EPDK’nın Enerji Sektöründe Siber Güvenlik Yönetmeliği Taslağına İlişkin Değişiklikler

07 Dec, 2023

Blog

Changes to EMRA's Draft Cyber Security Regulation in the Energy Sector

Energy Market Regulatory Authority (EPDK), as an important regulator in Turkey's energy sector, made changes to the Cyber Security Competence Model Regulation in the Energy Sector, published on June 6.

With the Draft Regulation on Amendments to the Cyber Security Competence Model Regulation in the Energy Sector, published on December 5, organizations with black-start feature, 2 new sectors were added to the sector criticality classification table and new technical control articles were added for these sectors. This draft regulation will be kept open to public comments and suggestions until December 20.

The innovations specified in the regulation are as follows;

Organizations with Black-Start Feature

An important change that attracts attention in the new draft regulation is the inclusion of organizations with black-start features within the scope of the regulation. In the regulation;

Black-Start is defined as the restart of a power plant or part of a power grid after a complete or partial shutdown, without the support of the external electrical power transmission network.

Organizations consisting of legal entities that own electricity generation facilities that have been temporarily accepted, have Black-Start features and can contribute to the national grid, are subject to the provisions of this regulation.

Electricity Generation and Refinery Sectors

In addition to the electricity distribution and natural gas distribution sectors, two more sectors will be added to the sector criticality classification table with the new regulation. These sectors are electricity production and refinery sectors.

At the same time, new cyber security competency model technical control items have been added for the electricity production and refinery sectors.

Compliance and Audit

It is regulated that the progress reports to be submitted by the obliged institutions to EMRA through the Energy Market Notification System must be submitted within one month at the latest at the end of the implementation period.

Audit companies will be obliged to officially submit information and documents showing the qualifications they must have to EMRA every 6 months.

The innovations that will come with this regulation, which will come into force on the date of its publication, aim to raise the security standards in the sector by bringing more specific and sector-specific security measures to organizations in the energy sector. Evaluating the practical experience of electricity generation and refineries and companies in the energy sector and the constraints that may arise due to the technologies they currently have and cannot change, within the scope of this regulation, will contribute significantly to ensuring cyber security in the energy sector in a more comprehensive and effective manner.

Source

https://www.epdk.gov.tr/Detay/Icerik/5-13196/enerji-sektorunde-siber-guvenlik-yetkinlik-modeli

https://www.epdk.gov.tr/Detay/Icerik/4-13050/enerji-sektorunde-siber-guvenlik-yetkinlik-modeli

To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

Request a Quotation

About Content:

The Energy Market Regulatory Board made changes to the Cyber Security Competency Model Regulation in the Energy Sector, published on June 6. Details are in our content.