As Cyberattacks on Critical Infrastructure Continue, European Cybersecurity Agency Issues Guidance to Energy Sector


Europe’s main cybersecurity agency issued a report on cybersecurity information sharing in the energy sector, which is among the critical infrastructure-related sectors that continue to be inundated with cyberattacks.

The World Energy Council—the United Nations-accredited global energy body—found in a 2016 report that cybersecurity presents a unique risk to the energy sector in particular, and that companies are recognizing cybersecurity as a core risk where “there is insufficient information sharing among industry members and across energy sectors on cyber experiences.”

The European Union Agency for Network and Information Security’s (ENISA’s) report seeks “to understand and learn the development” of Computer Security and Incident Response Teams (CSIRTs), Information Sharing and Analysis Centres (ISACs) and “initiatives on information sharing on cyber security incidents in the energy sector by focusing on the sectors identified” in the European Union’s NIS Directive, such as electricity, oil, gas, nuclear and alternative fuels.

ENISA found that ISACs aren’t widely developed in Europe, and that CSIRTs widely developed, but not many focus on incident management in the energy sector. ISACs, CSIRTs and other information sharing initiatives in the energy sector should be further developed and promoted, and that many companies aren’t aware of the initiatives, good practices or the value of information sharing practices.

The report recommends that energy companies invest in cybersecurity and cybersecurity education throughout entire organizations, making sure that upper-level management is more involved and aware of cybersecurity issues.

Also, ENISA encourages energy companies to promotes ISACs, CSIRTs and other information sharing initiatives by “showing the added value of their initiative in an informal and trustful way.”

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.