On 24 November, The European Network for Cyber Security (ENCS), the Association of European Distribution System Operators (E.DSO), and the European Network of Transmission System Operators for Electricity (ENTSO-E), together hosted a hybrid event discussing the latest industry knowledge in a radically changed landscape resulting from the war in Ukraine with experts in the field of cybersecurity.
The main topics debated were how the conflict is creating new conditions for the cybersecurity of the energy grids, how cyber-attacks and malware can compromise the security of energy grids, and how the new Network Code on Cybersecurity will further protect the energy sector from cyberattacks.
In their contributions, Lorena Boix Alonso, Director for Digital Society, Trust & Cybersecurity at EC DG CONNECT; Paula Pinho, Director for Just Transition, Consumers, Energy Efficiency and Innovation at EC DG ENER; Evangelos Ouzounis, Head of Policy Development and Implementation Unit at ENISA; and Tahir Kapetanovic, Head of System Operation at Austrian Power Grid and Chair of System Operations Committee at ENTSO-E, gave their views on the strategic impact of the war in Ukraine on European Energy grids.
Lorena Boix Alonso emphasised that the energy sector remains most central to NIS2 Directive although considering new participants and the uptake of smart meters. She confirmed that the Cyber Resilience Act will set up requirements for connected devices across sectors.
According to Paula Pinho, new challenges and new dependencies arise amid geopolitical circumstances, ensuring that risks, security and resilience are managed and guaranteed.
Robert Lee, Founder and CEO of Dragos, provided an expert view on the importance to have defence and response plans available and the need to focus on the right implementation of selected defence measures.
In the panel discussion on “Cyberattacks and strategies compromising the European grids” TSO and DSO representatives and stakeholders shared their real-life experiences in the grid operator cyber realm and how they prepare themselves against the actual threats. Anjos Nijk, Managing Director of ENCS, pointed out that responsibilities to deal with nation state actor cyber incidents are not cleared yet and that the defence side has no clear view and accurate information on the reality of threats to the OT. He emphasised that enhanced efforts in skills development and exercises throughout the stakeholders community are critical.
The second panel discussed the progress of the Network Code on Cybersecurity and how this will strengthen our resilience against nation state actor threats and where challenges will occur in the implementation. The panellists underlined how the new Network Code on Cybersecurity aims at having a reliable and resilience electricity system, bringing in new challenges and opportunities, among others in relation to the collaboration between TSOs, DSOs and other stakeholders both in the drafting and implementation phase. Stefano Bracco, Knowledge Manager at ACER, explained that all critical impact entities have 70% or 80% of the future standards already implemented, but that we need to ensure this is actually happening and that everybody is paying their own share with regards to the implementation.
Michaela Kollau, Policy Officer at EC DG ENER, concluded the day with three main takeaways. Firstly, cybersecurity will stay a continue effort. Secondly, cybersecurity is too complex to do it on your own and, lastly, information sharing is fundamental.