Are security standards for electricity infrastructure a good choice for Europe? Evidence on cost and benefits from two case studies

Power system controls are vulnerable to cyber-attacks that can seriously affect and even inhibit their operation. Such attacks may affect large portions of the power system, make repair difficult and cause huge societal impact, so pressure to ensure cyber-security of control and communication systems is now strong worldwide. Several cyber-security frameworks were developed, but it is rather difficult to anticipate adoption costs and benefits, and this hampers their generalised adoption. T his paper focuses on the outcome of two case studies (concerning the Italian power generation and the Polish transmission systems. The socio-economic impact of failures and the costs of standard adoption are estimated on an objective basis. It is up to public authorities to decide whether to require the adoption of security standards to operators in the electric system. The nature of public good of security underlines the necessity of public support for this operation, but we discuss the extent and the management of this support.