purl/1494189/ (accessed on 21 May 2021).
- Energy Community. Establishment of Energy Community Energy ISAC—White Paper. June 2020. Available online: https://www.energy-community.org/dam/jcr:4e4513fa-f1d0-4238-abe6-7e2277ef0c9a/EnC%20_ISAC_072020.pdf (accessed on 21 May 2021).
Risk Management, Cyber Protection and Defense |
---|
Risk-assessment procedures and recommendations from the assessment |
Existence of company information security policy |
Development and maintenance of inventory of assets considering critical systems as well, |
Maintenance of a list of companies with access to critical infrastructure systems (CIS) and existence of special procedures for these companies when accessing CIS, |
Implementation of measures to mitigate threats and external access on CIS, limitation of access rights to users and automatic processes to CIS, |
Implementation of measures to secure ICS and approaches in detection of threats to CIS, |
Existence of reporting procedures to Computer Security Incident Response Teams (CSIRTs), procedures for notification neighboring TSOs about cyber incidents, |
Existence of Security plan for protection of CIS. |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Krkoleva Mateska, A.; Krstevski, P.; Borozan, S. Overview and Improvement of Procedures and Practices of Electricity Transmission System Operators in South East Europe to Mitigate Cybersecurity Threats. Systems 2021, 9, 39. https://doi.org/10.3390/systems9020039
Krkoleva Mateska A, Krstevski P, Borozan S. Overview and Improvement of Procedures and Practices of Electricity Transmission System Operators in South East Europe to Mitigate Cybersecurity Threats. Systems. 2021; 9(2):39. https://doi.org/10.3390/systems9020039
Chicago/Turabian StyleKrkoleva Mateska, Aleksandra, Petar Krstevski, and Stefan Borozan. 2021. "Overview and Improvement of Procedures and Practices of Electricity Transmission System Operators in South East Europe to Mitigate Cybersecurity Threats" Systems 9, no. 2: 39. https://doi.org/10.3390/systems9020039