CEER Training on Cyber Security and the Protection of the European Energy Sector - Module 1 and 2

12-13 June 2017, Brussels


Module 1: Legal and Policy Developments in Cyber Security – 12 June 2017

Module 2: Risk Management and Preparedness in Cyber Security – 13 June 2017

Throughout the world, countries are increasingly facing cyber security threats and challenges. According to a report of the World Energy Council in 2016, 80% of oil and gas companies saw an increase in the number of successful cyber-attacks in 2015. The energy sector is undergoing substantial changes in infrastructure, in the structure of the markets and in cyber security. With evolving cyber threats, our infrastructure is increasingly vulnerable to disruptive or destructive attacks. Though beneficial to both industries and end users, the introduction of advanced technology and modernization to power systems also introduces a whole new set of vulnerabilities that can be exploited by cyber-attacks.

Regulators must prepare for this new reality by understanding their roles and responsibilities and by taking the necessary steps to improve cyber preparedness of utilities. As regulators are tasked with evaluating the investments of utilities, approving tariffs and ensuring the resiliency and reliability of the grid, it is critical for regulators to understand not only all the dimensions of cyber security, but also the best methods to tackle this issue from a regulatory perspective.  

Designed for:

Policy experts as well as technical experts from National Regulatory Authorities and National Competent Authorities who want to get an overview of the policy and legislative developments in cyber security and practical experiences on the technical aspects of risk management and preparedness in Europe. Experts from other sectors in regulatory authorities (telecommunication, railway, financial regulation and others) and from European Institutions (ACER, European Commission) are welcome to attend this course to learn and share experience with the energy sector.   

Programme overview: 

The course comprises of two standalone - but related – modules. Attendance at both modules is recommended, though they are designed such that participants can gain value by attending just one module if they wish.

Module 1: Legal and Policy Developments in Cyber Security – 12 June 2017:

  • World guided tour in cyber security for energy and the European legal framework, including the Clean Energy for all Europeans Proposals  
  • Cyber security - a cross-sector regulation where the energy sector is key
  • Overview of current actions of the European Commission - DG ENERGY: expert working group and analysis of risks and costs of preventing cyber-incidents in the energy sector    
  • Regulating cyber security beyond the EU boundaries
  • Implementation of the EU Network and Information Security (NIS) Directive and cyber security reporting obligations on incidents and attacks 

Module 2: Risk Management and Preparedness in Cyber Security – 13 June 2017: 

  • Cyber security: detection, prevention and mitigation
  • Smart meters, smart grids and the rolling out of advanced metering infrastructures in EU and their impacts on cyber security
  • Building a cyber security scenario and testing them on the ground: how an exercise can foster preparedness
  • Cyber security standards, Best Available Techniques (BATs) and Distributed Ledger Technologies 
  • The future of cyber security for the grid  

Course Director: Mr Roman Picard, CRE, Co-Chair CEER Cyber Security Work Stream.

What did participants say about the previous CEER's course on Cyber Security?

"The novelty of the course was the interactive simulation group work".

"I left with a better understanding of the topic. It was a very good introduction to the topic and content".

Download the draft programme for this training course.