Power Supply Dependencies in the Electronic Communications Sector
1. www.enisa.europa.eu
Power Supply Dependencies in
the Electronic Communications
Sector
- Survey, analysis and Recom-
mendations for resilience
against power supply failures
May 6th 2014
Christoffer Karsberg
Secure infrastructure and services
6. www.enisa.europa.eu 6
Art 13a Incident Reporting
• After the incident has been managed
• Impact for users
• Within the context of national supervision
• What can be done to avoid a similar incident?
• Share experiences with other government bodies/abroad
• Exchange, discuss security measures and good practices
• Show patterns and give recommendations to policy
makers and industry so they can assess risks (impact,
probability) and take priorities
7. www.enisa.europa.eu 7
The Art 13a context – nationally and EU
wide
• Operators must maintain an appropriate level of security
of their networks and services
• NRAs issue general advice or secondary legislation
• NRAs supervise the operators
• Providers notify significant incidents to NRAs
– Mainly service disruptions/outages
• NRAs inform NRAs in other relevant Member States and
ENISA when appropriate, eg. cross border impact
• Yearly NRAs send a summary report on the received
notifications to ENISA and COM
8. www.enisa.europa.eu 8
EU Wide Incident Reporting
• In Feb every year NRAs submit incident reports with
significant impact to ENISA and COM
• Based on thresholds agreed upon in the Art 13a Expert
Group
1h-2h 2h-4h 4h-6h 6h-8h >8h
1% - 2%
2% - 5%
5% - 10%
10% - 15%
> 15%
12. www.enisa.europa.eu 13
Incidents with significant impact are input to specific
ENISA recommendations
In 2012 power cuts had the second most significant impact of all causes
Impact in user-hours per detailed cause, per incident on average (2012)
14. www.enisa.europa.eu 15
Goal of the study and Methodology
? What can be done to improve the ecomms sector’s
ability to withstand and act efficiently after power
cuts?
• Desk top research
• Questionnaire to NRAs
• Interviews with NRAs, operators, and energy
stakeholders
• Review of draft report by NRAs and operators
Final output published in Dec 2013:
Analysis and Recommendations to the NRAs and
operators
15. www.enisa.europa.eu 16
Findings
• Power Cuts second most common and significant cause of
service outages
• Natural phenomena major trigger to power supply failures
• Mobile networks particularly vulnerable to power cuts
• Most NRAs think current protection levels are insufficient
• Most NRAs don’t perform risk assessments on power cuts
• Minority of MS have policies directly linked to resilience
against power cuts
• National use of state funding and PPP to address power cut
resilience are exceptions
• Many national energy sector regulators have regulation to
improve continuity of energy supply
• Operators face problems with poor contracts and support
from power supply companies
• Cooperation and information exchange insufficient within
and between the ecomms sector and energy sector
• Schemes missing for giving prioritized treatment to critical
ecomms assets when severe power failures
16. www.enisa.europa.eu 17
Eight Recommendations
1. NRAs should analyse the impact of outages caused by
power cuts.
2. NRAs should collect good practices to increase resilience
against power cuts together with operators and energy
stakeholders.
3. NRAs should together with the energy sector perform a
cost benefit analysis to determine what to expect from
different sectors and actors.
4. Operators should regularly perform checks of reserve
power systems to be prepared in case of power cuts.
5. NRAs should push affected operators to systematically
improve their security measures based on lessons
learned.
6. NRAs should establish a strategy for cooperation and
mutual aid agreements for restoration in the sector and
with the energy sector. This cooperation should be
exercised.
17. www.enisa.europa.eu 18
Eight Recommendations
7. NRAs should consider a priority scheme for preferential
treatment within the sector under exceptional
circumstances
8. The ecomms sector, energy sector and civil protection
authorities should establish information exchange with
situational awareness information, forecasts of
restoration times and other info supporting restoration.
18. www.enisa.europa.eu 19
Contact us, work with us
Article 13a material
• Article 13a EG portal and draft guidelines: http://resilience.enisa.europa.eu/article-13
• Article 13a Expert Group video:
http://www.enisa.europa.eu/media/multimedia/reporting-of-cybersecurity-incidents
• Article 13a annual reports: http://www.enisa.europa.eu/activities/Resilience-and-
CIIP/Incidents-reporting/annual-reports/annual-incident-reports-2012
• Art 13a Incidents 2012 video: http://www.enisa.europa.eu/media/multimedia/art-13a-
annual-incident-report-results-screencast
---
Marnix Dekker marnix.dekker@enisa.europa.eu
Christoffer Karsberg Christoffer.Karsberg@enisa.europa.eu
Rossella Mattioli Rossella.Mattioli@enisa.europa.eu
ENISA website: http://www.enisa.europa.eu
Follow ENISA’s twitter @enisa_eu feed: https://twitter.com/enisa_eu