Reasons for the establishment of the Austrian Energy CERT
ICT risk analysis for the energy sector
Austria’s electricity and gas companies meet their responsibilities and fulfil their statutory obligations in the public interest, including:
- ensuring secure energy supply, and
- providing high-quality services.
The energy industry’s ICT risk analysis for the electricity and gas sectors, conducted in collaboration with public authorities, has set new standards.
Experts from energy firms and public authorities worked together to carry out an analysis and evaluation of security of supply. The main focus was on identifying the risks arising from the use of ICT infrastructure, and examining them in detail. This resulted in a successful joint initiative in the form of a public-private partnership (PPP).
This partnership further enhanced mutual understanding and trust. It also increased awareness and acceptance of preventative measures to boost resilience.
One of these measures is the creation and operation of a computer emergency response team (CERT) for the Austrian electricity and gas sectors.
Establishing the Arbeitsgemeinschaft Austrian Energy CERT (ARGE E-CERT) consortium is the first key step in implementing this measure.
Benefits and expectations of the Austrian Energy CERT
Efficient implementation by means of a public-private partnership enables the use of existing structures and initiatives.
The Austrian Energy CERT:
- is an initiative resulting from the risk analysis carried out by the sector and regulators
- reflects the industry’s proactive approach
- conforms to
- the NIS Directive,
- the ENISA Smart Grid Security recommendations, and
- the requirements of Austria’s Cybersecurity Strategy
- strengthens the resilience of participating companies and the sector
- produces closer cooperation within the CERT network
- is a dedicated resource for increasing IT security in the energy industry
- pools industry-specific know-how at Austrian Energy CERT (competence centre)
- provides services specifically tailored to the sector’s needs
- is a confidential, anonymous, expert-level information platform
- liaises with suppliers and producers on security matters
- enhances ICT security awareness and preventative measures
- analyses and evaluates incidents and weaknesses from the sector’s perspective
- prepares cross-company status overviews and threat maps
- provides operational support to member companies in the event of IT security incidents
- acts as an information hub and an interface with public authorities
Establishment of the Austrian Energy CERT
Current status
Multi-phase implementation began on 1 August 2016 with the step-by-step expansion and development of the industry-specific Austrian Energy CERT.