Info!
UPDATED 1 Sept: The EI library in London is temporarily closed to the public, as a precautionary measure in light of the ongoing COVID-19 situation. The Knowledge Service will still be answering email queries via email , or via live chats during working hours (09:15-17:00 GMT). Our e-library is always open for members here: eLibrary , for full-text access to over 200 e-books and millions of articles. Thank you for your patience.
New Energy World magazine logo
New Energy World magazine logo
ISSN 2753-7757 (Online)

Navigating the new EU security directive for the energy sector

8/1/2025

8 min read

Feature

  • x logo former twitter
Photo Looking up shaft of industrial facility, pipework and cabling to the side and man in boiler suit and hard hat and safety harness standing on a metal ladder attached to left Photo: TÜV SÜD
Safety inspections are not the only thing that matters to the energy sector – cyber security assessments are becoming increasingly important, particularly in operational technology (OT) such as wind turbines

 Photo: TÜV SÜD

The European Union's Network and Information Security Directive (NIS2) is introducing stricter cyber security requirements for the energy sector, including power plants, hydrogen producers, wind farms, and oil and gas operations. However, it is not just European companies that need to prepare for NIS2, but also the global supply chains of EU-based energy companies, says Sudhir Ethiraj, Global Head of Cyber Security Office and CEO Business Unit Cyber Security Services at TÜV SÜD.

The energy sector’s importance for economic and social prosperity has put it in the crosshairs of cyber criminals. According to the European Network and Information Security Agency (ENISA), more than 200 cyber incidents were reported in the energy sector in 2023 alone. The key targets are data, information or the deliberate disruption of critical infrastructure. Although the big players in the energy sector are generally well protected, the route via third parties in the supply chain is often easier.

 

The energy sector is very often a high potential target of cyber attacks. Last year the EU adopted the NIS2 Directive to respond to the threat and prevent failure of critical infrastructure.

 

The NIS2 is an update of the existing European Union Network and Information Security (NIS) Directive. It is designed to harmonise the level of IT security in all EU member states and increase their resilience to cyber attacks. NIS2 focuses on improving the cyber security of networks and information systems necessary for the provision of essential services and critical infrastructure.

 

This content is for EI members only.
or join us as an EI Member to read all our Feature articles and receive exclusive EI perks from as little as £6 a month.

You might also be interested in