An approach to cost definition for the implementation of cybersecurity in electricity critical infrastructures

In the field of public services, defining costs of CS implementation is vital for both firms and for regulators: - Firms need to know whether implementing CS is a sustainable operation, given actual tariffs and prices. - Regulators have the fundamental need of understanding the effort imposed to firms when a specific regulation is imposed, and whether this effort should be compensated. Regulation is necessary because in public services and critical infrastructures, in particular when these are organized in the form of competitive markets, the societal interest to invest on security is higher than the incentive for companies. International regulation is necessary because the EU power system is interconnected: one vulnerability on the most remote node weakens the whole system. Minimum security requirements have to be imposed to new operators entering in the European Energy Community . This presentation illustrates an approach to cost definition and cost estimantion to assess the economic impact of a cybersecurity regulation for electricity critical infrastructures.