This list will be developed and maintained over time. Please let us know if there is a useful publication/information source that we should reference.

Industry Standards

External link opens in new tab or windowENA - Energy Delivery Systems (EDS) Cyber Security Procurement Language Guidance

The Procurement Language Guidance aims to support consistent and clear procurement tender development through delivering an effective approach to procurement by industry. The guidance contains a suite of procurement statements that can be incorporated into related documentation. This will enable users to effectively and consistently articulate and implement an industry baseline level of cyber security for the products and services used within their EDS.

External link opens in new tab or windowIoT Security Foundation Guidance

The Internet of Things (IoT) is gaining increasing interest in the energy sector, both in the hands of consumers with smart energy consuming devices but also for distributed energy and extensions to established power networks and systems. The IoT Security Foundation is a not for profit organisation producing free to access security guidance for IoT as well as promoting certification and adoption of secure systems.

Please suggest other standards and guidance to be included.

General Reference

External link opens in new tab or windowNIST - Framework for Improving Critical Infrastructure Cybersecurity (NIST-CSF 1.1)

The framework focuses on using business drivers to guide cyber security activities and considering cyber security risks as part of the organisation's risk management processes. The framework provides a common organising structure for multiple approaches to cyber security by assembling standards, guidelines, and practices that are working effectively today.

The E3CC chose to use this framework to underpin the periodic risk assessment of UK electricity and gas cyber security which was last performed in 2017. We also took ideas from the C2M2 maturity work supported by the US Department of Energy.

The Weakest Link: Why Your Employees Might Be Your Biggest Cyber Risk

Cyber security is not just a technical issue. The E3CC facilitator has co-authored a book which explores the psychology of why people make the wrong security decisions and how to motivate and support them in becoming a positive asset for good cyber security. This is available on External link opens in new tab or windowAmazon in various formats.

Please suggest additional materials

Subject Areas

  • Industry Standards

  • General Reference

  • [TBC]