The operations program aims to develop and share knowledge to security operations analysts responsible for detecting vulnerabilities and incidents. It covers vulnerability management, technologies and use cases for detecting attacks, incident response, and organization of SOC or CSIRT teams. In 2026, we will work on incident response trainings, in particular for OT.
Incident response and crisis management
As seen in recent attack techniques, incident response in the energy sector now have to assume coordinated, multi-domain attacks that hit substations, renewable plants and cloud environments in a single campaign. For TSOs and DSOs, this means cyber playbooks and field operations should go hand-in-hand to maintain grid stability while restoring capabilities when destructive actions or firmware tampering are suspected.
Crisis management, on the other hand, focuses on technical and organized response towards incidents considered as emergencies rather than isolated cyber incidents, depending on its magnitude. In the events of a crisis, relevant entities must work together to identify the cause, understand the impact, and decide on contingency measures.
In this activity, we will study and analyse legal requirements and identify best practices for incident response and crisis management. We will also host our bi-annual operations training as part of this activity.
Become an ENCS member
Are you interested in our cyber security programs? As an ENCS member, you can contribute to and learn from all our programs. Click below to learn more about our memberships
