Thwarting cyber threats to European energy infrastructure through collaboration
As the digital transformation of our energy supply and distribution systems continue with smart grids and smart IoT devices, there is a growing need to counter the potential of disruption from cyber threats. So there is a general recognition that the best chance of doing that lies in sharing experiences, ideas and innovation among all interested parties in a spirit of mutual cooperation.
The European Energy – Information Sharing & Analysis Centre (EE-ISAC) is an industry-driven, information sharing network of trust. It is a non-profit membership body in which the members are commercial organisations including utilities and solution providers, as well as public institutions such as universities, governmental and other non-profit organizations. The purpose is to share important information on cyber security and cyber resilience, and work together on finding strategies and methods to counter actual and potential threats to energy generation and distribution networks.
EE-ISAC Members share:
- real-time security data & analysis
- reports on security incidents and cyber breaches
- technical & operational experiences with applied security solutions
- lessons learned from past security issues
- future challenges, security outlooks & warnings
EE-ISAC enables the European utility industry to:
- Set up long lasting relationships of trust with partners across the entire value chain
- Share both real-time data & analysis within small scale trust-circles
- Learn from their peer’s experiences with grid security incidents and cyber breaches
- Compare & evaluate security solutions, both from a technical and operational viewpoint
- Benefit from an open dialogue with industry partners and suppliers
EE-ISAC members meet a few times during the year for plenary meetings, conferences and seminars. Activities include discussion of topics about data security and privacy, the identification of new types of threats (for example in relation to the Internet of Things), sharing experiences on incident handling, collaboration with other membership organisations, and to work on publications such as white papers.
Between physical meetings, the membership needed a platform that allowed continued discussion around topics and events, in many cases very sensitive information. They also needed a record of decisions, how they were reached and all associated content. They needed new members to swiftly become on-board and get up to speed on topics quickly and easily. Traditionally this would have been done via email, but email is poorly suited for retaining and organising knowledge, and often creates great confusion through duplication of content.
As is usual for membership organisations, EE-ISAC does not have its own IT resources and relies entirely on only a very few of its members for administration.
Another characteristic of EE-ISAC is that it has relationships with other membership organisations – bodies that have similar or complementary aims and purpose, and some that operate in different geographies or different sectors but where there is value in collaboration and sharing ideas and experiences. There are many other ISACs such as in finance, or in other regions such as USA and Japan.
It is in this context that EE-ISAC identified a need for digital collaboration hub that facilitated conversation, that provided a knowledge base without requiring significant extra work and that ensured security and the respect for privacy while at the same time ensuring information is shared with those that require it. For this they chose the Vmoso enterprise engagement hub, for these reasons:
- As a Cloud-based solution, there is no IT burden, and it provides a neutral venue not dependent on any one member organization
- It provides a single record of knowledge acquired by EE-ISAC, so that new members can easily and quickly get up to speed on each topic. Members with particular expertise are also easily identifiable.
- Permission-based sharing allows each member to retain control over the content they bring to the discussion, and ensures data privacy is protected
- It provides a more convenient and efficient means for discussions and activities to be progressed between meetings.