cybersecurity

The European Network for Cyber Security (ENCS), the Association of European Distribution System Operators (E.DSO), and the European Network of Transmission System Operators for Electricity (ENTSO-E), together hosted a virtual event discussing the challenges of data sharing under the NIS Directive, Cybersecurity Act and Network Code Cybersecurity. More than 200 participants joined us on this occasion.

The event was the second part of a two-day series, with the first part having taken place on 7th October. Part one concluded with the pressing need for harmonisation across scoping for Information Security Management Systems, security measures and knowledge sharing, in order to head off today’s cyber threats.

Today’s webinar built on the increased sense of urgency that was confirmed in the European Commission’s decision to put the highest priority for Network Codes in the energy domain on cybersecurity.

In the opening keynote session, Jakub Boratyński, acting director in charge of Digital Society, Trust and Cybersecurity, DG Connect, European Commission, highlighted how DG Connect is analysing how “innovation can be further supported and expertise in the sector strengthened”.

Anjos Nijk, managing director, ENCS, added that “already at our first joint event we agreed on the need for collaboration and good progress was made to increase our resilience due to implementing the NIS Directive and the proactive approach by European grid operators. But security is a moving target and we have to benchmark against the progress our adversaries have made.

“The key question is if we want to lead or to follow. We have to change paradigms and regard security as an opportunity rather than a threat. Security comes not only with a cost but delivers a benefit. We should seize the opportunity to invest in shared minimum security requirements and standardised testing, to put emphasis on resolving vulnerabilities next to the focus on incidents and to involve all our security talent by reducing barriers to participate.”

Steve Purser, head of core operations department, ENISA, expanded on the topic, speaking to “Cybersecurity capacity building in Europe”, with Jeff Montagne, Chief IT Security Officer, Enedis going into more detail on technical information sharing.

Keith Buzzard, security officer, ENTSO-E, gave a status update on the European Network Code for Cybersecurity and the event was headlined by a panel discussion on how data sharing between different stakeholder groups should develop.

Related articles;
Blind spots expose grid assets to cyberattacks
Siemens Energy unveils new AI-driven cybersecurity service
Security requirements standardised for distribution automation in Europe

The panel included Maarten Hoeve, director technology at ENCS, as moderator; Christiane Gabbe, head of security G&I at innogy/E.ON; Rémi Mayet, head of unit act of energy security and safety, DG ENER, European Commission; Walburga Hemetsberger, CEO of SolarPower Europe and Grzegorz Bojar, vice-chair of ENTSO-E Digital committee and chief information officer at PSE S.A.

In his closing remarks, Laurent Schmitt, secretary-general, ENTSO-E, underlined that: “Securing the electricity system requires to establish new collaborations across actors of the electricity value chain to introduce transverse methods and standards as defined through the new European Cybersecurity code. We are very happy the ENTSO-E EDSO ENCS webinars have become a reference platform to develop such collaboration and exchange on associated best practice.”

The event highlighted the importance of security across critical business processes, harmonisation of the approaches throughout Europe and the need to act now.

You will find the slides of the event here. The recording will be available soon on our website.