6 Cybersecurity, Interoperability and Data

The current framework for digital activities in ENTSO-E is provided by its IT Strategy, which was approved in 2017. The ENTSO-E IT Strategy has clearly identified ­interoperability and cybersecurity as two of the founding capabilities for ENTSO-E’s information systems. This has led to the development of an ENTSO-E Cyber­security Strategy that was approved in the first quarter of 2019. In this context, relevant activities are steered as detailed in the following paragraphs.

Cybersecurity

Protecting TSOs’ systems and network operation tools against cyber-attacks is of paramount importance for system security. For several years now, ENTSO-E has been acting as a platform for the sharing of best practice between TSOs. The entry into force of the CEP tasked ENTSO-E with the mandate to promote cyber security and data protection in cooperation with relevant authorities and regulated entities (Art. 30.1.n Reg. 943/2019).

Key dates & documents

19 Feb 2021: Publication of the Recommendations for the European Commission on a Network Code on Cybersecurity

22 July 2021: Publication of the ACER’s Framework Guideline

12 Nov – 10 Dec 2021: Public consultation on the Network Code on Cybersecurity

Under the framework of the Connecting Europe Facility (CEF) project, ENTSO-E carried out the following cybersecurity activities:

  • Activity 1: Cybersecurity design:
    • ISO 27001 TSO Scope & Secure Software Development Lifecycle (SSDLC)
    • Risk Impact Matrix & Data Classification
    • Supply Chain security & procurement
    • Tech. & operation cybersecurity standards
  • Activity 2: Identify requirements for a cybersecurity testing facility
  • Activity 3: Identify requirements for a Cyber Security Operations Centre

Moreover, ENTSO-E performed cyber risk assessments on the main ENTSO-E legally mandated IT platforms: CGM, EAS, Transparency Platform and OPC/STA. Regarding the latter, ENTSO-E performed external penetration testing to confirm the effectiveness of the overall security.

ENTSO-E also participated in the informal drafting team of the Network Code on Cybersecurity (composed of TSOs and DSOs under the EC leadership), which culminated in the publication of the “Recommendations for the European Commission on a Network Code on cybersecurity” in February 2021. Following the publication of the Framework Guideline by ACER, the formal drafting process of the Network Code on Cybersecurity started on 27 July 2021. The Network Code on Cybersecurity was co-drafted by ENTSO-E and the EU DSO Entity and, between November and December 2021, ENTSO-E conducted a public consultation on the Network Code proposal and organised two public workshops18.

In October 2021, ENTSO-E, together with E.DSO and ENCS, hosted the 4th edition of their Cybersecurity event “Enhancing our grid resilience” discussing the challenges of increasing volume and the sophistication of malicious acts towards the European energy grid and how the Network Code on Cybersecurity will enhance our grid resilience.

18 ENTSO-E and the EU DSO Entity submitted the final proposal for the Network Code on Cybersecurity on 14 January 2022.
These developments are outside the scope of this Report and will be covered in the Annual Report 2022, to be drafted next year.

Data exchange standards: Ensuring pan-European interoperability

Standards facilitate cross-border exchange and allow for the efficient and reliable identification of different objects and parties relating to the internal energy market and its operations. Standards also support the implementation of network codes in various ways, and several of ENTSO-E’s IT tools and data environment, such as the OPDE, rely on standards. In accordance with Art. 30.1.k of the Electricity Regulation (943/2019), ENTSO-E should contribute to the establishment of interoperability requirements and non-discriminatory and transparent procedures for accessing data.

ENTSO-E develops and maintains an Electronic Data Interchange library to enable interoperability between actors in the electrical industry in Europe.

The main standardisation activities in 2021 included the development of the Common Information Model (CIM) and implementation guides to support data exchanges required from the Network Codes, work on international standards, updating the CGMES, maintaining the harmonised role model, following-up on the implementing acts on data and interoperability, implementing Art. 55(2)(a, b, c) of the IEM regulation and Art. 24 of the IEM Directive, and training activities for the TSO–RSC community.

In June 2021, CGMES was published as an International Standard by the International Electrotechnical Commission (IEC).

Key dates & documents

4 Jun 2021: Publication of the CGMES as an International Standard ( Part 1Part 2 )

The transition towards a more sustainable society implies the electrification of sectors such as transport (e. g. electric vehicles) or heating. To work efficiently, this evolution will require more data to be collected, e. g. about individual behaviours and preferences. Cyber­security will be the key to building the required trust for all stakeholders to embrace this evolution.

Download

ENTSO-E Annual Report 2021

This Annual Report covers the period January to December 2021. It focuses on the legal mandates given to ENTSO-E and on the Pan European All TSOs tasks, facilitated by ENTSO-E. The activities covered in this report were performed thanks to the 42 members of ENTSO-E who provide its financial resources and whose staff provides expertise to the Association.

Chapters:

  1. System Operation
  2. Market
  3. System Development
  4. Transparency Regulation
  5. Research, Development and Innovation
  6. Cybersecurity, Interoperability and Data
  7. TSO–DSO partnership and demand side flexibility
Download Full Report (PDF, 10 Mb)