Published by : DSO Entity + ENTSO-E
Short description of the Public Consultation: As laid down by Art. 56 of Regulation (EU) 2019/943, EU DSO Entity is entitled to conduct a public consultation. Your feedback on the new Cyber Risk Assessment Methodologies will help shape a practical and effective approach to identifying and managing cybersecurity risks. By participating, you contribute to making our networks safer and more resilient. Since the methodologies will apply to various entities, it is crucial for ENTSO-E and DSO Entity that they are clear and useful to them. Therefore, it has been decided to launch a public consultation to ensure that various stakeholders can have their say on the document before it is sent to the competent authorities for final approval.”
The public consultation can be accessed here.
Background information: The Network Code on Cyber Security (NCCS) is the first network code ever on cybersecurity. It lays down sector-specific rules for cybersecurity aspects of cross-border electricity flows.ws. It is important because it ensures a unified approach to protecting Europe's energy networks from cyber threats, enhancing resilience, and maintaining the stability and security of critical energy infrastructure. Furthermore, it helps mitigate risk and ensures consistent cybersecurity practices across the EU. “Under Article 18 of the Network Code for Cybersecurity (NCCS), the European Network of Transmission System Operators for Electricity (ENTSO-E) in cooperation with EU DSO Entity (DSO Entity) has developed a proposal for methodologies for cybersecurity risk assessment. The document contains methodologies for risk assessments at three levels: the Union-wide risk assessment, the regional risk assessment, and the risk assessment at Member State. No methodology is defined for risk assessments at entity level, as they may choose their own methodology if it complies with Article 26 of the NCCS.
The methodology, as stated in the NCCS, considers only the consequences to the grid’s operational security of cyber-attacks at each level. The aim of these methodologies is to ensure the consistent assessment of risk across the different levels defined by the NCCS.
Supporting documents:
1. Cyber Risk Assessment Methodologies
Next steps:
Two workshops will be held to present the Public Consultation process. See below the dates;
- 8th November from 15:00 to 16:30 (CET)
- 2nd December from 9:00 to 10:30(CET)
Results and deadlines: It is possible to participate to the public consultation until the 5 December 2024, while the results will be published in early January 2025.