While cybersecurity is a growing concern for Europe’s power sector,
regulations, standards and training have not kept up with the fast-moving
evolution of today’s threats. A new collaboration between the European
Network for Cyber Security (ENCS) and transmission system operators’
network ENTSO-E aims to address the issue.
Anjos Nijk, managing director of the European
Network for Cybersecurity (ENCS), believes
awareness and training requirements are
crucial to cybersecurity in the power sector,
but he also believes that this process does not
only fow one way, from the security experts to
those working in the feld. It is also crucial for
security experts to deepen their knowledge of
the technology and processes they’re meant
to be protecting.
To this end, ENCS has signed a
memorandum of understanding (MoU) with
the European Network of Transmission System
Operators for Electricity (ENTSO-E). We spoke
with Nijk about what’s involved, and how the
two groups hope to boost the power system’s
resilience in the face of ever-mounting
Q: What was the impetus for this collaboration?
Anjos Nijk: ENCS is a membership
organization and its mission is to increase
the cybersecurity of its members, who are the
owners of critical infrastructure. We have our
own security experts and team up directly with
experts from each domain to identify where
the issues are and work with them to address
When we started to do so in 2012, we found
fairly quickly that it’s really important that
you focus on domain expertise to combine
with security expertise. So we decided to get
started with a focus on DSOs, as it is obvious
that the grid is an entire connected system
and becomes more connected every day.
The TSO community have a very important
role as they are responsible for balancing, so
they are a very important group for us to focus
on as well. We’ve built on connections with the
TSO community which initially materialized in
When we teamed up with ENTSO-E, they
identifed people from the European TSOs
for whom it would be helpful to get this
training, both through education and raising
awareness, and through hands-on exercises.
This worked out well, and so a next session
followed with another specialists group from
Q: What kinds of regulations, practices and
standards are needed?
A: From the perspective of technology
standards, it’s most important to address the
security requirements in the right way. What
happens nowadays is various standards
related to national specifcs. In some cases
security has been looked into and in others
not, or in a very limited way, so there is also
lobbying from the industry because for every
manufacturer it is very convenient and a
good thing business-wise if their proprietary
standard becomes accepted as a general
standard. But this does not necessarily mean
that the security is covered in the right way.
So to get this discussion to where we
can address the issues from the experts, we
bring security requirement sets developed by
ENCS in collaboration with the operators into
standardization groups – we provide experts to
have discussions with other specialists so they
are taken into account in new standards. So
this has been an approach ensuring that our
work and expertise in cybersecurity informs
these regulations and standards.
Q: How will ENCS and ENTSO-E work together?
A: We’ve already worked together, and in the
working group we are looking into the network
code, so it makes a lot of sense to extend this
It also has to do with requirements that we
create for the systems themselves. We’ve done
that in domains that are relevant for TSOs as
well: for example minimum sets of security
requirements that you need for substations.
We’ve already done a lot in the DSO domain
on security monitoring, electrical vehicle
charging etc. and on other topics as well.
There is quite some knowledge build-up that’s
The issue is awareness and understanding,
then training for people to learn where the risks