Tackling cybersecurity challenges in the energy and water sectors in the context of the cybersecurity and sectoral regulatory frameworks: the case of smart metering systems in the new digitalised environment

ABSTRACT Critical Infrastructures (CIs) are the backbone of our societal and economic activities. Safeguarding their uninterrupted operation and keeping them safe against different types of threats, from natural disasters to human-induced acts, is of the essence. This analysis focuses on the energy sector mostly and the water sector secondarily as these two sectors are among the CIs that have mainly suffered the consequences of cyber incidents. In this context, the paper examines the applicability of the EU cybersecurity regulatory framework in the energy (including both electricity and gas) and the water sectors, as well as the sector specific initiatives that have been adopted so far to tackle the cybersecurity challenges the two sectors face. Given the expansive deployment of smart technologies and devices in both sectors, the regulatory regime of smart metres and the complications that are associated with their installation and use in terms of privacy and security of the collected data is examined separately. Finally, the analysis attempts to shed some light on the shortcomings of the existing legal framework and to contribute to its further effectiveness by suggesting further steps that could potentially help make the energy and water sectors more cyber resilient in the new threat landscape.