NARUC’s Role in Strengthening Energy Security in Europe and Eurasia
With support from the United States Agency for International Development (USAID), under the Energy and Infrastructure Division of the Bureau for Europe and Eurasia, the National Association of Regulatory Utility Commissioners (NARUC) launched the Europe and Eurasia Cybersecurity Initiative in December 2016 to provide the regulators of Armenia, Georgia, Moldova, and Ukraine with the tools and understanding to work with utilities and governmental agencies to effectively strengthen the cybersecurity and resilience of their respective energy sectors. In October 2018, USAID and NARUC expanded the scope of the initiative to include regulators from Southeast Europe, specifically Albania, Bosnia and Herzegovina, Kosovo, North Macedonia, Serbia, and Montenegro.
Through this initiative, USAID is helping to ensure reliability of the power grid in the face of increasing cyberattacks in Europe and Eurasia. By supporting regulators to become cyber auditors through developing cybersecurity strategies, engaging with utility companies, setting benchmarks, and approving prudent cyber investments, USAID’s efforts enable energy regulators to take a leading role in overseeing the security and reliability of the power grid and advancing best practices that can be shared globally.
For cybersecurity, some of NARUC’s main focus areas include:
• Cybersecurity Strategies
• Prudency of Investments
• Maturity Models
USAID and NARUC Europe and Eurasia Cybersecurity Initiative Toolkit
These publications are meant to serve as resources that regulators can use to help improve energy sector resilience in alignment with international best practices and in the context of their respective priorities and needs.
This guide was developed to provide information and lessons learned to support Black Sea regulators, and others, in developing their own commissions’ cybersecurity strategies. Drawing from experiences and best practices from U.S. state-level regulatory commissions and elsewhere, this document has been designed to cover the important issues and questions that regulators should address as they begin the process of developing their unique cybersecurity strategies.
This evaluative framework is an easy-to-use tool for regulators to assess utilities’ cybersecurity preparedness. It is designed to provide a structured way for regulators to gauge what level of cyber-preparedness utilities have reached and identify areas for improvement.
This guide was initially developed for regulators in Europe and Eurasia to reinforce their knowledge of practical cybersecurity solutions in the face of ongoing threats within the energy sector. However, the questions of how to evaluate risks, assess mitigation measures, and select standards are relevant for regulators around the world.
These guidelines were developed to assist regulators in ensuring that investments made in the name of cybersecurity are reasonable, prudent, and effective. These guidelines are intended to assist regulators in defining tariffs by establishing a regulatory approach to enhance the cybersecurity stance of their power systems and are based on literature and current practices.
This primer discusses cybersecurity maturity models within the context of energy regulation to provide a fundamental understanding of their application, benefits, and the value that they can afford in the regulatory process.
With support from USAID, NARUC has produced a new infographic titled "Modernized Grids Can Increase Cybersecurity Risks."
The focus of the infographic is to provide clear and concise information on the following topics:
You can access and download the full infographic here.
We followed up with regulators from both Armenia’s Public Services Regulatory Commission (PSRC) and the Energy and Water Services Regulatory Commission of the Republic of North Macedonia (ERC) to track the progress they have made in relation to the key themes of each of the following USAID and NARUC publications: “The Utility Regulator's Role in Promoting Cybersecurity: Resilience, Risk Assessment, and Standards” and “Evaluating the Prudency of Cybersecurity Investments: Guidelines for Energy Regulators.”
The Albanian Energy Regulatory Authority (ERE) has recently approved the country’s first-ever cybersecurity regulation for the electricity sector, titled “Regulation on Cybersecurity of Electricity Sector Critical Infrastructure.” In doing so, they have established incident reporting criteria and requirements that electricity system operators can use to assess and improve their cybersecurity maturity as well as their protection and response capabilities.
This article was originally published in the October 2020 issue of Public Utilities Fortnightly (www.fortnightly.com), and is the second in a two-part review of cybersecurity resources published through a partnership between NARUC and USAID. It includes key insights from lead author and editor, Elena Ragazzi (Research Institute on Sustainable Economic Growth of the National Research Council of Italy). Throughout the article, she explores key highlights from the guidelines and answers questions such as “What cybersecurity aspect is most misunderstood by regulators?”
Originally published in the July 2020 issue of Public Utilities Fortnightly (www.fortnightly.com), this article includes key insights from two of the three authors of the NARUC/USAID publication “The Utility Regulator’s Role in Promoting Cybersecurity: Resilience, Risk Assessment, and Standards” – Stefano Bracco (Agency for the Cooperation of Energy Regulators) and Frances Cleveland (Xanthus Consulting International). Throughout the article, they describe current challenges across the cyber landscape and discuss the importance of being able to consider and adapt standards to national contexts.
Project Dates: 2016-Present
The Energy Regulatory Commission of the Republic of North Macedonia
National Energy and Utilities Regulatory Commission of Ukraine
State Electricity Regulatory Commission in Federation of Bosnia and Herzegovina
Energy Regulatory Authority of Albania
The National Agency for Energy Regulation of the Republic of Moldova
Kosovo’s Energy Regulatory Office
Georgian National Energy and Water Supply Regulatory Commission
Regulatory Commission for Energy in Federation of Bosnia and Herzegovina
Armenian Public Services Regulatory Commission
Regulatory Commission for Energy of Republika Srpska in Federation of Bosnia and Herzegovina
The Energy and Water Regulatory Authority of Montenegro
Energy Agency of the Republic of Serbia