NextGen SCADA Global 2021 Blog

Keep up to date with the latest developments on the NextGen SCADA Global 2021 virtual conference, run by Smart Grid Forums.

Case Study: Alliander

This week we caught up with Hans Baars, Senior Security Advisor at Alliander, who will be speaking at the conference on the subject of the NIS Directive. Specifically, Hans will be sharing how the NIS directive has been implemented at Alliander and translated to an ISO 27103/NIST CSF approach.

Hans explained: “Alliander is a large Dutch grid operator which was formed in recent decades from several local grid operators. Consequently, there has been no relationship between the different parts of the organisation. The various business units operated fairly autonomously. Cyber security was the responsibility of each individual business unit.

In 2020 a new board of directors took office and decided to change course. Alliander will now be centrally organized, starting on 1st January 2021. A brand-new CISO-Office will start to work for the entire company. We are currently working to develop an ISO 27103/NIST CSF based Information Security Management System. We are combining the current ISMS’s and taking the best of all together. The approach is risk based of the Value Streams such as, the Office Environment, Smart Meter Environment and Power Grid Net Management (SCADA).

The biggest challenge for the upcoming period is the cooperation between the “old” independent security officers to the central organized CISO-office. The most important lesson from the past is that independence of the different internal stake holders is that they feel only responsible for their business unit, however they don’t talk with their colleagues in different business units. Wheels are re-invented. Resources are not well used and most importantly, there is no helicopter view over the company to recognize the same problems at different locations.

Our roadmap for the coming years is to:

  • Get all security colleagues and stakeholders aligned and working in the same direction
  • Build a stronger culture of security
  • Make a thorough inventory of all value streams
  • Assess security risks in detail for all value streams and define robust security baselines
  • Develop and Implement (New) Protective Measures to Reduce Risk
  • Assess and monitor more closely threats and vulnerabilities
  • Improve BCM/DRP and the incident Management processes
  • Sustain security improvements

In 2024 we will aim to achieve level 4 of the Maturity level scale of 5 for all security processes. I look forward to sharing the details of our journey so far and our plans for the coming years at NextGen SCADA Global 2021.”

Hans will be one of 24 utility case-studies being presented at NextGen SCADA Global 2021. Alongside the case-study agenda, there will be 3 x supplier presentations, 7 x live Q&A sessions, a 90-min roundtable discussion session, and more, all in just two intensive high-value days!

View Agenda