6 Cybersecurity, Interoperability and Data

The current frame for digital activities in ENTSO-E is provided by its IT Strategy, which was approved in 2017. The ENTSO-E IT Strategy has clearly identified interoperability and cybersecurity as two of the founding capabilities for ENTSO-E’s information systems. This has led to the development of an ENTSO-E Cyber Security Strategy that was approved in the first quarter of 2019. In this context, relevant activities are steered as detailed in the following paragraphs.

Cyber-security

Protecting TSOs’ systems and network operation tools against cyber-attacks is obviously of paramount importance for the security of electricity supply. For several years now, ENTSO-E has been acting as a platform for the sharing of best practice between TSOs. The entry into force of the CEP tasked ENTSO-E with the mandate to promote cyber security and data protection in cooperation with relevant authorities and regulated entities (Art. 30.1.n Reg. 943/2019).

Under the framework of the Connecting Europe Facility (CEF) project,
ENTSO-E carried out the following cybersecurity activities:

  • Activity 1: Cybersecurity design
    • ISO 27001 TSO Scope & Secure Software
    • Development Lifecycle (SSDLC)
    • Risk Impact Matrix & Data Classification
    • Supply Chain security & procurement
    • Tech. & operation cybersecurity standards
  • Activity 2: Identify requirements for a cybersecurity testing facility
  • Activity 3: Identify requirements for a cybersecurity
    operations centre

Moreover, ENTSO-E performed cyber risk assessments on the main ENTSO-E legally mandated IT platforms: CGM, EAS, Transparency Platform and Outage Planning Coordination/Short Term Adequacy Assessment Process (OPC/STA). Regarding the latter, ENTSO-E performed external penetration testing to confirm effective overall security.

In October 2020, ENTSO-E, together with E.DSO and ENCS, hosted the 3rd edition of their cybersecurity event “Cybersecurity: Data Sharing”. Leading cybersecurity experts from the grid operator community, public organisations and industry discussed current and emerging threats, the main challenges connected to data sharing, the Cybersecurity Act and the Network Code on Cybersecurity.

ENTSO-E also participated in the informal drafting team of the Network Code on Cybersecurity (composed of TSOs and DSOs under the EC leadership1). The working group proposed recommendations on cross-border cyber risk assessment and management, ISO/IEC 27001 certification or proof of equivalence, common functional and non-functional security controls and requirements, Product Assurance Scheme, and information sharing.

Finally, due to the cybersecurity incident that took place in 2019, in 2020 ENTSO-E redesigned and rebuilt its IT-infrastructure, which were subjected to two external penetration tests and which are now considered highly secure. ENTSO-E also invested in new security tools to continuously monitor for breaches in security.

1 Discussions culminated with the publication of the final report in February 2021.

Data exchange standards:
Ensuring pan-European interoperability

Standards facilitate cross-border exchange and allow for the efficient and reliable identification of different objects and parties relating to the internal energy market and its operations. Standards also support the implementation of network codes in various ways, and several of ENTSO-E’s IT tools and data environment, such as the OPDE, rely on standards.

In accordance with Art. 30.1.k of the Electricity Regulation (943/2019), ENTSO-E should contribute to the establishment of interoperability requirements and non-discriminatory and transparent procedures for accessing data.

ENTSO-E develops and maintains an Electronic Data Interchange library to enable interoperability between actors in the electrical industry in Europe.

The main standardisation activities in 2020 included the following:

  1. Development of the Common Information Model (CIM) and implementation guides to support data exchanges required from the Network Codes. This will include support for the CGM (SOGL, CACM, FCA), coordinating operational security analysis (SOGL), balancing platforms (EBGL), and capacity calculation (SOGL, CACM).
  2. Development of the CIM and implementation guides to support the data exchange required for the TYNDP and for the Pan-European Market Model process.
  3. Continuing the ongoing work on the international standards IEC (International Electrotechnical Commission) 62325 series (CIM for Market), including developing the Unified Modelling Language (UML) model for the European market profile, defining the core components required, and generating the relevant documentation for IEC standards, including the balancing data exchange standard, standard of the communication tool (proposed Technical Specification IEC 62325-505), HVDC scheduling, capacity calculation, and outage planning standards.
  1. Updating the Common Grid Model Exchange Standard (CGMES) and conformity assessment scheme to meet the latest requirements from the CGM Programme and RSC services and proposing an evolution to the CIM to the IEC to cover European needs in terms of grid model standardisation.
  2. Maintaining the harmonised role model for the European electricity market to ensure a common vocabulary and views on the different roles and extract a European electricity market role model based on the Network Codes and Guidelines.
  3. Supporting future data exchange requirements between TSOs and DSOs and the new tasks from the CEP including those related to the capacity mechanism registry. An assessment of the CEP in terms of the standardisation required from ENTSO-E should also be performed.
  4. Continuing training activity in data exchange standardisation to the TSO–RSC community.
The transition towards a more sustainable society implies the electrification of sectors such as transport (e.g. electric vehicles) or heating. To work efficiently, this evolution will require more data to be collected, e.g. about individual behaviours and preferences. Cybersecurity will be the key to build the required trust for all stakeholders to embrace this evolution.

Download

ENTSO-E Annual Report 2020

This Annual Report covers the period from January to December 2020. It focuses on the legal mandates given to ENTSO-E. The activities covered in this report were performed thanks to the 42 members of ENTSO-E who provide its financial resources and whose staff provides expertise to the Association.

Chapters:

  1. System Operation
  2. Market
  3. System Development
  4. Transparency Regulation
  5. Research, Development and Innovation
  6. Cybersecurity, Interoperability and Data
  7. TSO–DSO partnership and demand side flexibility
Download Full Report (PDF, 5.9 Mb)