The European Network for Cyber Security (ENCS), the Association of European Distribution System Operators (E.DSO), and the European Network of Transmission System Operators for Electricity (ENTSO-E) recently hosted a joint virtual event, discussing the challenges of data sharing under the NIS Directive, Cybersecurity Act and Network Code Cybersecurity.
The webinar, attended by more than 200 participants, emphasized the importance of security across critical business processes and harmonization of approaches throughout Europe, and the urgent need to ensure these. Participants also underscored the need to support innovation and expertise.
The event built on the increased sense of urgency following the European Commission’s decision to make network codes in the energy domain on cybersecurity the highest priority. It was the second part of a two-day series, the first part having taken place on Oct. 7. Part one had highlighted the pressing need for harmonization across scoping for information security management systems, security measures, and knowledge sharing, in order to head off today’s cyberthreats.
While the European Union (EU) has a high level of energy security, enabled by oil and gas reserve stocks, and one of the most reliable electric grids in the world, a number of emerging trends pose new challenges to the security of energy supply, notably in the electricity sector.
The production, distribution, and use of energy is becoming increasingly digitized and automated — a trend that is expected to increase with the transition toward a distributed carbon-neutral energy system and the growth of the internet of things (IoT). With more and more networked devices connected to the electric grid, there will be increased opportunities for malicious actors to carry out attacks on the energy system. It would also increase the risk of inadvertent disruption.
In his opening keynote address, Jakub Boratyński, acting director in charge of digital society, trust and cybersecurity, DG Connect, European Commission, highlighted the way DG Connect is analyzing how “innovation can be further supported and expertise in the sector strengthened.”
Anjos Nijk, managing director, ENCS, said: “At our first joint event, we agreed on the need for collaboration. Good progress was made to increase our resilience because of the implementation of the NIS Directive and the proactive approach of European grid operators. But security is a moving target.
“We have to change paradigms and regard security as an opportunity rather than a threat. Security comes not only with a cost but also delivers a benefit. We should seize the opportunity to invest in shared minimum security requirements and standardized testing to put emphasis on resolving vulnerabilities and involve all our security talent by reducing barriers to participation.”
The rapid proliferation of smart and connected grid components further necessitates an investment in cybersecurity. As a grid becomes smarter, it also becomes more vulnerable to attacks, which can compromise critical infrastructure systems and disclose private user information.
The industry has suffered from the rush toward remote systems and increasingly understaffed facilities. A recent report from GlobalData finds that to maximize return on investment in cybersecurity, utilities need to address challenges brought about by cyberattacks head-on.
Steve Purser, head of core operations department, ENISA, spoke on cybersecurity capacity building in Europe, with Jeff Montagne, chief IT security officer, Enedis, going into more detail on technical information sharing. Keith Buzzard, security officer, ENTSO-E, gave a status update on the European Network Code for Cybersecurity.
The event was headlined by a panel discussion on how data sharing between different stakeholder groups should develop. The panel included Maarten Hoeve, director technology at ENCS, as moderator; Christiane Gabbe, head of security G&I at innogy/E.ON; Rémi Mayet, head of unit act of energy security and safety, DG ENER, European Commission; Walburga Hemetsberger, CEO of SolarPower Europe; and Grzegorz Bojar, vice-chair of ENTSO-E digital committee and chief information officer at PSE S.A.
In his closing remarks, Laurent Schmitt, secretary general, ENTSO-E, said: “Securing the electricity system requires establishing new collaborations across actors of the electricity value chain to introduce transverse methods and standards as defined through the new European cybersecurity code. We are very happy the ENTSO-E, EDSO, ENCS webinars have become a reference platform to develop such collaboration and exchange on associated best practices.”
