cybersecurity in the energy sector · cybersecurity in the energy sector ... dg ener,b.3 . cyber...
TRANSCRIPT
CLEAN ENERGY FOR ALL EUROPEANS
Cybersecurity
in the energy sector
IEA Digitalization and Energy
Workshop: Digital Resilience
Michaela Kollau
European Commission,
DG ENER,B.3
Cyber Security in the Energy Sector – Clean Energy Package Contribution
What is the role of cybersecurity in the energy transition strategy?
Issues Key questions
The legacy industrial control systems are today essential, but :
- controlling traditional areas of the grid increases
vulnerability of the energy network
- their interconnection with smart components raises
vulnerabilities for the energy infrastructure
Are cybersecurity and security of
supply two sides of the same
energy coin?
The effects by cyber-attacks are not fully considered in the
security design rules of the existing power grid; in other
words, the n-1 principle for the secure design of energy
systems might not be enough to cover effects of cyberattacks.
How to secure our energy
network?
Suppliers of information technologies - very often from outside
Europe - do not have strong obligations to make their
applications secure.
What standards or certification
do we need to put in place for the
IT supply chain?
Cyber Security in the Energy Sector – Clean Energy Package Contribution
What is the role of the energy sector in the cybersecurity strategy?
ICT
Energ
y
Tra
nsport
Fin
ancia
l
Health
Oth
er
secto
rs
ICT Energy
Tra
nsport
Fin
ancia
l
Health
Oth
er
secto
rs Energy
Cyber Security in the Energy Sector – Clean Energy Package Contribution
EU cybersecurity road map and specific energy activities at EU level
2013 2014 2015 2016 2017 2018 2019 2020 2021
Revision
strategy EU Cyber strategy and NIS proposal
EU Agenda Security 2015-20
NIS and GDPR
Digital Service
Operator
NIS transposition and Operator of
Essential Services
EC assessment OES
EC review NIS implementation
Clean
Package
Revision of
EU strategy
• grids
• meters SGTFEG1
• BAT
• DPIA
SGTFEG2
• strategy
• Actions EECSP Input
G7 Rome
• Technical capacity
• explore rules
SGTF-EG2
Dr M. SANCHEZ– EC DG ENER
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Market Design (5)
Commission Proposal - Clean Energy for all Europeans
Cyber Security in the Energy Sector – Clean Energy Package Contribution
How the Clean Energy Package acknowledges cybersecurity?
The legislative proposals put a lot of emphasis on smarter and more efficient management of the grid, by using digital technologies and the flexibility of consumers and their electrical appliances -PV, eV, etc
Innovation is at the core of the package, from renewable energy legislation, to energy efficiency and the new market design proposals
The package acknowledges the importance of cyber security for the energy sector, and the need to duly assess cyber-risks and their possible impact on the security of supply.
It proposes the adoption of measures to prevent and mitigate the risks identified as well as the adaption of technical rules for electricity (i.e. a Network Code) on cyber-security.
The Commission's proposal for a revised security of gas supply regulation, currently at trilogue level, also acknowledges the importance of cyber security in gas.
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Market Design (7)
Energy Expert Cyber Security (EECSP) – Expert Group
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Overview of the work of the
Energy Expert Cyber Security Platform (EECSP)-Expert Group
(ref. EECSP Report)
http://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupDetail&groupID=3341
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Documents analysed
Strategy papers
• EU Cyber Security Strategy
• Digital Single Market Strategy
• 50 national cyber security strategies
Legislation with focus
on cyber security for
critical infrastructure
providers
• Network and Information Security (NIS) Directive
• European Programme for Critical Infrastructure
Protection (EPCIP) Directive
• Contractual Public-Private Partnership
Legislation with focus
on security of supply
• Security of Supply (SoS) Directive
• Security of Gas Supply Regulation
Legislation with focus
on data protection and
privacy
• General Data Protection Regulation (GDPR)
• Data Protection Impact Assessment (DPIA)
Template
Cyber Security in the Energy Sector – Clean Energy Package Contribution
10 cyber security challenges in the energy sector (ref. EECSP Report)
Electricity Oil Gas Nuclear
1 Grid stability in a cross-border interconnected energy
network. x x x
2 Protection concepts reflecting current threats and risks. x x x x
3 Handling of cyber-attacks within the EU. x x x x
4 Effects by cyber-attacks not fully considered in the
design rules of an existing power grid or nuclear facility x x
5 Introduction of new highly interconnected technologies
and services. x x
6 Outsourcing of infrastructures and services. x x x
7 Integrity of components used in energy systems. x x x
8 Increased interdependency among market players. x
9 Availability of resources and their competences. x x x x
10 Constraints imposed by cyber security measures in
contrast to real-time/availability requirements. x x x
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Identified Strategic Areas – Needs (ref. EECSP Report)
1 European threat and risk landscape and treatment
2 Identification of provider of essential services
3 Cyber response framework
4 Crisis management
5 European cyber security maturity framework
6 Supply chain integrity framework for components
7 Capacity & competence build-up
8 Best practice and information exchange
9 Forster international collaboration
10 Awareness campaign from top level EU institutions
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Strategic Priorities Strategic Areas Areas of Actions
I
Set-up an effective
threat and risk
management
system
European threat and risk landscape and
treatment
1. Identification of provider of essential services
for the energy sector at EU level.
2. Risk analysis and treatment.
3. Framework of rules for a regional
cooperation.
4. EU framework for vulnerabilities disclosure
for the energy sector.
Identification of provider of essential services
Best practice and information exchange
Forster international collaboration
II
Set-up an effective
cyber defence
framework
Cyber response framework 5. Define and implement cyber response
framework and coordination.
6. Implement and strengthen the regional
cooperation for emergency handling
Crisis management
III
Continuously
improve cyber
resilience
European cyber security maturity framework 7. Establish a European cyber security maturity
framework for energy.
8. Establish a cPPP for supply chain integrity
9. Foster European and international
collaboration
Supply chain integrity framework for
components
Best practice and information exchange
Awareness campaign from top level EU
institutions
IV
Build-up the
required capacity
and competences
Capacity & competence build-up 10. Capacity and competence build-up.
(ref. EECSP Report)
Cyber Security in the Energy Sector – Clean Energy Package Contribution
High level Roundtable on main Challenges for Cyber Security
in the Energy System 24. March 2017, Rome
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Main Conclusions - Rome
1. Cyber security in the energy sector has its specificities
2. The importance of information technology suppliers
3. Ensure the right balance between cyber security, data protection and economic growth
4. Address IT skills shortage
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Smart Grids Task Force Working Group on Cyber Security
Cyber Security in the Energy Sector – Clean Energy Package Contribution
European Smart Grid Task Force - Expert Groups 2017-18
Dr M. SANCHEZ– EC DG ENER©2017. FSR Florence 24 March 2017 - (16)/17
Data Format and
Procedures Cybersecurity
Demand
Response
Chair by EC EC EC EC
one expert and
one alternate
1) no alternate
2) Multiple functional player
3) Covering the role of supplier
4) 2 experts and 2 alternates
5) EC ask BEUC case by case,
according with the issue to
discuss
CEER CEER CEER
CEDEC(1) (2) CEDEC (1) (2) CEDEC (1) (2)
EDSO (1) EDSO (1) EDSO (1)
Eurelectric (1) (3) Eurelectric (1) (3) Eurelectric (1) (3)
GEODE (1) GEODE (1) GEODE (1)
ENTSO-E (4) ENTSO-E (4) ENTSO-E (4)
Orgalime/T&D Orgalime/T&D Orgalime/T&D
ESMIG Digital Europe ESMIG
ANEC/BEUC (5) ANEC/BEUC (5) ANEC/BEUC (5)
SEDC SEDC SEDC
ENTSO-G (4) ETNO/GSMA ECOS
MARCOGAZ BEREC CECED
ETNO/GSMA ENCS EHC
BEREC EUTC ebIX
ebIX
Cyber Security in the Energy Sector – Clean Energy Package Contribution
Dear eTendering user
The following events occurred between 27/01/2017 22:00 and 07/02/2017 22:00
Call for Tenders "ENER/B3/2017-465" (id: 2120)
Feb 7, 2017 4:00:11 AM The Call for Tenders has been updated.
Call for Tenders: ENER/B3/2017-465 - Study on the evaluation of risks of cyber incidents and on costs of preventing cyber incidents in the energy sector.
This message has been sent by the eTendering application. Do not use the 'Reply'
function nor use this sender e-mail address. Please contact us using the contact link provided on the eTendering website.
Publications Office - eTendering: Calls for tenders from the European institutions
Call closes 10 April
Cyber Security in the Energy Sector – Clean Energy Package Contribution
http://ec.europa.eu/energy/en
http://ec.europa.eu/energy/en/topics/markets-and-consumers/smart-grids-and-meters