The speeding up of the digitization of energy sector has brought about many economic benefits such as greater efficiency and greater rationalization of energy consumption. However, this also means a greater risk of cyberattacks. The recent cyberattacks that have targeted some of Ukraine’s infrastructure approve of the fact that the risk is real and growing. And vulnerability is not just affecting the infrastructure that is located in the European Union or the United States, although both players have sought to put in place policies and tools to prevent these attacks from happening.
American and European approaches to cybersecurity are characterized by many differences. The American approach has been all about the strategy of “security in depth” with strict regulations in specific sectors. In contrast, the EU has been more about a flexible and exhaustive approach covering a wide range of issues, leaving an important margin for member states to implement their own deviations to the system. Nonetheless, both approaches are carved in the way that they can complement each other and each side can learn from the other side.
The American model is very precise and developed according to the state-of-the-art standards in cybersecurity protection including the implementation of these regulations. Only a few European countries have the similar level of norms, such as France. Europe generally suffers from inadequacies at both the EU and national level. Yet, the US can also learn from the EU, such as when it comes to the protection of privacy and personal data, cybersecurity for renewable energies and low carbon technologies including the protection of electricity network at the level of distribution. Moreover, California and France present a few specificities in the area of cybersecurity.
Therefore, it is crucial to improve transatlantic cooperation in order to allow the EU and the US to learn from one another’s security frameworks. This should happen at different levels – inter-governmental level, at the level of non-profit organizations but also at the multilateral level such as the NATO and the G7. Stronger private-public partnerships are also going to play a vital role in this regard. The main goal would be to encourage a harmonization of norms between the US and the EU in order to gradually implement common standards. Importantly, US President Donald Trump is in favor of improving cybersecurity of the energy sector and he has even strengthened some of the regulations his predecessor Barack Obama had been working on. Therefore, while there are many rifts in the transatlantic relations nowadays, cybersecurity is not one of them.
If managed well, the common transatlantic cybersecurity norms could become the global standard, helping to decrease the risk of contagion. There is also an important economic dimension – if the EU is not fast enough to work on its cybersecurity, specialized European firms can lose traction vis-à-vis their American counterparts. This could obviously lead to major losses in a growing market that is increasingly attracting millions of euros in investment and growth.
‘Cybersecurity in the Energy Sector: a Comparative Analysis Between Europe and the United-States’ – Study by Arnault Barichella – Institut français des relations internationales / IFRI.