Beyond the Theory of the Cybersecurity Act
The Cybersecurity Act was one of the most debated legal packages under the Juncker’s Commission. Its adoption has requested a number of compromises and months of discussions by hundreds of stakeholders and experts: as an example, industry, service providers, operators, regulators and legislators have been discussing since its first draft of how a similar masterpiece of legislation could have been effectively applied in the context of the already existing energy legislation. This presentation starts providing an overview of the legal and operational scenario and of the developments in the energy sector since 2014. We will explore why the Cybersecurity Act and other energy specific legislations are both necessary and complimentary. It will provide an overview of how the sector started analysing and seriously considering certification of cybersecurity products on the Energy Critical Infrastructures. In addition, in a sector with a growing degree of digitalisation, the speaker will analyse technological and methodological challenges, that should be considered when setting energy sector specific cybersecurity certification schemes. The presentation will explore existing standards and schemes and how they may fit with the specific purposes. It will provide an overview of how specific legal means (e.g. the Energy Network Codes which are specific for the sector but exportable outside), may easily allow the certification to be established as a valuable tool in the entire EU, providing the desired level of harmonisation and flexibility. Finally, it will answer to a simple but essential question: could or should a single sector work as an example and/or a playground to guide other sectors toward a conscious use of this new European regulatory Tool?