The energy sector has faced numerous challenges over the past decade, from plummeting oil prices during the COVID pandemic to disruptive cyberattacks and geopolitical tensions. Now, electricity providers are bracing for another blow with the adoption of new cybersecurity rules by the European Commission on March 11th, 2024.
These rules, known as the EU network code on cybersecurity for the electricity sector (C/2024/1383), aim to establish a recurring process of cybersecurity risk assessments in the electricity sector. While this news may be cause for celebration for cybersecurity professionals, it presents challenges for electricity providers.
The EU’s commitment to improving critical infrastructure cybersecurity dates back to 2019, with the adoption of sector-specific guidance and the Clean Energy for All Europeans package. The new network code builds upon these efforts, aiming to standardize cybersecurity risk assessments and establish a governance model aligned with the existing Network and Information Security Directive (NIS2).
Key provisions of the network code include the requirement for entities involved in cross-border electricity flows to perform cybersecurity risk assessments every three years and implement necessary mitigating measures. This extends not only to electricity providers but also to their suppliers and equipment manufacturers, increasing the security of supply chains.
One significant aspect of the legislation is its emphasis on information sharing. Regulators are required to share information about breaches and vulnerabilities affecting the electricity sector within 24 hours. While this is welcomed by cybersecurity professionals, it may pose challenges for electricity providers reluctant to disclose breaches for competitive reasons.
Overall, while compliance with the new rules may strain resources for electricity providers, the EU network code on cybersecurity for the electricity sector represents a crucial step in improving critical infrastructure cybersecurity at a time of increasing threats.
Source: tripwire.com
