Brussels, 31/07/2012 (Agence Europe) - The European Network and Information Security Agency, ENISA, has published a report on how to make smart grids more effective and more secure. A smart grid is an upgraded electricity network with two-way digital communication between supplier and consumer. The adoption of smart grids will dramatically change the distribution and control of energy for solar panels, small wind turbines, electric vehicles, etc. By making energy distribution more efficient, smart grids have clear benefits to users, electricity suppliers, grid operators, and society as a whole. At the same time, this dependency on computer networks and internet makes our society more vulnerable to cyber-attacks, with potentially devastating results. “Our study shows that the two 'separate worlds' of the energy sector versus the IT security sector must be aligned on security for smart grids. We estimate that without taking cyber security into serious consideration, smart grids may evolve in an uncoordinated manner”, said ENISA Executive Director Professor Udo Helmbrecht. To prepare smart grids for these threats, ENISA calls on the Commission and the member states to take effective security measures for the public and private sectors. In particular: 1) the European Commission and the competent authorities of the member states need to provide a clear regulatory and policy framework on smart grid cyber security at the national and EU levels, as this currently is missing; 2) the Commission, in collaboration with ENISA, the member states and the private sector, should develop a minimum set of security measures based on existing standards and guidelines; 3) both the Commission and the member states' authorities should promote security certification schemes for the entire value chain of smart grids components, including organisational security; 4) the member states' authorities should put in place Computer Emergency Response Teams to play an advisory role in power grids' cyber security.
ENISA has also called for a joint effort between end-users and internet service providers to protect online identity. In a press release, the Agency urges both users and service providers to keep usernames and passwords safe to avoid any security incidents, such as identity theft. Noting that these passwords allow access to sensitive information, such as financial or health data, ENISA says that service providers must take greater action to better protect users' data, prevent data leaks and offer a more secure service. It calls for preventive measures to better protect sensitive data, pointing out that, just halfway through 2012, data breaches have already exposed millions of citizens' personal data including password information. ENISA recommends that: 1) password information should be properly stored, using only cryptographic versions of the passwords, never in plaintext; 2) data leaks should be prevented by implementing a proper SDLC (Software Development Life Cycle) and checking regularly with audits and penetration tests; 3) a secure online authentication system using, a combination of mechanisms which reduces the success rate of an online attack, should be installed; 4) any attempted cyber-attacks should be reported to the competent national authorities. (IL/transl.rt)