The NCCS regulation provides detailed regulations on responding to cyberattacks in the electricity sector.
Establish CSOC capabilities and designate a Single point of contact (NCCS Article 28 Paragraph 1).
Develop capabilities to handle detected cyber-attacks with support from CSIRTs (NCCS Article 39 Paragraph 1).
Implement effective processes to identify, classify and respond to cyber-attacks that may affect cross-border electricity flows (NCCS Article 39 Paragraph 1).
Cooperate among affected high-impact and critical-impact entities to share information about cyber-attacks with effect on cross-border electricity flows (NCCS Article 39 Paragraph 2).
Designate a Single Point of Contact (SPOC) and ensure they have access on a need-to-know basis to the information about cyber-attacks they received from the NCCS-NCA (NCCS Article 39 Paragraph 3).
Establish cyber-attack management procedures (NCCS Article 39 Paragraph 3).
Test the overall cyber-attack management procedures at least every year (NCCS Article 39 Paragraph 3).
Have capabilities to take part in the detection and mitigation of cross-border risk (NCCS Article 40 Paragraph 4).
Investigate the root cause of cross-border electricity crisis - when impacted (NCCS Article 40 Paragraph 4).
Develop and test crisis management plans and business continuity plans (NCCS Article 41).
By December 31 of the year following the designation of critical impact entities, and every three years thereafter, each critical impact entity conducts a cybersecurity exercise (NCCS Article 43).