Cybersecurity challenges and regulation opportunities for OT systems in Energy sector

Cybersecurity challenges and regulation opportunities for OT systems in Energy sector

The latest EU Cybersecurity Strategy, including the revision of important directives such as the Directive on Security of Network and Information Systems (NIS 2 Directive)1 and the Critical Entities Resilience (CER) Directive2, focuses on European infrastructure and industry resilience and emphasizes the importance of having robust processes for risk management and business continuity.

These European initiatives are complemented by sectorial regulations, such as the upcoming Cybersecurity Network Code3 and with the increasing and planned portfolio of certification schemes being developed by ENISA in the context of the EU Cybersecurity Act. This activity shows great potential and positive contribution to improve the security of system and products and contributes to the objective of greater resilience across the energy sector. T&D Europe recognizes the importance of such initiatives and, with its members, has been actively working and contributing on electrical infrastructure resilience and cybersecurity for many years. T&D Europe members, working alongside grid operators and regulators, are regular contributors in various European initiatives aimed at finding effective solutions to cyber security problems. In this regard,

T&D Europe and its members have been continuously highlighting the importance of paying special attention to the Operational Technology4 (OT) systems security of the installed base and associated digital equipment that are supporting today’s electrical grid. These digital components play important roles in grid protection and control and comprise equipment such as protection relays, controllers, communication equipment, RTUs, man machine interfaces, mobile apps and other accessories necessary for the system’s specific mission. Currently these components are integrated in physically dispersed OT Systems located in utilities’ service perimeter areas.

With regard to the system’s mission, it is relevant to point out that these assets can be of critical importance for grid stability which, due to the strategic function of power transmission and its role in cross border energy exchange, means that vulnerabilities can have an amplified consequence at grid level.