Cybersecurity and energy leaders join forces to protect EU power grids

Europe’s top energy, cybersecurity, and technology leaders joined forces in Brussels for the 8th Cybersecurity Forum on Thursday to discuss ways to strengthen resilience and prevent attacks against Europe’s interconnected power grid.

The annual twenty-four-hour marathon forum, Securing the Grid: Cyber Threats, Challenges and Actions in a Connected World, kicked off at 12:00 a.m. local time on Thursday and will end one minute before midnight on Friday.

“As geopolitical tensions grow and the digitalization of the energy sector advances, strengthening the cybersecurity of Europe’s energy infrastructure is more important than ever,” said the European Union Agency for Cybersecurity (ENISA), one of the conference's main organizers.

More than 200 participants from the European Commission, national regulators, power transmission and distribution system operators, and the cybersecurity community will discuss how new EU frameworks are “reshaping the way Europe secures its increasingly digital and decentralised grids.”

Sector experts will explore various topics, including how Europe can accelerate the implementation of new cyber regulations, how to enhance cooperation between public and private stakeholders, and address the security challenges posed by evolving supply chains and digital technologies, according to ENISA.

A central theme – translating regulation into real-world protection – would highlight three recently passed European frameworks.

First, the Cyber Resilience Act (CRA), which essentially puts the onus on an organization’s C-suite for any security and/or data breaches. Next, the NIS2 Directive, the EU’s updated Cybersecurity Framework, and finally the Network Code on Cybersecurity (NCCS), which aims to set a European standard for the cybersecurity of cross-border electricity flows.

War in Ukraine used as case example

As part of the event, cybersecurity expert Oleksiy Tkachenko of the National Cybersecurity Coordination Center of Ukraine presented research on hybrid warfare, examining the cyber threats posed to the Ukrainian power grid since the conflict with Russia, dating back to the 2015 Black Energy power outage in western Ukraine.

As critical energy systems are increasingly digitalized, Tkachenko points out how integral cybersecurity has become to national resilience, and how a major disruption to the power grid can not only sow panic among the people and influence public opinion, but also undermine public trust in government and destabilize democratic institutions.

The European Network for Cyber Security (ENCS), also a sponsor, put on a live demonstration showing how security gaps in IoT consumer-energy devices and their technologies can easily be exploited to disrupt power systems.

Devices such as EV chargers, PV inverters, and home batteries will be used for the demo – proving that when these devices “scale to hundreds of gigawatts of controllable capacity by 2030, cybersecurity must be integrated from design to deployment,” ENCS says.

Focused on collaboration, two panel sessions put forth ideas on standardizing best security practices for the energy sector, improving information sharing between stakeholders, and strengthening coordination between operators, regulators, and suppliers.

“The resilience of European energy grids depends on a shared commitment to implement current legislation and best practices in cybersecurity in energy”, said Michaela Kollau, Policy Officer at DG Energy, in the conference's closing statement message.

Other main sponsors of the event include the Association of European Distribution System Operators (E.DSO) and the European Energy – Information Sharing & Analysis Centre (EE-ISAC).