Dependency of Energy Operators on time sensitive services

Back to News

The EU Agency for Cybersecurity analyses the cyber risks of the dependency of energy operators on time sensitive services and proposes mitigation measures.

Energy grids depend on precision timing and communication networks to monitor grid operation and integration. Power data acquisition and synchronization need to share time sources to enable decentralized analysis and effective coordination of power production. However, systems that provide time services are vulnerable to various cyber threats and a possible attack can destabilise the operation of modern power grids. With recent technological advances, there is a proliferation of tools for deploying attacks against the time sources of a utility.

The ENISA Report - Power Sector Dependency on Time Service: attacks against time sensitive services focuses on such an attack scenario by identifying relevant risks and by providing guidelines to ensure consistent time synchronization. In doing so, a typical functional architecture for time-phase data processing on the power grid is presented.

 The study also includes a list of attack vectors of potential threats against communication mediums, protocols as well as sensors and devices of this architecture.

Technical and generic good practices are suggested based on the scenario technologies investigated. The report concludes with key recommendations such as:

  • Designing of modern devices for substation automation (including GPS receivers) with security in mind (vendors);
  • Establishing electronic perimeters and implementing measures against spoofing attacks (operators);
  • Systematic implementation of basic measures for substations (operators);
  • Designing of modern devices to be used for automation in a way that meets universally accepted requirements and implementing of selected security measures through proper standardisation procedures (vendors);
  • Adoption of tools and procedures to enhance the resilience of power grids with respect tomalformed and/ or injected data affecting decision making in modern smart grids (operators).


Further Information

ENISA Report - Power Sector Dependency on Time Service: attacks against time sensitive services

Critical Infrastructures and Services

Threat and Risk Management

For interviews and press questions, please contact press (at) enisa.europa.eu