The Association of European Distribution System Operators (E.DSO), the European Energy Information Sharing and Analysis Centre (EE-ISAC), the European Network for Cyber Security (ENCS) and the European Union Agency for Cybersecurity (ENISA) hosted a public conference on power grid cybersecurity in Brussels on 1 October 2024.
The conference gathered approximately 200 participants in Brussels and saw the participation of senior experts from the EU Commission, the TSO and DSO communities, the EU Energy regulator, and many others, including a delegation from Japan.
The European cybersecurity stakeholder community has been working on cybersecurity regulations for energy grids for many years and we have now reached the point of implementing various new regulations (NIS2, NCCS, revised RED, CRA). In past editions of the forum, the expectations from the various stakeholders were highlighted, challenges identified and discussed.
José Ferrari Careto, CEO, E-REDES; Vice-Chair, E.DSO and Chair, E.DSO Technology & Knowledge Sharing Committee, opened the Forum by stressing the importance of cybersecurity that converges the two biggest trends for today’s power system: digitalisation and electrification.
In her keynote intervention, Monika Zsigri, Head of Unit for Energy Security and Safety at DG Energy, European Commission, underlined the need for all stakeholders to cooperate in combating cybersecurity threats and the importance of reaching a balance between fighting cyberattacks and remaining cost-effective.
Central to the panel discussions was the question, how will we manage to implement the new regulations in place, and whether we can keep up with evolving threats? In addition, how can we avoid bureaucratic overload and cope with complex new threat developments like supply chain security?
At today’s 7th edition, sector experts provided real-life examples of the complex issues that need to be resolved to make risk management a practical approach to mitigate real issues effectively, including the development of an adequate methodology for risk management. Participants also discussed how to establish the execution power required to deal with advanced attacks and how to recover as quickly as possible.
Industry representatives highlighted the challenges of creating generic standards fit for multiple highly diverse use cases. Regulators and authorities showcased how scarce resources are constraining the speed of capacity building needed to arrive at the required execution power. As supply chains grow longer and more complex, the importance of managing them properly to avoid cybersecurity risks was a key output of today’s event.
The implementation of the new regulatory frameworks will challenge end users, regulators, manufacturers and electricity sector entities, i.e. the whole electricity community, to create a new, more cyber-secure reality, and to harmonise the efforts and resources of the parties involved. The discussions concluded that with a results-focused, collaborative approach, we now have the opportunity to set a global benchmark for security of the grid system.
Manuel Sánchez, Former Smart Grids Team Leader at the European Commission and Senior Advisor at FleishmanHillard Europe, closed the 7th Cybersecurity Forum by stressing the need to include into the risk management other stakeholders, such as DER, aggregators and EV charging operators, in order to reach real collaboration and to make cybersecurity legislations work effectively.
You can find the presentations of the conference here. Watch the recording here.