• Energy


Product Security Evaluation Services for Energy

In the past, the smart grid network was only used for electricity distribution. Today, the smart grid does not only transport energy, but it also functions as a data network (exchanging messages) with electricity (to power devices) as its by-product. In other words, the smart grid now goes beyond the power plan. It has become the ultimate-grade critical infrastructure: a power outage can have a direct impact on the availability of other critical services (e.g. transport, finance, communication, water supply services).

The smart grid poses exciting opportunities, but it needs to be properly protected. Today, home appliances are also connected to it, which means there is more for attackers to access. With the risk of high-profile attacks comes the need for in-depth threat modelling and protection. International standards like SESIP, 62443 and Common Criteria, and regulations, like the EU Cybersecurity Act (CSA) offer cybersecurity frameworks in the Electrical Power and Energy System (EPES) and the rest of the smart grid ecosystem, creating a common language for deploying and understanding security. 

Cybersecurity in the Electrical Power and Energy System (EPES)

The Electrical Power and Energy System (EPES) is an armour against cyber and privacy attacks and data breaches. Digital technologies play an important role in the EPES due to the transition to a decentralised energy system. The EPES will face an increasing range of threats requiring a security evaluation of the cybersecurity risk. Even if security improvements may have been made since, legacy systems such as SCADA/ICS (Supervisory Control and Data Acquisition System/Industrial Control Systems) do not have cybersecurity measures embedded in them because they were developed in times when cybersecurity was not yet part of the technical specifications of the system design.

In April 2019, the European Commission introduced a sector-specific guide that identifies the possible cyberattacks in the energy industry.  In March and April 2019, the European Parliament and the Council adopted a proposal for a regulation on the EU Agency for Cybersecurity (ENISA) and on Information and Communication Technology Cybersecurity Certification (the Cybersecurity Act) respectively.

Security services

Energy Standards & Recognitions