Statnett and EIES’ REpower Europe's Energy and Grid Security roundtable, held on 24 September 2025, brought together high-level representatives from NATO, the European Commission, the European Parliament, industry, and think tanks to exchange on solutions to the challenges facing Europe's energy infrastructure.

Executive Summary

Discussions reinforced the urgent need to enhance resilience against physical, cyber, and other types of hybrid attacks while accelerating energy infrastructure deployment and modernisation to support Europe's energy, economic and national security.

The event highlighted that grid security cannot be an afterthought in Europe's energy transformation. Discussions centred on four fundamental pillars: (I) strategic planning and permitting reform to accelerate infrastructure buildout, (II) the adoption of a "security by design" approach, (III) new financing models, and (IV) improved civil-military cooperation and the need for a “total defence” mindset. Participants emphasised that success requires greater coordinated action at EU-, NATO- and country-level on infrastructure buildout and threat management - backed by allied production and standardisation of grid components.

Europe's position as host to the world's most interconnected power system creates both opportunities and responsibilities. The upcoming EU Grids Package, revision of the EU Energy Security Framework, and next Multiannual Financial Framework (MFF) for 2028-2034 represent critical opportunities to embed these principles into regulatory frameworks and create the conditions for the adequate financing of Europe’s energy backbone:

Key takeaways

1. Energy availability is the foundation of Europe’s industrial strength and ability to guarantee its security. Grid planning is highly strategic and needs to be better coordinated at the European level, in coordination with security stakeholders and industrial demand. European countries must fast track permitting, particularly for strategic projects such as cross-border interconnectors.

2. Europe must put a value on resilience and develop financing mechanisms to support anticipatory and security-focused investments. Innovative cost-sharing mechanisms are needed to incentivise countries to invest in cross-country interconnections that bring Europe-wide energy security benefits.

3. A “security by design" approach is fundamental in critical infrastructure development, proactively addressing risks and vulnerabilities through technology (e.g. sensors, AI, drones) and crisis response frameworks. Quantifiable targets for critical (energy) infrastructure security could be defined at NATO and/or EU level.

4. To strengthen supply chain security and enable rapid crisis response, Europe must promote domestic and allied production, and standardisation of critical components (e.g. transformers, batteries) through sound industrial policy and a structured dialogue between infrastructure developers and manufacturers. Energy infrastructure needs must be properly mapped to ensure critical components are available when and where needed.

5. Threat awareness and preparedness must be embedded into infrastructure operator culture through regular physical and cyber security assessments, clear crisis response frameworks and the use of new technologies (e.g. AI) to strengthen infrastructure resilience.

6. Information sharing between infrastructure operators, governments and security stakeholders (the military, intelligence community) must be strengthened at both the national and supranational (EU, NATO) level.

7. “Preparedness through collaboration” must remain a priority across European countries to develop public-private and cross-border cooperation mechanisms for rapid crisis response, including the sharing of equipment and technical expertise (learning the lessons from Ukraine).

Discussion Themes

The event reinforced findings from EIES' November 2024 Allied Energy Infrastructure Security roundtable, while highlighting new challenges posed by the evolving threat landscape. Participants emphasised that Europe has the most interconnected power system in the world, which creates opportunities for enhanced resilience, but also exhibits systemic vulnerabilities that demand coordinated mitigation strategies.

I. Strategic Planning and Permitting 

The upcoming EU Grids Package, together with the review of the Energy Security Framework and the next EU budget for 2028-2034, present opportunities to address fundamental barriers to grid modernisation and resilience investments.

Grid planning is highly strategic and needs to be better coordinated at the European level, in coordination with security stakeholders, particularly for interconnectors. Regional cooperation models, such as the successful Baltic synchronisation project, demonstrate the potential for coordinated infrastructure development, while persistent bottlenecks in Southwest and Southeast Europe illustrate the costs of fragmented planning. At the national level, participants noted that regulators often lack comprehensive oversight of distribution system operator (DSO) investments, complicating coordination efforts. Enhancing transparency and oversight of DSO investments was suggested as necessary to facilitate better coordination and planning at the European level.

Countries must take action to simplify and fast track permitting processes and prioritise strategic cross-border interconnections. Participants emphasised that, while the necessary EU-level legislation is in place, its implementation remains inconsistent. The discussion highlighted that the challenge lies in translating existing EU legislation into streamlined national procedures that prioritise strategic projects for cross-border interconnections and incorporate resilience priorities.

II. Security by Design and Proactiveness 

“Security/resilience by Design” approaches mustneed to focus on building energy infrastructure and energy systems that are able to anticipate, withstand and recover from hybrid attacks. For example, Statnett’s approach to grid security in Norway includes incorporating physical and cybersecurity measures from the very beginning of infrastructure planning and construction. This means designing grids and systems with security at their core, recognising the current evolution of the threat landscape across Europe and incorporating lessons learned from Ukraine's experience of continuous attacks on critical infrastructure. Transmission system operators must evolve toward proactive integration of security technologies and processes, which cost more upfront but are likely to reduce costs in the long-term.

Infrastructure operators must focus on both physical and cyber security risk mitigation. Participants noted that this not always the case, leaving the system vulnerable to hybrid attacks that combine cyber and physical vectors. The combination of ageing systems with rapid digitalisation leads to an expanding attack surface that requires both new technical solutions and cultural changes in how infrastructure security is approached. Artificial Intelligence, for instance can improve pattern recognition for cybersecurity monitoring and enhance grid efficiency, but it also requires careful implementation to prevent hostile weaponisation.

Standardising components can help improve compatibility across systems. This is particularly important for critical components in transformers, where 3-5-year lead times create significant supply chain vulnerabilities. Ukraine's experience since the start of the Russian invasion in 2022 has showed that only a limited number of offered spare parts could be used due to incompatibility issues. This highlights the strategic importance of European component standardisation, and the need for a full mapping of European grids, their substations and equipment to ensure critical components are available when and where needed.

Domestic and allied manufacturing of critical grid components improves preparedness and supply chain security. “Made in Europe” critical components, such as transformers, reduce both dependencies on potentially unreliable third-country suppliers and trade risk. Domestic manufacturing also shortens supply chains, enabling faster response during crises. It also enhances quality and risk control for hardware and software integrated into Europe's interconnected system, supports stockpiling strategies tailored to European grid specifications, and facilitates the standardisation essential for cross-border compatibility.

Distributed Energy Resources (DER) have proven resilient. This has been demonstrated in Ukraine and outside Europe. For instance, following the collapse of Puerto Rico’s transmission and distribution grid during the 2017 hurricanes, DERs and microgrid installations enabled faster and more reliable power restoration.  Decentralisation creates both new opportunities for grid resilience and additional complexity in security management.

III. Financing Resilient Infrastructure 

Private capital, in partnership with governments, can be a highly effective vehicle to coordinate investment in strategic sectors such as energy infrastructure. The scale of the required grid investment - EUR584 billion by 2030, according to the European Commission - demands a new financing model that recognise the long-term economic and security benefits of such investments. While the proposed increase of Connecting Europe Facility (CEF) funding for energy infrastructure in the next MFF 2028-2034 would provide crucial public backing, policy efforts to direct private investment towards such projects must intensify to bridge the gap.

The long-term economic and security benefits of critical infrastructure investments must be quantified to overcome political and financing hurdles. Current regulatory frameworks often fail to provide adequate returns on grid investments, particularly for security-related upgrades that generate societal benefits but limited direct revenue streams. Anticipatory investments in grid modernisation and resilience measures must be incentivised, given their potential to prevent far more costly disruptions. Integrating risk mitigation and accounting for physical, cyber and climate risks in investment plans is essential to ensure that these measures are appropriately valued and prioritised.

Cross-border cost-sharing mechanisms must incentivise countries to invest in cross-country interconnections that bring Europe-wide energy security benefits. Current approaches to interconnection development face challenges in aligning costs with benefits, as evidenced by situations where countries’ reluctance to question investing in infrastructure when they may not receive proportional benefits. This highlights the need for innovative mechanisms that better value the Europe-wide security that strategic interconnectors provide.

Performance-based regulation can incentivise investment in resilience technologies. This can transform security costs into competitive advantages. This approach could also encourage the development of European capabilities in critical components manufacturing while reducing dependency on potentially unreliable third-country suppliers.

IV. Enhancing EU-NATO, civil-military cooperation and “whole of society” preparedness 

Varying national approaches to critical infrastructure protection highlight the need for enhanced EU/NATO-level coordination. The growing role of NATO and the EU in the realm of critical infrastructure security offers new frameworks for civilian-military cooperation that can enhance overall preparedness and resilience of the energy sector. Quantifiable targets for critical (energy) infrastructure could be defined at NATO and/or EU level. The private sector often faces challenges defending against sophisticated, large scale, state-sponsored attacks on their own. This requires better communication between infrastructure operators and the security community (e.g. military, intelligence actors). Information sharing remains predominantly one-directional, with limited intelligence flowing back to operators.

A “preparedness through collaboration” mindset is essential to facilitate public-private and cross-border cooperation mechanisms for rapid crisis response, including the sharing of equipment and technical expertise. Examples include Nordic cooperation in grid incident response as well as Ukraine's response to Russian physical and cyber-attacks over the past three years. Important examples of cross-border security frameworks also include the agreement between France and the UK to mutually provide each other with subsea cable repair vessels during infrastructure incidents, ensuring rapid repairs for grid operators.

Threat awareness and preparedness must be embedded in society through national initiatives such as Norway’s updated National Security Strategy (May 2025), which emphasises the need for “Total Defence” capability and preparedness across the whole society and economy. State-led disinformation campaigns and variations in threat perception across Europe affects both investment decisions and policy implementation. Recent incidents, including suspected sabotage of subsea telecommunications and electricity cables, as well as ongoing cyber and drone campaigns, demonstrate that threats are active, evolving and require proactive counter strategies.