Details
Original language | English |
---|---|
Article number | 965 |
Journal | Electronics |
Volume | 11 |
Issue number | 6 |
Publication status | Published - 21 Mar 2022 |
Abstract
Cybersecurity concerns have been at the forefront of regulatory reform in the European Union (EU) recently. One of the outcomes of these reforms is the introduction of certification schemes for information and communication technology (ICT) products, services and processes, as well as for data processing operations concerning personal data. These schemes aim to provide an avenue for consumers to assess the compliance posture of organisations concerning the privacy and security of ICT products, services and processes. They also present manufacturers, providers and data controllers with the opportunity to demonstrate compliance with regulatory requirements through a verifiable third-party assessment. As these certification schemes are being developed, various sectors, including the electrical power and energy sector, will need to access the impact on their operations and plan towards successful implementation. Relying on a doctrinal method, this paper identifies relevant EU legal instruments on data protection and cybersecurity certification and their interpretation in order to examine their potential impact when applying certification schemes within the Electrical Power and Energy System (EPES) domain. The result suggests that the EPES domain employs different technologies and services from diverse areas, which can result in the application of several certification schemes within its environment, including horizontal, technological and sector-specific schemes. This has the potential for creating a complex constellation of implementation models and would require careful design to avoid proliferation and disincentivising of stakeholders.
Keywords
- certification, cybersecurity, data protection, energy, Energy, Data protection, Cybersecurity, Certification
ASJC Scopus subject areas
- Computer Science(all)
- Signal Processing
- Engineering(all)
- Electrical and Electronic Engineering
- Engineering(all)
- Control and Systems Engineering
- Computer Science(all)
- Hardware and Architecture
- Computer Science(all)
- Computer Networks and Communications
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
In: Electronics, Vol. 11, No. 6, 965, 21.03.2022.
Research output: Contribution to journal › Article › Research › peer review
}
TY - JOUR
T1 - Data Protection and Cybersecurity Certification Activities and Schemes in the Energy Sector
AU - Nwankwo, Iheanyi Samuel
AU - Stauch, Marc
AU - Radoglou-Grammatikis, Panagiotis
AU - Sarigiannidis, Panagiotis
AU - Lazaridis, George
AU - Drosou, Anastasios
AU - Tzovaras, Dimitrios
N1 - Funding Information: Funding: This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 833955 (SDN-microSENSE).
PY - 2022/3/21
Y1 - 2022/3/21
N2 - Cybersecurity concerns have been at the forefront of regulatory reform in the European Union (EU) recently. One of the outcomes of these reforms is the introduction of certification schemes for information and communication technology (ICT) products, services and processes, as well as for data processing operations concerning personal data. These schemes aim to provide an avenue for consumers to assess the compliance posture of organisations concerning the privacy and security of ICT products, services and processes. They also present manufacturers, providers and data controllers with the opportunity to demonstrate compliance with regulatory requirements through a verifiable third-party assessment. As these certification schemes are being developed, various sectors, including the electrical power and energy sector, will need to access the impact on their operations and plan towards successful implementation. Relying on a doctrinal method, this paper identifies relevant EU legal instruments on data protection and cybersecurity certification and their interpretation in order to examine their potential impact when applying certification schemes within the Electrical Power and Energy System (EPES) domain. The result suggests that the EPES domain employs different technologies and services from diverse areas, which can result in the application of several certification schemes within its environment, including horizontal, technological and sector-specific schemes. This has the potential for creating a complex constellation of implementation models and would require careful design to avoid proliferation and disincentivising of stakeholders.
AB - Cybersecurity concerns have been at the forefront of regulatory reform in the European Union (EU) recently. One of the outcomes of these reforms is the introduction of certification schemes for information and communication technology (ICT) products, services and processes, as well as for data processing operations concerning personal data. These schemes aim to provide an avenue for consumers to assess the compliance posture of organisations concerning the privacy and security of ICT products, services and processes. They also present manufacturers, providers and data controllers with the opportunity to demonstrate compliance with regulatory requirements through a verifiable third-party assessment. As these certification schemes are being developed, various sectors, including the electrical power and energy sector, will need to access the impact on their operations and plan towards successful implementation. Relying on a doctrinal method, this paper identifies relevant EU legal instruments on data protection and cybersecurity certification and their interpretation in order to examine their potential impact when applying certification schemes within the Electrical Power and Energy System (EPES) domain. The result suggests that the EPES domain employs different technologies and services from diverse areas, which can result in the application of several certification schemes within its environment, including horizontal, technological and sector-specific schemes. This has the potential for creating a complex constellation of implementation models and would require careful design to avoid proliferation and disincentivising of stakeholders.
KW - certification
KW - cybersecurity
KW - data protection
KW - energy
KW - Energy
KW - Data protection
KW - Cybersecurity
KW - Certification
UR - http://www.scopus.com/inward/record.url?scp=85126720301&partnerID=8YFLogxK
U2 - 10.3390/electronics11060965
DO - 10.3390/electronics11060965
M3 - Article
VL - 11
JO - Electronics
JF - Electronics
SN - 2079-9292
IS - 6
M1 - 965
ER -