Trending

News

Proposed Cyber Risk Assessment Methodologies for Europe

Proposed Cyber Risk Assessment Methodologies for Europe
Listen to this article

European TSOs, with ENTSO-E’s guidance and collaboration from the DSO Entity, have released cyber risk assessment methodologies for public consultation. These frameworks target Union, regional, and member-state levels, providing structured approaches for cybersecurity risk assessments specifically affecting the operational security of the power grid.

Each level of assessment is focused solely on the potential impact of cyber events on grid operations, such as disruptions to cross-border electricity flows, excluding legal, financial, or reputational impacts. Furthermore, only cyber incidents with clear malicious intent are considered, while those stemming from non-malicious causes are outside the scope.

These assessments aim to pinpoint processes that could influence the grid’s operational security and evaluate the possible outcomes of a cyberattack on the confidentiality, integrity, or availability of critical information within these processes. A priority is placed on identifying ‘high-impact’ and ‘critical-impact’ processes based on predefined thresholds.

At the Union and regional levels, ENTSO-E and the DSO Entity will lead the assessments, with the latter aggregating findings from member-state evaluations, which are managed by local competent authorities. These evaluations will also review cybersecurity measures, document cyber incidents and threats, and offer recommendations to mitigate identified risks.

These methodologies are rooted in the Network Code on Cyber Security, which establishes cybersecurity standards for cross-border electricity flows, aiming to unify Europe’s approach to securing energy infrastructure. This ensures that EU energy networks are resilient against cyber threats, enhancing stability and security across the sector.

The methodologies are expected to bring consistency to risk assessment practices across the Union, bolstering Europe’s overall cybersecurity posture in the energy domain.

There is no predefined methodology for risk assessments at the entity level; entities have the flexibility to choose their own methodologies, provided they comply with the Network Code on Cyber Security.

The public consultation period will be open for one month, ending on December 5, 2024, with results anticipated for release in early January 2025.
Cyberkitera

Cyberkitera is a premier cybersecurity publishing platform dedicated to providing the latest insights, expert security tips, and news across all areas of cybersecurity. Our mission is to empower individuals and businesses with knowledge to prevent cyber threats, stay informed about emerging trends, and safeguard their digital assets. From industry updates to practical advice on protecting against cyber attacks, Cyberkitera is your trusted source for staying ahead in the ever-evolving world of cybersecurity.

view all posts

Related Posts

Post Comment

You May Have Missed