Energy Networks Association's technical lead, Darwin Aseka, explains how we've been working with BEIS and NCSC on new cyber security guidance.
We are witnessing a number of seismic shifts in the energy market central to which are its decarbonisation, decentralisation and digitalisation. But it’s one thing to witness this, it’s another to ensure that customers and generators of all types can reap the full benefits despite the new challenges they may face, including navigating the cyber security protocols in place to keep the system running safely and stably.
There is over 30GW of distributed energy connected to local electricity networks, of which 85% is renewables and a mixture of batteries and other technologies. A volume which will only increase with broader electrification of heat and transport and the continued decentralisation of power.
This diversified system will be managed by a digitalised backbone whether through the new systems the network companies are putting in place, or indeed the roll-out of smart meters to every household in the country.
ENA recently held a webinar where, in conjunction with BEIS and the National Cyber Security Centre (NCSC), we published guidance for distributed energy resources. This guidance will support them in connecting to the grid safely and securely, without compromising the integrity of the wider network.
Despite its growing importance to our energy mix, distributed energy does not currently meet the ‘essential service’ criteria laid out in the Network and Information Systems regulations. As a result, it falls outside of the umbrella of support that would otherwise have been provided. Navigating these complex regulations and processes can be challenging, especially for the small-scale distributed energy providers – such as community energy projects or independent generators. To support these parties and standardise cyber security across the sector, we worked closely with the Energy Emergencies Executive Cyber Security Task Group and BEIS to develop guidelines to identify address this issue.
Adoption of these cyber security connection guidelines will support end-to-end security for distributed energy, at an industry-accepted level and – ultimately - help mitigate the risk of a cyber-attack. It will also enable DNOs and operators to effectively and consistently implement an industry baseline for cyber security when connecting new assets to the distribution networks.
In summary, this guidance aims to:
- Promote cyber security throughout the design and implementation of new projects.
- Provide a consistent approach to cyber security for DER connections across the UK.
- Provide a baseline level of security that is required for new DER connections.
- Enable BEIS, NCSC and us to address short-term and long-term threats and promote standardisation.
- Provide cyber security guidelines that are flexible enough to apply to any DER, regardless of size, maturity or location
- Provide guidance that encourages technology providers to improve security for their devices out of the box.
The guidance can be found on the new ENA website here.
Notes to editors
First online at Current (28 Oct).
About Energy Networks Association
We’re the industry body for the energy networks. Our members own and operate the wires and pipes which carry electricity and gas into your community, supporting our economy. The wires and pipes are the arteries of our economy, delivering energy to over 30 million homes and businesses across the UK and Ireland. To do this safely and reliably, the businesses which run the networks employ 45,000 people and have spent and invested over £60 billion in the last eight years.