Image: Fraunhofer IOSB-AST
This initiative comes as cybersecurity plays an increasingly crucial role in the energy sector. Increasing digitalization, the proliferation of network systems and the growing involvement of manufacturers and cloud services all increase the potential attack surface. The industry has long debated the systemic risks associated with technologies such as remote control inverters or communications energy management systems – and how best to mitigate them.
Until now, reports to the Federal Office for Information Security (BSI) have mainly enabled preliminary assessments of individual incidents. A comprehensive assessment of their broader impact on security of supply and energy markets has remained largely out of reach – precisely the gap this new framework aims to close.
For the first time, this research presents a structured approach that allows the Federal Network Agency to comprehensively assess security reports. It starts with standardized data formats and communication processes that connect network administrators, plant operators, manufacturers and authorities. Building on this foundation, the research develops both an incident classification system and a three-stage risk-based assessment model.
The approach covers the entire incident assessment lifecycle: from capturing the attack type, affected actors and initial impact, through an in-depth preliminary analysis to a comprehensive impact assessment. In the final phase, systemic and economic effects are also taken into account. The ultimate goal is to reliably determine the possible consequences of a single incident for the energy system as a whole and to determine whether it should be classified as serious.
Methodologically, the study is based on established European frameworks, such as the Cyber Attack Classification System of the European Network of Transmission System Operators for Electricity (ENTSO-E), and uses the Market Master Data Register as a central data source.
The Federal Network Agency will now implement and test this methodology. Looking ahead, it could also be extended to downstream levels – integrated into network operators’ operational processes – to enable more consistent risk assessment across the entire energy value chain.
This content is copyrighted and may not be reused. If you would like to collaborate with us and reuse some of our content, please contact: editors@pv-magazine.com.
Popular content
