Links, cybersecurity for the Electricity Subsector


Links


The US 2015 Energy Sector-Specific Plan (SSP) was developed in accordance with the NIPP 2013: Partnering for Critical Infrastructure Security and Resilience, which guides the national effort to manage risk to the Nation’s critical infrastructure. The U.S. Department of Energy (DOE), as the Sector-Specific Agency (SSA) for the Energy Sector, led the development of the 2015 Energy SSP in close collaboration with its sector partners. A myriad of Energy Sector partners exist in both private and public sectors in the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, under which the Electricity and Oil and Natural Gas Subsector Coordinating Councils (SCCs) and the Energy Government Coordinating Council (GCC) operate.

Energy Sector-Specific Plan


The purpose of the US Electricity Sub-Sector Coordinating Council (ESCC) is to facilitate and support the coordination of sub-sector wide, policy-related activities and initiatives designed to improve the reliability and resilience of the electricity sub-sector, including physical and cyber security infrastructure and emergency preparedness of the nation’s electricity sub-sector. The ESCC will establish a dialogue between senior industry representatives and Administration officials in order to carry out the role of the Sector Coordinating Council as established in the National Infrastructure Protection Plan (NIPP) for the electricity sub-sector.

Electricity Sub-Sector Coordinating Council Charter


The Department of Energy (DOE) has statutory, sector-specific, scientific, and national security missions that contribute to advancing our Nation’s cybersecurity. DOE is responsible for its own enterprise cybersecurity as well as supporting the sector’s efforts to strengthen cybersecurity.

Transition 2020, Issue Papers


The National Cybersecurity Center of Excellence (NCCoE) developed an example solution that electric utilities can use to more securely and efficiently manage access to the networked devices and facilities on which power generation, transmission, and distribution depend. This National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide uses commercially available products that can be included alongside your current products in your existing infrastructure. The integration of these products provides a converged view of all users within the electric utility’s operational technology (OT) systems and information technology (IT) systems, as well as access to buildings and other facilities.

Identity and Access Management for Electric Utilities


The European Union Agency for the Cooperation of Energy Regulators (ACER) was established in March 2011 by theThird Energy Package legislation as an independent body to foster the integration and completion of the European Internal Energy Market for electricity and natural gas. ACER is one of the EU decentralised agencies. Distinct from the EU institutions, agencies are set up as separate legal entities to perform specific technical and scientific tasks that help EU institutions and Member States to implement policies and take decisions.

The European Union Agency for the Cooperation of Energy Regulators (ACER)


This study provides an assessment of existing European policies and legislation to address cyber security in the energy sector and recommends additional policy prescriptions that may be necessary to protect Europe and its citizens. The assessment is based upon a review of the profound changes that the energy system is undergoing. It is against these current and future challenges that existing Cyber security policy and actions must be measured.

EU - Cyber Security Strategy for the Energy Sector


The Council of European Energy Regulators (CEER) is the voice of Europe's national energy regulators at EU and international level. Through CEER, the national regulators cooperate and exchange best practices. The overall aim of the Council of European Energy Regulators is to facilitate the creation of a single, competitive, efficient and sustainable internal market for gas and electricity in Europe. The CEER acts as a platform for cooperation, information exchange and assistance between Europe's national energy regulators and is their interface at EU and international level. On EU issues, CEER works very closely with (and supports) the Agency for the Cooperation of Energy Regulators (ACER), an EU Agency formed for the cooperation of energy regulators. CEER also strives to share regulatory best practice worldwide through its membership in the International Confederation of Energy Regulators (ICER) which brings together similar associations from across the globe including NARUC (America), ERRA (Central/Eastern Europe) and MEDREG (the Mediterranean region).

CEER, the voice of Europe’s energy regulators.


The objective of this paper is to provide European energy regulators’ views on the content and process for the preparation of D-NDPs. It addresses aspects DSOs should take into account when preparing and consulting on their network development plans, as well as actions that national regulatory authorities (NRAs) could take to foster transparency and participation in distribution network planning processes.

CEER Views on Electricity Distribution Network Development Plans.


Our websites


a. Sectors and Industries.

1. Cyber Risk GmbH

2. Social Engineering Training

3. Healthcare Cybersecurity

4. Airline Cybersecurity

5. Railway Cybersecurity

6. Maritime Cybersecurity

7. Oil Cybersecurity

8. Electricity Cybersecurity

9. Gas Cybersecurity

10. Hydrogen Cybersecurity

11. Transport Cybersecurity

12. Transport Cybersecurity Toolkit

13. Hotel Cybersecurity

14. Sanctions Risk

15. Travel Security


b. Understanding Cybersecurity.

1. What is Disinformation?

2. What is Steganography?

3. What is Cyberbiosecurity?

4. What is Synthetic Identity Fraud?

5. What is a Romance Scam?

6. What is Cyber Espionage?

7. What is Sexspionage?

8. What is the RESTRICT Act?


c. Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The Digital Operational Resilience Act (DORA)

3. The Critical Entities Resilience Directive (CER)

4. The European Data Act

5. The European Data Governance Act (DGA)

6. The European Cyber Resilience Act (CRA)

7. The Digital Services Act (DSA)

8. The Digital Markets Act (DMA)

9. The European Chips Act

10. The Artificial Intelligence Act

11. The Artificial Intelligence Liability Directive

12. The Framework for Artificial Intelligence Cybersecurity Practices (FAICP)

13. The EU Cyber Solidarity Act

14. The Digital Networks Act (DNA)

15. The European ePrivacy Regulation

16. The European Digital Identity Regulation

17. The European Media Freedom Act (EMFA)

18. The Corporate Sustainability Due Diligence Directive (CSDDD)

19. The European Health Data Space (EHDS)

20. The European Financial Data Space (EFDS)

21. The Financial Data Access (FiDA) Regulation

22. The Payment Services Directive 3 (PSD3), Payment Services Regulation (PSR)

23. The European Cyber Defence Policy

24. The Strategic Compass of the European Union

25. The EU Cyber Diplomacy Toolbox



The exchange of information between the private and the public sector


Cyber Risk GmbH supports the national strategy for the protection of Switzerland against cyber risks (NCS), and promotes the exchange of information.

We often read that the public sector must learn from the private sector. We strongly believe that the opposite is more important. The private sector must learn from the public sector:


1. Switzerland, NDB. The Federal Intelligence Service (Nachrichtendienst des Bundes) works for the prevention of terrorism, violent extremism, espionage, proliferation of weapons of mass destruction and their delivery system technology, as well as cyberattacks against the critical infrastructure.

https://www.vbs.admin.ch/de/vbs/organisation/verwaltungseinheiten/nachrichtendienst.html


2. Switzerland, NCSC. The National Cybersecurity Centre (Nationale Zentrum für Cybersicherheit) is the Swiss Confederation's competence centre for cybersecurity and thus the first contact point for businesses, public administrations, educational institutions and the general public. It is responsible for the coordinated implementation of the national strategy for the protection of Switzerland against cyber-risks (NCS).

https://www.ncsc.admin.ch


3. Switzerland, Cybercrimepolice.ch. The Zurich Cantonal Police (Kantonspolizei Zürich) operates www.cybercrimepolice.ch

https://www.cybercrimepolice.ch


4. Switzerland, SKP. The Swiss Crime Prevention (Schweizerische Kriminalprävention) is an agency specializing in the prevention of crime and the fear of crime.

https://www.skppsc.ch


5. Switzerland, GovCERT. The Computer Emergency Response Team of the Swiss government, the official national CERT of Switzerland.

https://www.govcert.admin.ch


6. Germany, BfV - The domestic intelligence service of the Federal Republic of Germany (Bundesamt für Verfassungsschutz). The Office for the Protection of the Constitution ensures that the free democratic basic order is secured at federal level and in the 16 federal states.

https://www.verfassungsschutz.de


7. Germany, BND - The foreign intelligence service of the Federal Republic of Germany (Bundesnachrichtendienst). The BND works for the acquisition and processing of information, to inform the federal government on developments important for foreign and security policy.

https://www.bnd.bund.de


8. Germany - BAMAD. The military counter-intelligence service (Bundesamt für den Militärischen Abschirmdienst) is one of the three German intelligence services at federal level, and works for the protection of the constitution. The Military Counterintelligence Service Report is highly recommended (https://www.bundeswehr.de/resource/blob/5361404/4fa2a6e88f8fc77863022395942e6241/mad-report-2020-data.pdf).

https://www.bundeswehr.de/de/organisation/weitere-bmvg-dienststellen/mad-bundesamt-fuer-den-militaerischen-abschirmdienst


9. Canada - CSIS. The Canadian Security Intelligence Service investigates activities suspected of constituting threats to the security of Canada, and reports to the Government of Canada. They take measures to reduce threats to the security of Canada.

https://www.canada.ca/en/security-intelligence-service.html


10. UK - MI5. For more than a century, MI5 protects the UK from a range of threats, whether it be from terrorism or hostile activity by states.

https://www.mi5.gov.uk


11. UK - MI6. They have three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

https://www.sis.gov.uk


12. UK - GCHQ. With priorities set by the UK’s National Security Strategy and the decisions of the National Security Council, chaired by the Prime Minister, as well as the Joint Intelligence Committee.

https://www.gchq.gov.uk


13. UK - NCA. The National Crime Agency houses the UK’s International Crime Bureaux including INTERPOL and EUROPOL. They manage the routine exchange of police and law enforcement information through these channels and provide access to international databases and capabilities.

https://www.nationalcrimeagency.gov.uk


14. US - ODNI. The Office of the Director of National Intelligence serves as the head of the U.S. Intelligence Community, overseeing and directing the implementation of the National Intelligence Program and acting as the principal advisor to the President, the National Security Council, and the Homeland Security Council for intelligence matters related to national security.

https://www.odni.gov


15. US - CIA. The Central Intelligence Agency provides intelligence on foreign countries and global issues to the president, the National Security Council, and other policymakers to help them make national security decisions.

https://www.cia.gov


16. US - NSA. The National Security Agency leads the U.S. Government in cryptology that encompasses both signals intelligence (SIGINT) insights and cybersecurity products and services.

https://www.nsa.gov


17. US - FBI. The Federal Bureau of Investigation protect the U.S. from terrorist attacks, against foreign intelligence, espionage, and cyber operations. FBI combats significant cyber criminal activity.

https://www.fbi.gov


18. Australia, ASIO. The Australian Security Intelligence Organisation protects Australia and its people from acts of foreign interference, attacks on Australia’s defence systems, espionage, politically motivated violence including terrorism, promotion of communal violence, sabotage, and serious threats to Australia’s border integrity.

https://www.asio.gov.au


19. Australia, ONI. The Office of National Intelligence, following the passage of the Office of National Intelligence Act (2018), came into being on 20 December 2018. Represents a key component in the formation of Australia’s new National Intelligence Community (NIC), and is responsible for enterprise level management of the NIC, ensuring a single point of accountability to the Prime Minister and National Security Committee of Cabinet.

https://www.oni.gov.au


20. Australia, ASIS. The Australian Secret Intelligence Service is Australia's foreign intelligence collection agency. They collect and distribute secret foreign intelligence, information which would be otherwise unavailable to Australia, to protect Australia and its interests.

https://www.asis.gov.au