SecureBiz-onboard delivers risk-based authentication, authorisation and onboarding controls for Norwegian power suppliers — closing compliance gaps and reducing sector-wide cyber risk.
The project
Threat modelling · Risk assessment
Power suppliers are gatekeepers of the energy system — they manage grid access and the sensitive customer data that makes them a critical entry point to energy infrastructure. Norway's sector is largely made up of SMEs with limited capacity to address escalating cyber threats and new EU and RME regulatory demands.
From 1 June 2025, power suppliers must ensure secure authentication and explicit consent when onboarding both private and business customers. Yet six months on, a large share of the sector remains non-compliant — and on 21 November RME issued supervision letters to 87 companies.
SecureBiz-onboard exists to change that.
lack secure authentication & consent for private customers
lack measures for onboarding business customers
of websites fail NCSC-NL HTTPS requirements
supervision letters issued by RME on 21 Nov
Source: EYD sector research, October 2025.
Objectives
The project's primary goal is measurable improvement in cyber resilience — reducing sector-wide vulnerabilities and clarifying the regulatory path for power suppliers.
Adapt EYD's security assessment tool to the sector. Run 15+ SME assessments, deliver targeted remediation, and extract cross-cutting insights for benchmarks and best-practice guidelines aligned with NIS2 and the Digital Security Act.
Apply STRIDE and PASTA threat modelling to refine EYD's onboarding and access controls. Address business representative verification, manual registration, and risk-based customer data to harden access to grid infrastructure.
Translate regulation into operational practice through monthly webinars, workshops, and partner sessions. Feed insights back into the RME/Elhub working group defining the next phase of grid access controls.
Expected impact
Horizon
0–6 months
Horizon
6–18 months
Horizon
18+ months
Consortium
Together, the partners reach approximately 40% of the Norwegian energy sector and combine cybersecurity expertise, sector insight, research and global business intelligence.
Project owner & cybersecurity provider
Established security provider to the Norwegian energy sector, serving ~30% of power suppliers with onboarding services built for secure authentication and consent.
Energy sector partner
Represents 30+ energy organisations and is a subsidiary of Elmera Group (Fjordkraft). Brings reach, sector insight and operationalisation of project results.
Compliance & training
Cybersecurity and compliance consultancy with deep expertise in NIS2 and the Norwegian Digital Security Act. Delivers tailored training to lift sector resilience.
Research dissemination
One of Europe's largest independent research organisations. The Cyber Security Research Group at SINTEF Digital contributes expertise and EU-wide dissemination.
Business data & risk
Global leader in business information with a strong Nordic energy position. Contributes risk assessment data and customer intelligence for secure business onboarding.
EU Funded
Crescendo
SecureBiz-onboard is supported under Crescendo Call #1, an EU initiative accelerating cybersecurity innovation across critical sectors. Funding enables the consortium to deliver tooling, assessments and knowledge-sharing at the scale the energy sector requires.
Visit project-crescendo.eu →Get involved
Join an assessment, attend a webinar, or contribute to the working group shaping the next phase of grid access controls.