ENCS and ENTSO-E – five years of collaboration5 July 2023
It’s a little over five years since ENCS (European Network for Cyber Security, a Netherlands-based organisation that develops training and shares cyber threat information) and ENTSO-E (European network of electricity TSOs) first co-signed a memorandum of understanding. What has changed in that half-decade, what remains the same and what has the partnership achieved? ENCS spoke to Radek Hartman, chairman of the ICT Committee at ENTSO-E and board member at ČEPS, a.s. to find out.
ENCS: It has been more than five yearsnowsinceyoustartedworking with ENCS. Casting your mind back, what prompted you to enter into this collaboration?
RH: Back in 2017, ENTSO-E was in the midst of designing and implementing its first digital transformation strategy since the organisation was formed in 2009. Recognising and responding to the ever-increasing cyber security threat was one of the core drivers of that transformation. So, in that context, we sought expertise to feed into the strategy. ENCS was already known in the TSO community through training courses it had delivered, and we quickly identified ENCS as a value-added partner. The MoU was a natural first step that paved the way for closer collaboration.
ENCS: From the beginning then, the training has been central to your collaboration with us, and we have worked together on training every year through to today. Why is it that you have continued to find this so important?
RH: Facing the cyber-threat is very much about expertise, and that expertise must be shared among trusted peers – you can’t do this alone, you’ll never keep up. The training courses help to do this by confronting the participants with current, state-of-the-art specific use cases and bringing together specialists from various TSOs from across our association. They can then upskill and share experience and expertise in a very hands-on and effective way.
Second, the training courses – especially the red-team/blue-team sessions – are very visible within ENTSO-E and attract attention, making them an excellent opportunity to drastically enhance cyber security awareness among non-specialists such as those in business or management roles. This is extremely important as these are often decision-makers with influence as to how much time and money will be invested in security; if they ‘get it’ then our grids – and by extension our communities across Europe – are more secure.
ENCS: Five years can be a long time in tech-related fields, not least in cyber security. From your vantage point, what has changed in those past five years? And how has our work together helped us all to adapt?
RH: Actually, I would say these five years have not so much shown us totally new things, rather they have confirmed many of the things we all suspected back in 2017. Back then, we all knew in theory that the vital infrastructure our members oversee would be a target for all types of cyber attackers, from criminal hackers to state-backed actors. Today we know that for sure. We must always assume unlimited resources on the part of our would-be attackers and prepare accordingly. Back then, we shared an idea that collaboration between trusted partners is essential – this has been proven repeatedly. We also already knew that no software solution is 100% immune to attack and experience has borne this out.
ENCS: Do you think there are any specific changes or challenges for the TSO community compared to, for example, the DSO community? Or are the trends the same?
RH: I know ENCS serves both communities and obviously TSOs must work closely with DSOs as their grids are connected – you cannot protect one in total isolation of the other. As such, I would say that the challenges are broadly similar. There are differences of course – TSOs naturally must deal with more pan-European critical processes of all time-scales, including close to real-time. That’s hard. We must therefore operate more and more IT systems integrating data from all our members to handle critical processes – so at the same time the cyber-threat landscape increases, our joint IT platforms become more critical!
But overall we share many challenges with our DSO colleagues and must work together. For example, we at ENTSO-E worked alongside our colleagues at EDSO – and of course ENCS – on the Network Code for Cyber Security. We must always remember we are only as strong as our weakest link.
ENCS: On the whole, do you feel the industry is well-prepared for the cyber threats it faces?
RH: There is no such thing as ‘well-prepared’. That suggests the work has been done, when in reality that can never be the case. We are in a never-ending race with attackers. We constantly look for better ways to protect critical infrastructure and they constantly look for ways to evade those protections. I believe we are very good at this, but you must never pat yourself on the back and say ‘well done’ in cyber security.
ENCS: Looking forward to the next five years, what do you think our industry needs to focus on?
RH: Our industry – understood as the energy industry – must never lose focus on cyber risk. Right now, the war in Ukraine has focused attention effectively on such risks but even as we look forward to the day when this conflict hopefully ends, we must never assume ‘peace’ on the cyber front.
In this spirit, the thing I would most like to see improve in the next five years is continuous vigilance and risk assessment. We have done well to put cyber security on the energy company leaderships’ radar, and we observe that regular risk assessment and protection work is now common. But regular is not continuous. Effective cyber security cannot be something that is revisited once per year, quarter or month – because attackers do not work that way – it must be constant. That attitude is gaining ground, but in the next five years I would like it to become ubiquitous.
Image: Radek Hartman, chairman of the ICT Committee at ENTSO-E and board member at CEPS