Ref. Ares(2021)4296942 - 01/07/2021
Update on cybersecurity
in the energy sector
Electricity Coordination Group
Policy Context
Where we are:
- EU Cyber Security Strategy (2013)
- Network and Information Security Directive (EU) 2016/1148
- Data Protection: Regulation (EU) 2016/679 - GDPR
- European Program for Critical Infrastructure Protection
- Cybersecurity Package (2017): acknowledging specificities of
different sectors and referring to sector-specific requirements.
Do we need anything specific for the
energy sector?
Key challenges of the energy sector in
terms of cyber security
•
Real time requirements
•
Cascading effects
•
Legacy technologies connected
to digital technologies
..YES…
Stakeholder hearings of February 2018
confirmed that specific considerations
of the energy sector in terms of cyber
security are needed.
Stakeholders consulted include ENTSO-E, ENTSO-G, ECSO
(European Cybersecurity Organization), Eurelectric, Eurogas, EDSO,
GEODE and the Commission Agencies ACER and ENISA (the Agency
for network and information security)
How to address these particularities of
the energy sector?
Short- and mid-term policy actions for
cybersecurity in energy
NIS implementation at energy sector level
•
Guidance via an energy-specific work stream in NIS Cooperation Group
•
Kick-off meeting: 18 June 2018
Specific cybersecurity guidance for the energy sector
beyond NIS
•
until end 2018
Continue the series of energy cybersecurity events
•
Previous: March 2017, High-level roundtable in Rome
•
Next: October 2018, Co-organised with AUT Presidency & IW
Enhanced cooperation with the EE-ISAC
•
EE-ISAC Plenary Meeting, June 2018
Mid- and long-term policy actions for
cybersecurity in energy
Network code on cybersecurity
• Clean Energy for all Europeans Package
Smart Grids Task Force : Expert Group 2
•
To prepare the ground for this network code
•
Key areas and subgroups:
—
European Cybersecurity Maturity Framework
—
Supply Chain Management
—
European Early Warning System for Cyber Threats
—
Cross-Border and Cross-Organisational Risk Management