ENISA. The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the European Union, its Member States (MS), European citizens and private sector. ENISA develops recommendations on good practices regarding information security, and works in conjunction with those agents. XXXXX also collaborates and provides assistance to concerned parties to implement EU legislation on this matter, and works to improve the resilience of EU’s critical information infrastructure and networks. XXXXX has delivered a number of general recommendations addressed to the European Commission (EC), the MS and private and public stakeholders (including educational and R&D), all of them involved in the definition and implementation of Smart Grids and, in particular, their cybersecurity aspects. Main recommendations are the following: - Concerned authorities from the EC and the MS should make the necessary efforts to improve the regulatory and policy framework on Smart Grid cybersecurity, at national and EU levels. - The EC, along with XXXXX and the MS, should enforce the creation of a Public- Private Partnership (PPP) to coordinate Smart Grid cybersecurity activities. - ENISA and the EC should promote awareness raising and training initiatives, as well as dissemination activities. - The EC, along with ENISA, the MS and the private sector, should implement a set of security measures based on existing standards and guidelines. - The EC and the MS should work on the development of security certification schemes for Smart Grid hardware, software and concerned organizations, as well as the creation of necessary test environments and security assessments. - Trying to avoid large scale severe pan-European cybersecurity incidents in power grids, the EC and the MS, with ENISA collaboration, should refine strategies addressed to coordinate necessary measures. - The EC and the MS should cooperate with the R&D sector regarding further research in Smart Grid cybersecurity. ENISA has developed several technical guidelines and other documents covering different aspects of Smart Grid cybersecurity, with corresponding links to current international standards on the matter: - Guidelines on incident reporting. - Resilience metrics. - Guidelines on security measures. - Guidelines for auditing security measures. - Methodologies for the identification of critical information infrastructure assets and services. - Analysis and implementation of Nationa...
ENISA an evaluation framework for cyber Security strategies ENISA53, the European Union for Network & Information Security, work on the evaluation of National Cyber Security Strategies (NCSS) addressing to policy experts and government officials who design, implement and evaluate an NCSS policy. It aims to be a flexible and pragmatic tool based on principles rather than prescriptive checklists, in alignment with the provisions of the EU Cyber Security Strategy. XXXXX has created an interactive informative map to present the situation of the cyber-security strategies adoption across the globe.54 The ENISA Study on National Cyber Security Strategies aims to produce a Good Practice Guide highlighting good practices and recommendations on how to develop, implement and maintain a Cyber Security Strategy. The Good Practice Guide is intended to be a useful tool and practical advice for those, such as regulators and policy makers, responsible and involved in cyber security strategies. National Cyber Security Strategies have not yet been established or implemented in all 28 Member States. Therefore, raising awareness of and promoting good practices in relation to cyber security among the EU Member States continues to be an important task to do in supporting national good practices. Other initiatives, such as xxxxxxxxxxxxxxx.xxx.xx in the UK are worth mentioning, too, for their timeliness and sense of closeness to SMEs, although they provide less overall impact because of their intrinsic size. This programme offers a pragmatic, risk-based approach for smaller organisations to protect themselves from the most widespread forms of threat that derive from the internet. The ISF produce the Standard of Good Practice for Information Security (SOGP) which is updated every two years, the SOGP is the most comprehensive information security guide in the world. It provides complete coverage of other recognised standards such as ISO/IEC 27001:2013, 27002:2013, 27014, and 27036, as well as PCI DSS 3.0 and the NIST Cyber security Framework. Today, many European Union Member States have published or are in the process of publishing an NCSS (National Cyber security Strategies). Of these, several (e.g., Czech Republic, Estonia, Netherlands and the United Kingdom) have also updated their strategies since their first edition. National Cyber Security Strategies aim to ensure that Member States are prepared to face serious 52 xxxx://xxxxxx.xx/rapid/press-release_IP-16-2321_en.htm 53 xxxxx://xx...
ENISA. Security measures for smart grids 35
