Rinnovabili

Electricity sector, the first network code on EU cybersecurity

Electricity sector
via depositphotos.com

The EU wants to lift controls on the cybersecurity of the electricity system

Traditional energy technologies are becoming increasingly connected, intelligent and digital. This transformation path makes the system much more efficient, environmentally friendly and able to respond better to changes. At the same time, however, the sector’s exposure to new risks increases. Recent cyber attacks in the electricity industry have disabled remote controls of wind farms, disrupted power grids, “knocked down” sites of energy companies and led to recurring data breaches involving names, addresses, and customer information. Attacks have been increasing since the outbreak of the Russian War in Ukraine.

It is time for the European Union to raise the barricades and the first tool to do so is the new network code on cybersecurity of cross-border electricity flows. The delegated act, adopted yesterday by the European Commission, aims to establish a recurring process of IT risk assessment in the electricity sector. The target? Systematically identify those who run digitized processes with a critical or high impact on cross-border electricity flows, the related IT security risks and, therefore, the necessary mitigation measures.

The network code on the cybersecurity of electrical flows

Today, multiple methodologies and standards exist in IT security, a rapidly evolving field. Therefore, to harmonize and ensure a common baseline while respecting existing practices and investments as much as possible, the network code on cybersecurity establishes a governance model to develop, follow, and regularly review the methodologies of the different stakeholders. This model considers the current mandates of different bodies in the computer security system and electricity regulation.

“The delegated act – writes the EU Commission – follows a wide consultation process with stakeholders, including contributions from ENTSO-E , EU DSO Entity and ACER, and 4 weeks for public feedback at the end of last year”. Now the Network Code will pass into the hands of the two co-legislators of the Union. This means that the European Parliament and the Council each have 2 months to oppose this secondary legislation; this period may be extended by 2 months.

Exit mobile version