Energy & Utilities Security
Compliance & Regulation
Essential Reading
NIS Regulations 2018
NIS penalties reach up to GBP 17 million for serious cyber failures
The NCSC Cyber Assessment Framework (CAF) for the Energy Sector
The CAF assesses 14 principles across 4 objectives for every energy OES
Ofgem Cyber Security Requirements for Energy Operators
Ofgem is the NIS competent authority for downstream gas and electricity
Further Reading
IEC 62443
IEC 62443 defines four security levels from casual threats to nation-states
The NIS2 Directive
NIS2 requires an early warning within 24 hours of a significant incident
Cyber Essentials for Energy Operators and Their Supply Chain
Cyber Essentials blocks the majority of common internet-borne attacks
Energy Supply Chain Security Obligations Under NIS and the CAF
The CAF makes energy operators accountable for their suppliers' cyber risk
Critical National Infrastructure
Energy is one of the UK's 13 Critical National Infrastructure sectors