Study on the Evaluation of Risks of Cyber-Incidents and on Costs of preventing Cyber-Incidents in the Energy Sector

Fischer, Lars and Uslar, Mathias and Morrill, Doug and Döring, Michael and Haesen, Edwin
ENER/B3/2017-465, Study for the European Commission by ecofys, Navigant and OFFIS
The main objective of this study is to provide a consolidated view on main cyber threats and applicable cybersecurity frameworks in the European energy system, a suggested energy-focused risk management approach, and a set of regulatory recommendations with possible cost impact. This analysis is underpinned by a sound risk assessment methodology and application to the specificities of the European energy system to reasonable level, and benefits from inputs from stakeholders. The results provide a basis for policy makers to discuss this complex topic on national level and within international cooperation. It can also support the European Commission’s (EC) strategy building among others on the proposal to call for a network code on cyber security. The study considers various methods of risk management from European and international initiatives and presents approaches to conduct a risk analysis for stakeholders. It strongly integrates earlier guidance and tools from Mandate 4901 which has already proven its value in the context of standardisation.
10 / 2018
Smart Grid Cyber-Resilience Laboratory