Abstract:

For the energy sector, information security is of great importance due to the increasing expansion of the information technology infrastructure of energy networks within renewable energy sources. In parallel with the need-based expansion of distribution grids with new ”intelligent” technologies and automated applications, the continuous development of the technical and organisational adaptation processes of security requirements is indispensable as long as securing against threats to telecommunications and electronic data processing systems is required. For this purpose, grid efficiency1 and grid utilization2 from regenerative energies have to be integrated into the energy system as completely as possible while retaining the high quality of provision. Fully automated energy networks require adequate IT security standards and the establishment of an information security management system to protect it against attacks on their infrastructure. The core requirements for compliance with the protection objectives were set by the legal framework for energy
network operators and energy system operators. Additionally, the network and sales target definitions of the electricity markets and the market players shall be considered as well. Thus, the previous model of information processing has to be extended to include the protection objectives. Technical processes and organisational processes that ultimately link the quantitative measures to be assessed as well as the involved entities have to be described with a quality of action, classified in terms of quality and risk parameters for informational risk management. The overall consideration serves the purpose of creating technically secure and organisationally stable framework conditions for the market players and thus, enabling the shifting of consumption and production adjustment of the electricity market in a higher level of security.