At the second Energy Community cybersecurity day hosted by the Secretariat, experts provided insights into the latest developments in the cybersecurity domain and their implications for regulators, governments and industry in the Contracting Parties. Participants agreed that the digital transformation of the energy sectors can only succeed with strengthened cybersecurity capabilities in place and increased cooperation on cybersecurity issues at the level of the Energy Community and with EU Member States.
Speakers addressed the ongoing process of re-designing the cybersecurity landscape in the EU, outlining energy-specific regulations, guidelines and planned legislation. Supply chain security was closely observed and connected with the need to consider introducing industrial security programs, especially for the operational technologies applied in energy. The contents, structure and cross-border aspects of the forthcoming Cybersecurity Network Code, currently under development by the ENTSO-E, were presented and discussed. The role of information sharing and analysis centres was introduced based on the model of the European Energy ISAC with its custom information sharing platform and intelligence service, and the need for establishment of such mechanisms in the Energy Community was underlined. In the discussion on cybersecurity standards, the risk-based approach was proposed as most adequate for the complex energy environment.
The conference concluded by underlining that the Energy Community Contracting Parties are struggling to keep up with the extensive developments in EU cybersecurity policy. The expected adoption of the Clean Energy Package (new Electricity and Risk Preparedness Regulations) by the Ministerial Council later this year will be the first step in bridging this gap and pave the way for cybersecurity-specific acquis to become mandatory in the Energy Community.