European transmission system operators (TSOs), in collaboration with the European Network of Transmission System Operators for Electricity (ENTSO-E) and the Distribution System Operators Entity, have released proposed cyber risk assessment methodologies for public consultation. These methodologies are designed to assess cybersecurity risks at the Union, regional, and member state levels, with a focus on the operational security of electricity grids. They aim to evaluate the consequences of cyberattacks that could disrupt cross-border electricity flows, but exclude other potential impacts such as legal, financial, or reputational damages.
The proposed methodologies will be used to identify processes within the electricity system that could be highly impacted by cyberattacks. The risk assessments specifically target malicious cyber threats, excluding non-malicious incidents. The methodologies focus on safeguarding the confidentiality, integrity, and availability of information critical to grid operations, ensuring that only high-impact and critical processes are evaluated based on defined thresholds. This systematic approach aims to bolster Europe’s energy infrastructure against growing cyber risks.
At the Union and regional levels, ENTSO-E and the DSO Entity will conduct the assessments, aggregating input from individual member states’ assessments. Each member state will be responsible for performing its own local risk assessments under the guidance of their competent authorities. The methodologies will assess the status of cybersecurity measures in place, record previous cyber threats and attacks, and make recommendations for improving risk management practices. This process is essential for ensuring a unified approach to cybersecurity across Europe’s diverse energy networks.
The methodologies have been developed in response to the Network Code on Cyber Security, which sets sector-specific cybersecurity rules for cross-border electricity flows within the European Union. This initiative aims to enhance the resilience of Europe’s critical energy infrastructure and ensure consistent cybersecurity practices across all member states. The public consultation, open until December 5, 2024, will gather input from stakeholders, with the results expected to be published in early January 2025. The proposed methodologies are a key step in safeguarding Europe’s energy networks from evolving cyber threats.
Reference: