The Workshop aims at reviewing the current state of thinking on the economics of cybersecurity for the energy sector; trying to identify how cybersecurity investments should be evaluated from an economic perspective and how their effectiveness measured.
It also assesses whether the current approach to the economic regulation of the energy sector is suitable for addressing cybersecurity and its costs, or whether a new regulatory paradigm is necessary to tackle the upcoming challenges.
With this Workshop, the Florence School of Regulation intends to promote the development of a shared view on possible regulatory paths which can help the energy sector to enter smoothly in the Industry 4.0 age; and contributes to the implementation of the energy sector’s Digital Agenda.
The move towards “Industry 4.0” – comprising cyber-physical systems, Internet of Things, cloud computing and cognitive computing – is providing the opportunity to integrate unrelated systems across industry sectors, as well as merging data flows together with new industry operations. The higher level of efficiency and production’s optimisation also results in lower costs for end-consumers.
Digitalisation also created new challenges: moving all systems to cyberspace generated the need to manage risks related to cyber threats and vulnerabilities, which, in highly integrated and digitalised systems, could potentially widespread consequences and affect the entire energy sector, including consumers, if not the economy as a whole. Cybersecurity will, therefore, be implemented both on the Operational Technology and on the Information Technology sides – as they are increasingly interacting and include processes (such as smart metering), that involve millions of remote terminals, all potentially vulnerable to cyber-attacks.
Cybersecurity thus becomes a relevant aspect that should be factored into the economics and regulation of the energy sector. Cybersecurity also represents a cost, spanning across generation, transportation and distribution, which not all market participants are already familiar with. As this cost pertains to most infrastructures, it is necessary to address the way in which cybersecurity and digitalisation may change the economics of the energy sector and markets; also considering that cybersecurity measures might have to be adapted and updated more frequently than infrastructures where they are implemented.
Cybersecurity also introduces new notions divergent from familiar regulatory logic, that might be difficult to incorporate in current regulatory approaches. The novelty of these notions implies that regulators and regulated companies might find it difficult to agree on a common paradigm when considering cybersecurity standards and investments. Cybersecurity expenses might be very significant as they can have both an effect in terms of improving actual security, but also, a deterrence effect.
Lack of established standards may make it difficult for regulators to recognise the importance of cybersecurity factors and the “prudently incurred” costs to address them. Regulators need to develop cybersecurity metrics, establish standards based on these metrics and identify the most appropriate regulatory approach.
This workshop is exclusively open to national regulators, representatives from public bodies and associate & major donors of the FSR Energy area.