EU Smart Grid TF - 2nd interim report now published on Cybersecurity
24 July 2018
The 2nd interim report is now published from expert group two covering cyber security. This group is aimed at building the ground for a possible network code on syber security. BEAMA have input via an Orgalime representative. Comments are welcome on the proposals suggested in this report. BEAMA are keeping a close eye on this particular workstreem as we expect this to emerge as a draft network code, to inlcude minimum requirements for components and products - this would be driven through by a certification scheme under the new Cyber Security Act and framework overseen by ENISA.
The implementation of a network code on cybersecurity aims to provide the following unique components specifically tailored for the essential and specific cybersecurity needs of the energy sector:
Set-up of an early warning system in Europe for the energy sector
Following the already existing implementation of the NIS Directive in the Member States, respective set-up could be extended to have an operational function in supporting operators of energy 118 infrastructure protecting energy systems by implementing a multiplier and competence centre that provides information on potential cyber-attacks and threats.
Cross-border and cross-organizational risk management in the EU
Respectively ENTSO-E together with EU-DSO4 will be managing cross-border and cross-organizational risk of interconnected, interdependent energy systems, infrastructures and applications.
Minimum Security Requirements for energy infrastructure components
Respectively ENTSO-E together with EU-DSO will orchestrate within the group of selected stakeholders minimum security requirements for infrastructure components and services that are critical to secure the energy infrastructure. The methodology will be aligned with the proposed EU Cybersecurity Act5.
Minimum Protection Level for energy system operators
A methodology to define a minimum protection level for energy system including requirements for organization, practices and infrastructure will be recommended in order to set a baseline security level within the EU. The recommendation will include minimum requirements in regards of supply chain management.
European Energy Cybersecurity Maturity Framework for Operator of Essential Services
Recommendation towards and a European energy cybersecurity maturity framework will be provided in order to have a metric for energy system operators and Member States available to measure and steer the protection and resilience of the energy infrastructure. The recommendation will consider security measures6 that has been provided as guidance by the NIS Cooperation Group.
