logo-eui RSCAS
FSR

Cybersecurity in the Energy Sector: Where are we? What’s next?

The increasing digitalisation of the energy sector, together with bringing new technological innovations, has made cybersecurity a crucial factor when discussing the future of the Energy Sector. Both energy and information and communication technologies are now mutually essential and interdependent, and the importance of protecting and monitoring critical energy infrastructures is growing. The cyber-attack on local electric utility in Ukraine in December 2015 is a clear example of the risks the industry is required to manage to provide a competitive and secure service to its customers. It emphasised the necessity to bring cybersecurity to the forefront of the EU Agenda.

Given cybersecurity’s growing relevance, the Florence School of Regulation dedicated the third meeting of its ‘Regulatory Policy Workshop Series’ to ‘Cybersecurity in the Energy Sector’. The event took place on Friday 24th March 2017 in Florence.

Nicolò Rossetto from the Florence School of Regulation asks Annabelle Lee from the Electric Power Research Institute a couple key questions regarding cybersecurity in the Energy Sector from a U.S. perspective.

 

The workshop reviewed the current state of cyber security in the energy field and identified the main risks, the emerging threats and the latest developments occurring around the world. At the European level, the event focused on the implementation of the recent NIS Directive and the new provisions that have been brought forward by the “Clean Energy for all Europeans” Package released last 30 November 2016 by the European Commission.

Among the interesting conclusions which emerged, the two most important were recognising that energy companies are slowly becoming aware of the relevance of cyber security as well as the need to invest in human and software resources. Ensuring the security of the entire energy system should become one of the central objectives, especially in European regulation.

Specific skills are necessary for dealing with cyber-attacks and staff will have to be trained to manage private information and ICT systems carefully. Unfortunately, the lack of an adequate communication and educational training on data protection and privacy for end customers also exposes households and businesses to significant risks that could otherwise be easily avoided and prevented.

The EU now has the opportunity to establish itself as a frontline actor in the international scenario and cooperate with the other relevant stakeholders to ensure a more secure energy sector.