1. EU’s new network code on cybersecurity for the electricity sector aims to improve cyber resilience of critical energy infrastructure and services.
2. Digitalization of energy system brings new demands for cybersecurity covering whole value chain, from production to distribution.
3. Network code establishes governance model for cybersecurity risk assessments, common electricity cybersecurity framework, and rules for cybersecurity exercises for critical impact entities.
The EU’s new network code on cybersecurity for the electricity sector aims to improve the cyber resilience of critical energy infrastructure and services as digitalization increases. The code covers a range of topics, including governance models, cybersecurity risk assessments, and common electricity cybersecurity frameworks for entities with different levels of impact. It also addresses cybersecurity procurement, information sharing in the event of a cyber attack, and rules for cybersecurity exercises every three years. The code was a key deliverable of the energy system digitalization action plan and was developed with input from various stakeholders.
The focus is on cross-border electricity flows, which are central to the single market and require cooperation between different parties at national and regional levels. Entities that have a direct impact on these flows are categorized as having high or critical impact, depending on the potential impact of cyber attacks on their processes or operations. The code also establishes rules for the procurement of ICT products and services, as well as information flows and crisis management post-cyber attack. Overall, the code aims to strengthen cybersecurity measures across the electricity sector in the EU.