The security policy program 2022 aims to help ENCS members prepare for the network code on cybersecurity and the revised NIS directive. The program covers security policies, regulations, and the development of Information Security Management Systems (ISMSs). Discover below what ENCS will focus on during the security policy program 2022.
Network code drafting
On 14 January 2022, this drafting team submitted the draft network code to ACER. ACER has six months to review the network code and provide an opinion to the European commission. Afterwards, the European commission will start the formal process to turn the network code into law.
ENCS will stay involved in the network code writing process. ACER has stated that they would value the continued support of the ENTSO-E and EU DSO drafting team. So, there may be an informal continuation of this team. Additionally, ENCS will prepare a position for the consultation that ACER will hold.
Prepare for European risk assessment
A key part of the network code on cybersecurity is that ENTSO-E and the EU DSO entity will perform a risk assessment at European level. The assessment will determine which entities and parts of entities are in scope, and what security controls entities must implement. So, it will determine what our members must do to comply with the network code.
To reduce the uncertainty that this process entails, ENCS would like to perform trial risk assessments, preferably together with ENTSO-E and the EU DSO entity. The goal of the trial risk assessment would be to determine the critical business processes in the electricity sector and the impact if these processes would be compromised. The results of these trial assessments will result in a position paper on what risk assessment methods could be used at European level.
ISMS expert group
We will continue the expert group on Information Security Management Systems (ISMSs) that was formed in the 2019 member project on information security management. The group supports information sharing between members setting up or using an ISMS. The focus was on certification according to the ISO/IEC 27001 standard which many members are using.
Updates on the revised NIS directive
ENCS will provide updates on the revised NIS directive. We will organize webinars and publish whitepapers when new version of the directive become available. The papers will analyze how the revised NIS directive corresponds to the original NIS directive and to the network code on cybersecurity.
Become an ENCS member
Are you interested in our cyber security programs? As an ENCS member, you can contribute to and learn from all our programs. Click below to learn more about our memberships.