The power of sharing: ENISA report on cyber security information sharing in the energy sector
ENISA publishes its report on Cyber Security Information Sharing in the Energy Sector.
Published on February 03, 2017
The report first identifies existing CSIRTs (Computer Security Incident Response Teams), ISACs (Information Sharing and Analysis Centres) and information sharing initiatives in the energy sector, analyses problems and shortcomings, and identifies good practices to facilitate the cyber security information sharing in this sector. Furthermore the report provides recommendations to address identified problems and shortcomings.
Key findings include:
• Trust is a key component of information sharing.
• Participants in information sharing initiatives, are more committed and willing to contribute with information when their organisation backs them. Time, resources and knowledge, are some of the constraints faced by the participants that may hinder information sharing.
• Only few energy sector specialists have in-depth understanding of both the complexities of the energy systems and cyber security.
• Energy security issues are often addressed only at the Member State level, maintaining for example a national focus only, without taking into account the complexity of the interdependence of Member States in multiple aspects of the energy area, including cyber security.
• The legal and policy context is complex and fragmented.
• The quality of the shared information is not always at the required level, due to inconsistent use of the applicable taxonomy for example.
• There is a need to create public-private partnerships when sharing information.
• Information is shared between heterogeneous players.
• Many companies in the sector give more importance to the safety of their physical infrastructure than to the security of their computer, process systems and data.
• Few good practices have been identified on the subject, and the current information sharing initiatives lack visibility within companies in the energy sector.
The report is primarily addressed at national and governmental CSIRTs and other types of CSIRTs with activities and constituencies in the energy sector. Policy and lawmakers, notably the European Commission at the EU level, public and private organisations with an interest in NIS, and interested parties engaged in information sharing initiatives within the energy sector - including energy operators - are also intended audiences.
Full report available here
For press enquiries please contact press@enisa.europa.eu, Tel. +30 2814 409 576
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!
News items:
http://www.enisa.europa.eu/media/news-items/news-wires/RSS
PRs:
http://www.enisa.europa.eu/media/press-releases/press-releases/RSS