Public Consultation on Cyber-attack Classification Scale Methodology
Overview
Under Article 37(8) of the Network Code for Cybersecurity (NCCS), the European Network of Transmission System Operators for Electricity (ENTSO-E) in cooperation with the EU DSO entity (DSO Entity) has developed a proposal for methodology for the cyber-attack classification scale.
The document will help high-impact and critical-impact entities to assess whether a cyber-attack is reportable according to the NCCS by understanding the gravity level of a cyber-attack. The gravity of a cyber-attack is based on the potential impact and the severity of the cyber-attack. The potential impact is determined by the types of assets affected. The severity of the cyber-attack is estimated according to the position of an attacker in the attack chain.
When high-impact and critical-impact entities assess the gravity of the cyber-attack as critical or high, they must share relevant information with their CSIRTs and competent authorities no later than four hours after assessing that the cyber-attack is reportable.
Why your views matter
Since the methodologies will apply to variety of entities, it is crucial for ENTSO-E and DSO Entity that they are clear and useful to them. Therefore, it has been decided to launch a public consultation to ensure that various stakeholders can have their say on the document before it is sent to the competent authorities for final approval.
Give us your views
Events
-
NCCS: public consultation workshop on Cyber-attack Classification Scale Methodology
From 27 Jan 2025 at 11:00 to 27 Jan 2025 at 12:00Teams invite link can be found in the "Related" section below. The time zone mentioned is: CET
Audiences
- Anyone from any background
Interests
- Emergency and Restauration
- Connection Network Codes
- Capacity Balancing
- General
- Market Network Codes
- System Operations Code
- General
- Inter-TSO collaboration
- Energy Community
- TYNDP
- Adequacy reports
- Scenarios
Share
Share on Twitter Share on Facebook