With the adoption of Procedural Act 2018/02/MC-EnC, the 16th Ministerial Council established a coordination group for cybersecurity and critical infrastructure ("CyberCG") on 29 November 2018.
The CyberCG aims to support and facilitate strategic cooperation and the exchange of information within the Energy Community and to develop trust and confidence, with a view to achieving a high common level of security of networks and information systems and of critical infrastructures in the Energy Community.
The CyberCG consists of representatives, designated by the Parties and notified to the Secretariat, including:
- representatives of competent authorities – relevant ministries and national regulatory authorities;
- single points of contact for the security of network and information systems substantial for the operation of critical infrastructures and/or provision of essential services at least in the energy sectors defined herewith, and
- one or more national computer security incident response teams (CSIRT-s) with responsibility in energy.
The energy sectors relevant for critical infrastructures and essential services include:
- electricity generation, transmission, distribution, storage, supply, market operation;
- natural gas production, transmission, distribution, storage, LNG, supply, market operation;
- oil production, refining / treatment, transmission, storage, market operation.
The CyberCG consists of representatives of the Parties, the CSIRTs network, security liaison officers, the Secretariat, the European Commission, and the European Union Agency for Network and lnformation Security ("ENlSA"). Representatives of Observer and Participant countries may participate in the CyberCG. When appropriate, the CyberCG may invite representatives of the relevant stakeholders to participate in its work.
Study on cyber security in the energy sector of the Energy Community
In parallel to the establishment of the CyberCG, the Secretariat launched a study with the aim of
- provide basic information on the legal compliance across the Energy Community region;
- risk and gap analysis for each Contracting Party;
- draft proposals for establishing a legal and regulatory framework on cybersecurity in the Energy Community;
- draft a roadmap for development of regional cooperation and communication platform.
The starting point was an assessment of the state of play with respect to the EU cybercrime legal framework (Budapest Convention), which forms the basis for cybersecurity legislation by defining criminal law offences and associated provisions and thus enables prosecution of cybercrime.
The CyberCG was involved in discussing the progress made and draft findings of the study through out year 2019. It was clear from the outset, that the study's findings would contribute to the group's work programs and future activities. The Secretariat published the study in December 2019.
Work Program 2020 - 2021
As regards period 2020 – 2021, the CyberCG endeavours to accomplish the following activities and targets:
- establishment and maintenance of its organizational structure;
- the tasks within the Working Group on Energy Community Critical Infrastructures;
- the tasks within the Working Group on Cybersecurity Governance;
- the tasks within the Energy Community SCIRT Network;
- education and training program.