Cyber Resilience in the Electricity Industry: Analysis and Recommendations on Regulatory Practices for the Public and Private Sectors

A variety of threat actors continually target power utilities, seeking to profit financially or otherwise cause harm using attack vectors such as ransomware or by disrupting the availability of critical functions as cyberattacks on critical infrastructure were ranked
the fifth top risk in 2020 for multiple sectors, including energy. To that end, the report on Cyber Resilience in the Electric Industry aims to provide recommendations to both policy-makers and companies to improve cybersecurity resilience in the electricity sector. To enhance cyber resilience at all levels, a proactive posture that mitigates risk, limits the impact of attacks and facilitates continuity of operations for the electricity sector in the face of challenging conditions, is necessary. The structure of this report covers: 1) threat landscape and emerging risks; 2) regulatory landscape and analysis of EU-US regulations; 3) international best practice frameworks and standards; 4) certification; and 5) regulatory practices.