Throughout the world, countries are increasingly facing cybersecurity threats and challenges. Several cybersecurity vulnerabilities became visible during 2017 and several of those were relevant for the energy sector, with a few even specifically targeting this sector. The energy sector is undergoing substantial changes in infrastructure, in the structure of the markets and in cyber security. With evolving cyber threats, our infrastructure is increasingly vulnerable to disruptive or destructive attacks. Though beneficial to both industries and end users, the introduction of advanced technology and modernization to power systems also introduces a whole new set of vulnerabilities that can be exploited by cyber-attacks. In addition, new technologies provide big data to TSOs/DSOs and suppliers. Big data often contain personal information which is distributed amongst different companies. Privacy therefore becomes a concern. Cybersecurity needs to be implemented in order to ensure data management and privacy. A cybersecurity breach concerning energy data may lead to data disclosure, integrity violation or data unavailability. Regulators must prepare for this new reality by understanding their roles and responsibilities and by taking the necessary steps to improve cyber preparedness of utilities and ensure data protection and privacy. As regulators are tasked with evaluating the investments of utilities, approving tariffs and ensuring the resiliency and reliability of the grid, it is critical for regulators to understand not only all the dimensions of cybersecurity, but also the best methods to tackle this issue from a regulatory perspective. It is within the bailiwick of regulators to decide upon acceptable costs of regulated monopoly grid operators. This CEER event aims to provide technical experts from National Regulatory Authorities with an overview of the latest policy developments in cybersecurity and practical experiences on the technical aspects of cybersecurity risk management and preparedness in Europe. It will focus on the economics of cybersecurity and how to translate the needs into policies and regulations. The programme will also explain the links between cybersecurity and data management and privacy and how cybersecurity could be enhanced to ensure data protection and privacy. The presentation focuses on the economics of cybersecurity: discussing that needs have to be translated into policies and regulations affecting the energy markets. It touches the following topics: o Enhancing cybersecurity in different regulatory frameworks o The "Quality Like" Model: regulating cybersecurity with performance; o Metrics on cybersecurity: helping in understanding the trends; o Evaluating effectiveness of cybersecurity activities: who, how and when.
Economics of cybersecurity: translating needs into policies and regulations affecting the energy markets
Elena Ragazzi
2019
Abstract
Throughout the world, countries are increasingly facing cybersecurity threats and challenges. Several cybersecurity vulnerabilities became visible during 2017 and several of those were relevant for the energy sector, with a few even specifically targeting this sector. The energy sector is undergoing substantial changes in infrastructure, in the structure of the markets and in cyber security. With evolving cyber threats, our infrastructure is increasingly vulnerable to disruptive or destructive attacks. Though beneficial to both industries and end users, the introduction of advanced technology and modernization to power systems also introduces a whole new set of vulnerabilities that can be exploited by cyber-attacks. In addition, new technologies provide big data to TSOs/DSOs and suppliers. Big data often contain personal information which is distributed amongst different companies. Privacy therefore becomes a concern. Cybersecurity needs to be implemented in order to ensure data management and privacy. A cybersecurity breach concerning energy data may lead to data disclosure, integrity violation or data unavailability. Regulators must prepare for this new reality by understanding their roles and responsibilities and by taking the necessary steps to improve cyber preparedness of utilities and ensure data protection and privacy. As regulators are tasked with evaluating the investments of utilities, approving tariffs and ensuring the resiliency and reliability of the grid, it is critical for regulators to understand not only all the dimensions of cybersecurity, but also the best methods to tackle this issue from a regulatory perspective. It is within the bailiwick of regulators to decide upon acceptable costs of regulated monopoly grid operators. This CEER event aims to provide technical experts from National Regulatory Authorities with an overview of the latest policy developments in cybersecurity and practical experiences on the technical aspects of cybersecurity risk management and preparedness in Europe. It will focus on the economics of cybersecurity and how to translate the needs into policies and regulations. The programme will also explain the links between cybersecurity and data management and privacy and how cybersecurity could be enhanced to ensure data protection and privacy. The presentation focuses on the economics of cybersecurity: discussing that needs have to be translated into policies and regulations affecting the energy markets. It touches the following topics: o Enhancing cybersecurity in different regulatory frameworks o The "Quality Like" Model: regulating cybersecurity with performance; o Metrics on cybersecurity: helping in understanding the trends; o Evaluating effectiveness of cybersecurity activities: who, how and when.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
