Cybersecurity and resilience in the swiss electricity sector: Status and policy options

Electricity systems are critical infrastructure. With increasing digitalization, they become particularly vulnerable to cyberattacks. Cybersecurity hence becomes increasingly crucial for the security of supply. Based on a detailed analysis of the status of cybersecurity in the Swiss electricity sector, we derive a set of policy recommendations on how to raise countries’ cybersecurity levels in electricity systems. The analysis builds on a national E-survey that solicited self-assessment of cybersecurity maturity levels of 124 Swiss energy market participants. It was complemented by a detailed, comparative analysis of cybersecurity measures in Switzerland and its surrounding European neighbors. On average, we found a cybersecurity maturity that needs to be ameliorated regarding information and operation technology in the Swiss electricity sector. This situation calls for improved regulatory measures and monitoring to stimulate cyber resilience among market participants. •Analysis of cyber security maturity levels of 124 Swiss electricity market participants.•Overall low maturity levels for network operators, producers and metering operators.•Lack of established roles and responsibilities resulted in lowest maturity levels.•Potential measures include mandatory minimum standards and notification schemes.•Further improvements through continuous testing (incl. penetration tests).