The security policy program 2023 aims to develop and share knowledge to security officers responsible for organizational security measures. It covers security policies, regulation, and the development of information security management systems (ISMSs). Discover below what ENCS will focus on during the security policy program 2022.
EU Regulations
There are many developments ongoing on European cybersecurity regulations:
- An agreement was reached on a revised NIS directive in 2022. The directive will go into force in 2023, and will have to be transposed into national law in the coming two years.
- The network code on cybersecurity was submitted by ENTSO-E and reviewed by ACER in 2022. It is now under review by the European Commission and is expected to go into force in the first half of 2023. ENTSO-E and the EU DSO entity have already started preparing the methodologies.
- The Commission proposed an ambitious act that would require all products with digital element to meet certain essential security requirements, the cyber resilience act. In 2023, the Parliament and Council will react to this proposal, and gather input from stakeholders.
We will keep our members informed about the regulator developments through webinars. We will support the EU DSO entity and ENTSO-E as official DSO and TSO representatives in formulating input into consultations.
Table top exercises
In 2023, we will work on developing table top exercises for responding to security incidents in critical grid systems.
The goal of the exercises will be to practice the incident response processes. The processes involve both security experts, such as SOC and CSIRT staff, security officers and operational grid specialists, such as control center operators, substation engineers, and crisis managers. It is important that everyone involved knows their responsibilities, and who they should communicate with in case of an incidents.
We will first develop a script for exercises at members. The script includes the rules for the exercise and the injects that will be sent to the participants.
In the second half of 2023, we will organize an exercise involving all ENCS members. The goal of this exercise is to simulate a cross-border incident and practice the collaboration between the SOC and CSIRT teams at the involved grid operators.
Become an ENCS member
Are you interested in our cyber security programs? As an ENCS member, you can contribute to and learn from all our programs. Click below to learn more about our memberships.