German government on IT security of energy system


At the beginning of August 2020, the German government received a so-called “Kleine Anfrage” (minor enquiry) from an opposition faction on the state of IT security of energy supply. In accordance with German parliamentary practice, such minor enquiries are answered in writing and in public by the Federal Government. The recently published written reply of 16 pages is of interest not only to German TSOs but also to European colleagues, as it covers national levels as well as the entire European interconnected grid.

Ultimately, the issue is the probability of a supra-regional blackout (not only for electricity, but for the entire energy supply). Does the progressing digitisation and automation result in an increased likelihood of energy supply failures? The attack surface of suppliers and grid operators surely has been expanded and the critical components of the digital energy system may be considered targets of cybercriminals or foreign states. In other words, the government had to deal with scenarios like in Marc Elsberg’s novel “Blackout”, which is supposed to be immensely popular in TSO circles (some will remember that the bestselling author was also one of the speakers at ElSeC 2017).

To start with, the Federal Government’s assessment is reassuring. Its statement is based on statistics for 2018 and 2019 from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik). According to these statistics, external parties were able to penetrate the IT networks of German suppliers three times in 2018. In 2019, suppliers were the target of unauthorised access twice. None of the reported attacks led to interruptions in the energy supply. The government attributes this partly to the certified Smart Meter Gateway, a communication unit with integrated security module which is used to secure critical infrastructures – and successively also in the areas relevant to the energy transition.

According to the Federal Government, long-lasting supra-regional power failures are extremely rare. Regarding the national or the entire European interconnected grid, it has never been at risk and it is assumed that blackouts are extremely unlikely. However, a concrete probability cannot be stated. But even in the very unlikely event of a blackout, at least nationwide, the grid operators would ensure a rapid return of electricity supply through their grid restoration strategies. For this purpose, special power plants are kept in reserve which can start up without any external supply of electrical energy and which can reactivate power grids.

The German Federal Government has commented on the state of IT security of energy supply (illustration using a picture from ENTSO-E)

> Open Reply of the Federal Government, in German (pdf, 321.7kB)