Increasing cybersecurity, optimising operation and grid digitalisation for PCIs1 in the context of the integrated electricity transmission grids (action number PSA 2018-517)
The Connecting Europe Facility (CEF) is a key EU funding instrument to promote growth, jobs and competitiveness through targeted infrastructure investment at European level. It supports the development of high performing, sustainable and efficiently interconnected trans-European networks in the fields of transport, energy and digital services. CEF investments fill the missing links in Europe’s energy, transport and digital backbone.
In 2018, the European Network of Transmission System Operators for Electricity (ENTSO-E) obtained a grant from the European funding instrument ‘Connecting Europe Facility’ (CEF).
The objective of this Programme Support Action (PSA) is to prepare a design and deployment (in cooperation with Transmission System Operators) of an advanced information and communication technologies architecture required for the exchanges of sensitive data between network operators. In particular the new architecture should allow for optimization of the use of the networks interconnecting the Transmission System Operators (TSOs) to facilitate cross-border electricity trading, the coordination of planned outages of lines or equipment and preparation of coordinated remedial actions should incidents happen, including the form of a cyberattack.
To do so, the project internally called ‘DG ENER – ENTSO-E Cybersecurity/Interoperability/Emerging Technologies Project’ has been divided into topics and activities.
- Topic 1: Cybersecurity
As technology is deployed to enable an always more seamless ability to communicate between many Information Systems (IS), the exposure to “cyber-attacks” increases. In expert terms this is related to the notion of “attack surface” i.e. the sum of points of contacts, or “vectors”, via which cyber-attacks can be attempted.
As more IS are interconnected and the interoperability capabilities are enhanced to allow for more sophisticated interactions, the attack surface tends to naturally increase. Keeping this attack surface as small as possible is essential for the digital infrastructure of actors such as TSOs that is candidate to attacks from the full set of cyber attackers including State-backed state-of-art expert teams.
Improving cyber security is a multi-faceted subject. Organizations, people, processes and technologies are at stake. The activities proposed are anticipated to address all these facets.
This topic will be focusing on 3 different activities:
1) Activity 1: Cybersecurity design – definition of the key security processes and controls for TSOs at each stage of the Software Development Life Cycle (SDLC) and prepare TSOs for future Cyber Security Network Codes e.g. compliance to ISO 27001.
2) Activity 2: Cyber Test laboratory – Quantify future demand from TSOs for Cyber testing and certification services and define the requirements to set up such an ENTSO-E Cyber testing and certification service (in-house versus outsourced versus hybrid model).
3) Activity 3: Cyber Security Operations Center (Cyber SOC) – Definition of future requirements for an ENTSO-E SOC, providing a common TSO cyber incident reporting, analysis and recovery capability.
- Topic 2: Interoperability
To increase border crossing electrical flows in Europe in the most reliable and economical way, more and more distributed systems need to transfer data and use each other services. These data flows are not limited to inter-TSO systems but are more and more involving external systems at distribution level, market players and smart metering environments, but also completely different sectors in energy distribution as gas. These external systems often already use defined message formats, so it is key to setup a standardized flexible and well-defined messaging infrastructure to guarantee interoperability between internal and external systems.
Standardizing the interfaces of the connectivity layer, will motivate vendors to propose solutions using these standards, as well as increase the feasibility of security and quality checks in an automated way.
This topic will be focusing on 2 different activities:
1) Activity 4: Semantic integration in connectivity layer – Specify a message profile that can be used to setup data communications between service providers and consumers on ENTSO-E. Communication & Connectivity Service Platform (ECCo SP) in a secure and reliable way
2) Activity 6: Integration with other industries enabling – Enable integration with other industries and their own standards by connecting ECCo SP to the network used by gas transport stakeholders
- Topic 3: Emerging Technologies
It is an understatement to say that innovation is very active in information and communication technologies (ICT). The objective will be to identify and assess the potential of emerging ICT to support or improve fulfilment of ENTSO-E’s missions.
As introduced in Annex I, Section 6.2 we propose to consider the blockchain technology. We have added other possible candidates that could be reviewed in addition: 5G, quantum cryptography, quantum computing.
This topic will be focusing on the following activity:
1) Activity 5: Anticipation on emergence of technological evolutions – Identify and assess the potential of emerging ICT to support or improve fulfilment of ENTSO-E’s missions (and anticipate potential changes or future needs)
ENTSO-E & DG ENER
The DG ENER – ENTSO-E Cybersecurity/Interoperability/Emerging Technologies project concretely supports the following dimensions of DG ENER’s Strategic vision for 2016-2020:
Energy security built on solidarity and trust between EU countries
As more Information Systems (IS) are interconnected and the interoperability capabilities are enhanced to allow for more sophisticated interactions, the attack surface tends to naturally increase. Keeping this attack surface as small as possible is essential for the digital infrastructure of actors such as TSOs that is candidate to attacks from the full set of cyber attackers. The DG ENER – ENTSO-E Cybersecurity/Interoperability/Emerging Technologies project offer a comprehensive approach to cyber security covering: organizations, people, processes and technologies.
A fully functional internal energy market
To increase cross border electricity exchanges in Europe in the most reliable and cost-efficient way, more and more distributed systems need to transfer data and use each other services. Standardizing the interfaces of the connectivity layer, will motivate vendors to propose solutions using these standards, as well as increase the feasibility of security and quality checks in an automated way.
Energy efficiency as a contribution to moderation of energy demand
By enhancing digitisation of the power system, DG ENER – ENTSO-E Cybersecurity/Interoperability/Emerging Technologies project contributes to energy efficiency by optimising the use of the current infrastructure; integration of more demand response (notably by linking the distribution and transmission and the consumers). By facilitating data exchanges, the CEF ENTSO-E project will foster new services and businesses including in energy efficiency. More efficiency gains can also be done through connecting the power sector with transport, heating, gas…
Decarbonisation of the economy
The digitisation of the power system that the DG ENER – ENTSO-E Cybersecurity/Interoperability/Emerging Technologies project will support, will equally allow for CO2 emissions reduction, through increased energy efficiency, increased demand response, increased used of distributed energy and flexibility sources - in cooperation with distribution system operators -, sector coupling, greater integration of variable energy sources etc.
Research, innovation and competitiveness
The DG ENER – ENTSO-E Cybersecurity/Interoperability/Emerging Technologies project will identify possible use of emerging ICT to support or improve the functioning of the power system/market in line with EU climate/energy targets. It will contribute to build the ICT capacity in Europe’s power system and allow for new businesses and services to emerge.
Timeline of the project
ENTSO-E CEF Project Manager – Eric Devillers
PCI = Project of Common Interest ↩