Sharing threat intelligence across EU: Harmonization and new Network Code on Cybersecurity


The electricity grid and gas transport pipelines are strongly interconnected across Europe. Energy reliability is a pan-EU issue across countries; a single failure in one energy system can have a potential cascading effect across regions, as shown in a major European blackout in 2006, caused by a planned disconnection of a transmission line and inadequate security analyses by system operators [1]. Additionally, Non-EU countries such as Norway and Switzerland are connected to the European electricity network and they follow similar technical guidelines will interconnected with Europe.

Cyber-attacks on the electricity networks do not respect geographical borders and an EU or nation-wide attack can have an EU-wide impact, through the interconnected panEU transmission backbone. The focus of cyber security in the electricity supply sector is to support the reliability and resilience even in the event of a cyber-attack. Unlike IT systems, a control system that is under attack cannot be easily disconnected from the electricity network as this could potentially result in safety issues, brownouts or even blackouts.

EU harmonization in internal energy market: In order to harmonize and liberalize the EU’s internal energy market, measures have been adopted since 1996 to address market access, transparency and regulation, consumer protection, supporting interconnection, and adequate levels of supply. In the electricity market, the basic means of rules harmonization are the Network Codes. These are sets of rules drafted by ENTSO-E (European Network of Transmission System Operators of Electricity), with guidance from the Agency for the Cooperation of Energy Regulators (ACER), to facilitate the harmonization, integration and efficiency of the European electricity market. Each Network Code is an integral part of the drive towards completion of the internal energy market and achieving the European Union’s energy objectives.

Development of harmonized electricity rules- Network Code for Cybersecurity: According to the Regulation (EU) 2019/943 of the European Parliament and of the Council of 5 June 2019 on the internal market for electricity, the Commission has identified Cybersecurity as a key area for rules harmonization. To address potential cyber threats and to be fit for the digital age, Article 59(2)(e) of the Electricity Regulation provides for the establishment of a network code on sector-specific rules for cyber security aspects of cross-border electricity flows, including rules on common minimum requirements, planning, monitoring, reporting and crisis management. Through a open consultation process the European Commission has welcomed the feedback of stakeholders on the need and adequate scope of new electricity network codes on cybersecurity [2]. Stakeholders have already publicized their opinion to the public [3]