Several projects form the overall EPRI P183 work package, which are delivered in tandem:
- Deliverable P183A: Industry Collaboration & Technology Transfer - the landscape of cyber security activities in the UK electricity sector involves numerous industry, government, and regulatory groups. Although tracking these groups can be a daunting effort, it is critical for utilities to be up-to-date on key industry activities. This deliverable provides members with an up-to-date view of industry activities and supports technical contribution to these groups.
- Deliverable P183B: Security Technologies - this deliverable will address several security technology challenges facing UK power-delivery and control systems, such as developing protective measures and managing cyber threats.
- Deliverable P183D: Information Assurance - this deliverable focuses on security challenges that affect multiple operations domains, such as designing security into products, creating security metrics for the UK electricity sector, and developing technical solutions for meeting security compliance requirements.
The work packages have deliverables that span across multiple years to complete, therefore not all of them will be completed at the end of 2016. Among the key expected areas of progress in 2016 are:
- Active participation by National Grid Digital Risk & Security in reviewing resulting deliverables and applying them internally to key processes, technological improvements supporting the Critical National Infrastructure for the UK as applicable. In addition there will be a societal benefit of EPRI informing the UK industry of electricity utility perspectives and needs for cyber security.
- Threat Management - guidelines for a coordinated view of all aspects of an organisation’s security posture to provide an integrated security operations center (ISOC). These will bring together the many isolated monitoring and response functions into a unified framework that would benefit National Grid and our customers.
- Security Architecture - integration of new security architectures to help sustain high levels of electricity quality and reliability.
- Security Metrics - monitor the control guidance based on useful cyber security metrics that result in benefit and improvement of National Grid’s cyber security programme. Such metrics could also be used to support decisions about investments in cyber security in areas such as hardware, software, and personnel resources.
- Cyber security compliance - further understanding and ability to apply new cyber security requirements for critical infrastructure, including guidance such as the Policy on Critical Information Infrastructure Protection (CIIP) and the Network and Information Security (NIS) Directive of the European Commission.
Benefits
The overall the EPRI Research Programme 183 comprises multiple deliverables with varying degrees of progress expected on each deliverable during 2016/2017. The project team will be positioned to leverage the knowledge gained within that time frame to further National Grid’s understanding and development of security requirements. This will include the generation and utilisation of information regarding new security technologies, in order to better protect the electricity transmission network and our customers.
