EPRI Research Collaboration on Cyber Security 2016 (P183)
National Grid Electricity Transmission
Click here to send a question to the contact.
Network Innovation Allowance
Electricity Transmission Networks and Cyber Security
Several projects form the overall EPRI P183 work package, which are delivered in tandem:
- Deliverable P183A: Industry Collaboration & Technology Transfer - the landscape of cyber security activities in the UK electricity sector involves numerous industry, government, and regulatory groups. Although tracking these groups can be a daunting effort, it is critical for utilities to be up-to-date on key industry activities. This deliverable provides members with an up-to-date view of industry activities and supports technical contribution to these groups.
- Deliverable P183B: Security Technologies - this deliverable will address several security technology challenges facing UK power-delivery and control systems, such as developing protective measures and managing cyber threats.
- Deliverable P183D: Information Assurance - this deliverable focuses on security challenges that affect multiple operations domains, such as designing security into products, creating security metrics for the UK electricity sector, and developing technical solutions for meeting security compliance requirements.
The work packages have deliverables that span across multiple years to complete, therefore not all of them will be completed at the end of 2016. Among the key expected areas of progress in 2016 are:
- Active participation by National Grid Digital Risk & Security in reviewing resulting deliverables and applying them internally to key processes, technological improvements supporting the Critical National Infrastructure for the UK as applicable. In addition there will be a societal benefit of EPRI informing the UK industry of electricity utility perspectives and needs for cyber security.
- Threat Management - guidelines for a coordinated view of all aspects of an organisation’s security posture to provide an integrated security operations center (ISOC). These will bring together the many isolated monitoring and response functions into a unified framework that would benefit National Grid and our customers.
- Security Architecture - integration of new security architectures to help sustain high levels of electricity quality and reliability.
- Security Metrics - monitor the control guidance based on useful cyber security metrics that result in benefit and improvement of National Grid’s cyber security programme. Such metrics could also be used to support decisions about investments in cyber security in areas such as hardware, software, and personnel resources.
- Cyber security compliance - further understanding and ability to apply new cyber security requirements for critical infrastructure, including guidance such as the Policy on Critical Information Infrastructure Protection (CIIP) and the Network and Information Security (NIS) Directive of the European Commission.
National Grid’s participation in the EPRI Cyber programme 183 is focused on efforts to improve the industry’s ability to defend against an ever changing cyber security threat landscape. This will ensure the safe and reliable operation of the electricity transmission network. Objectives include:
- Track industry and government activities and provide technical contributions to key working groups;
- Develop a security management foundation for UK transmission and distribution systems;
- Improve the UK electricity sector’s ability to detect, respond, and recover from cyber incidents;
- Continue technical development of the Integrated Security Operations Center (ISOC);
- Extend the security architecture for the Integrated Grid to include new domains;
- Develop security metrics for the UK electricity sector; and
- Address the technical challenges of cyber security compliance.
The overall the EPRI Research Programme 183 comprises multiple deliverables with varying degrees of progress expected on each deliverable during 2016/2017. The project team will be positioned to leverage the knowledge gained within that time frame to further National Grid’s understanding and development of security requirements. This will include the generation and utilisation of information regarding new security technologies, in order to better protect the electricity transmission network and our customers.