Opened 14 January, 2025

Closed 14 February, 2025

Published by

DSO Entity & ENTSO-E

Public Consultation for Cyber–Attack Classification Scale Methodology

As laid down by Art. 56 of Regulation (EU) 2019/943,DSO Entity is entitled to conduct a public consultation. We’re inviting the public to provide feedback on a new Cyber-attack Classification Scale Methodology for identifying and classifying reportable cyber-attacks. Your input will help shape a practical and effective approach to identifying and classifying cyberattacks. By participating, you contribute to making our networks safer and more resilient.

The public consultation can be accessed here.

Background information: According to Article 37(8) of the NCCS (Network Code on Cybersecurity) Regulation, the TSOs, with the assistance of ENTSO-E for electricity and in cooperation with DSO Entity, shall develop a cyber-attack classification scale methodology by 13 June 2025. This document outlines the methodology for identifying and classifying reportable cyber-attacks. Specifically, the Cyber-Attack Classification Scale Methodology provides rules for classifying the gravity of a cyber-attack according to five levels, with the two highest levels being ‘high’ and ‘critical’ (the other three levels are defined as ‘important’,’medium,’ and ‘to follow’). It establishes criteria for high-impact or critical-impact entities to assess whether a cyberattack at the entity level is considered reportable according to Article 38(4) of the NCCS Regulation.

This crucial document sets out the rules for classification of the gravity of a cyberattack in accordance with the following parameters:

  • potential impact
  • root cause
  • severity.

The cyber-attack classification scale methodology will outline clear standards for classifying cyberattacks, ensuring an effective approach to identifying and categorizing them.

Supporting documents:

  1. Cyber attack classification scale methodology
  2. Supporting document for the cyber attack classification scale methodology

 

Next steps: the comments and feedback received during the public consultation will be analysed over the course of a month.

On 27 January 2025, a workshop will be organised to present the public consultation process. In March 2025, a new consultation will take place within DSO Entity, opening the final phase of approval in April, with the scheduled submission on 13 June 2025.

It is possible to participate in the public consultation until 14 February 2025, while the results will be published in early March 2025.