Risk assessment report on cyber resilience on EU’s telecommunications and electricity sectors
EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published the first report on the cybersecurity and resilience of Europe’s telecommunications and electricity sectors.
The report points to concerns about a number of risks, including risks to supply chain security, the lack of cyber professionals and the risks posed by malicious activities from cyber criminals and state-sponsored threat actors.
The risk evaluation identified technical and non-technical risks in more detail. In both the telecommunications and electricity sectors, supply chain risks remain the main concern, especially regarding 5G rollout and renewable energy infrastructures. Ransomware, data wipers and exploitation of zero-day vulnerabilities were also identified as an ongoing but pressing concerns in both sectors, especially where operational technology is concerned.
For the electricity sector, the most critical risk identified is malicious insiders, spurred by a difficulty in adequately vetting new personnel and attracting local cybersecurity talent. For the telecommunications sector, the main threats include attacks via roaming infrastructures and attacks originating from large bot networks.
In addition, the physical sabotage of cable infrastructure and the jamming of satellite signals were identified as specific risks that are particularly difficult to mitigate.
To mitigate the identified risks, the report contains recommendations to Member States, the Commission and ENISA to timely implement resilience-enhancing measures. These recommendations include sharing good practices on mitigating ransomware, improving collective cyber-situational awareness and information sharing; improving contingency planning, crisis management and operational collaboration; assessing dependencies on high-risk third-country providers to strengthen supply chain security.
Read the press release that European Commission issued and find the report here.