Smart grids offer benefits to the society at large but their dependency on computer networks and applications, as well as on the Internet, increases exposure to malicious cyber attacks. Vulnerabilities of communication networks and information systems could indeed be exploited for financial or political motivation to shut off power to large areas or directing cyber-attacks against power generation plants.
However, the communication infrastructures are not the only source of vulnerabilities, the report indicated. Software and hardware used for building the smart grid infrastructure are at risk of being tampered with even before they are linked together. Rogue code, including the so-called logic bombs which cause sudden malfunctions, can be inserted into software while it is being developed. As for hardware, remotely operated “kill switches” and hidden “backdoors” can be written into the computer chips used by the smart grid and allowing outside actors to manipulate the systems.
“Our study shows that the two ‘separate worlds’ of the energy sector versus the IT security sector must be aligned on security for smart grids," stated Professor Udo Helmbrecht, executive director of ENISA. "We estimate that without taking cyber security into serious consideration, smart grids may evolve in an uncoordinated manner. I would therefore suggest that smart grids’ security be made part of the EU’s forthcoming Internet Security Strategy.”
In its latest report, ENISA said it has identified risks and challenges linked to cyber security aspects of smart grids. It also outlines European initiatives on standardization, knowledge sharing, certification, training, pilots, and other activities addressing cyber security in the smart grids.
The study then assesses the role of Information and Communication Technologies (ICTs) as the underpinning platform of the future grid, and investigates related threats and risks. The study suggests good practices and recommendations for all stakeholders that are engaged in the security, reliability and resilience of future smart grid deployments.
Among the ten security recommendations, the report indicates that the European Commission