‘A growing sense of threat’ in EU cybersecurity act review

We spoke to cybersecurity experts about what the bill will do, and what it has proposed.

‘A growing sense of risk’

The CSA proposal outlined plans to identify “high-risk” countries and high-risk suppliers and exclude them from critical EU digital supply chains. The model comes largely from its existing restrictions on 5G networks, where it has restricted Huawei’s access, as well as efforts to address supply dependencies on single countries or suppliers, which for renewable energy will mostly mean China. “The EU’s risk mitigation logic in 5G is the right mindset to replicate in renewable connectivity architectures,” says Rafael Narezzi, CEO and co-founder of cybersecurity firm Cyber Energia.

Uri Sadot, founder of SolarDefend and chairman of SolarPower Europe’s digitalisation workstream, expects the revised cybersecurity act to “have teeth”.

Europe is on a new security footing, with military and defence spending increasing in the face of heightened geopolitical tensions and a push for self-reliance. “There’s a growing sense of risk, there’s a growing sense of threat and there’s an impressive level of expertise within the Commission to understand this paradigm shift from centralised power generation to decentralised,” Sadot says. He is part of the technical risk assessment group currently working to develop recommendations for the CSA’s measures on energy.

The CSA proposal references solar inverters, where it warns that “kill switches could be used to negatively impact the availability of communication networks and electricity grids” – a reference to a Reuters story from this year. This shows meaningful intent, Sadot suggests, as do the aggressive timelines for implementation that the Commission set out.

Existing infrastructure

The ongoing risk assessment process has to decide what to do about solar infrastructure already deployed in Europe that carries cybersecurity risks. Inverters are the key…

Source