On 24 March, a high-level roundtable on the 'Main Challenges for Cybersecurity in the Energy System' took place as part of the Digital Day, the digital part of the celebrations marking the 60th anniversary of the Treaties of Rome and preparing for forthcoming G7 discussions on cybersecurity.

Roberto Viola addressing the Roundtable meeting

European Commission Director-General for Energy, Dominique Ristori, and European Commission Director-General for Communications Networks, Content and Technology, Roberto Viola (pictured), welcomed representatives from EU governments, academia and industry to discuss the challenges faced by the energy sector in cyber security and the key elements of a European cyber security strategy.

The speakers and participants discussed how to best address cyber security challenges in the energy sector, how to work towards an energy system that is robust against cyber security attacks of all kind. Security of supply and cyber security go hand in hand and are two sides of the same coin. Energy infrastructure is inarguably one of the most complex and most critical infrastructures of a modern society and serves as the backbone for its economic activities and for its security. Digital technologies play an increasingly important role in energy infrastructure and are used to control energy production, transmit information on consumption, and monitor demand. To ensure security we have to cover the whole energy chain as well as putting a strong emphasis at the transmission and distribution grid. On a more political level, cooperation and more rapid information-sharing mechanisms among key players are needed to prevent, respond to, and contain cyber incidents directed at our energy infrastructure.

The key conclusions of the roundtable were:

Cyber security in the energy sector has its specificities

In our energy networks, traditional industrial control systems are being more and more connected, exposing them to new cyber threats.  In addition, new and smart technologies are pushing in at the consumer end, and not all of them are designed with cyber security in mind. This combination of legacy and future technologies requires specific solutions in the energy system that cannot be copied from other areas with different needs (e.g. the internet). A concrete action on certification was also called.

The importance of information technology suppliers

Both, power grid operators and consumers are bound to information technologies that are typically not produced by themselves, and very often originate from outside Europe (e.g. the US, South-East Asia). Suppliers of information technologies to the EU energy system must be bound to clear obligations to provide their products and services with a well-defined, high level of cyber security.

Ensure the right balance between cyber security, data protection and economic growth

Cyber security and data protection requirements must not hinder innovation or prevent businesses from settling in Europe, as data analysis is at the core of the future automated and smart energy system. The European market must be made secure without decreasing competitiveness or banning business models based on big data analysis.

Address IT skills shortage

A robust security strategy requires a skilled workforce. The current lack of cyber-security professionals is an additional factor that increases the vulnerability of our energy network. Therefore more actions are needed to put in place adequate training and education programmes.