The European Network for Cyber Security (ENCS) and the Dutch Institute for Vulnerability Disclosure (DIVD) today announce the signing of a Memorandum of Understanding (MoU) to strengthen cooperation on vulnerability discovery, disclosure, and resolution affecting Europe’s power grids and other critical infrastructure. The MoU was signed yesterday during ENCS’ annual General Assembly meeting, held at ENCS headquarters in The Hague.
The agreement establishes a framework for collaboration between the two non-profit organisations, combining ENCS’ specialist security testing expertise with DIVD’s experience in coordinated vulnerability disclosure and Common Vulnerabilities and Exposures (CVE) registration. The cooperation takes effect immediately.
Under the MoU, ENCS and DIVD will work together to identify and resolve vulnerabilities in high-power IoT components. During the General Assembly, ENCS launched its high-power IoT security testing programme, including a hacking demonstration highlighting the importance of coordinated vulnerability discovery and responsible disclosure for critical infrastructure. Vulnerabilities identified by ENCS security testers will be coordinated through DIVD’s disclosure and CVE processes. ENCS security experts will also participate in DIVD testing activities and events.
The collaboration aligns with growing EU focus on strengthening vulnerability management for critical infrastructure, including under the Cyber Resilience Act. As energy systems become more digital and interconnected, vulnerabilities in widely deployed components can have cross-border impacts.
Anjos Nijk, Managing Director of ENCS, said: “Strengthening Europe’s cyber resilience requires close cooperation across the cybersecurity ecosystem. This agreement enhances our ability to identify and resolve vulnerabilities affecting critical infrastructure, while reinforcing responsible disclosure practices that help reduce risk for grid operators and other essential service providers.”
Chris van ’t Hof, Director of DIVD, said: “Effective vulnerability disclosure depends on trust, coordination and technical expertise. By working with ENCS and its community of security specialists and infrastructure stakeholders, we can help ensure vulnerabilities in high-impact systems are handled efficiently and responsibly.”
Maarten Noom, Director Asset Management at Enexis and Chair of the ENCS General Assembly meeting, said: “With its deep industry knowledge and extensive network, ENCS has proven to be a valuable partner, making a crucial difference in addressing real cyber threats to our critical infrastructure.”
At the General Assembly, ENCS members also appointed Wolfgang Löw, CISO of EVN Group, as Chair of the ENCS Assembly Committee. Speaking of the appointment, Löw said: “I am grateful for the trust of the ENCS Assembly, and I look forward to supporting ENCS in strengthening Europe’s cyber resilience. The partnership with DIVD is an important milestone: timely insight into vulnerabilities in high-impact systems is essential for critical infrastructure operators to initiate effective protective measures at an early stage. This collaboration underscores ENCS’ leadership in driving coordinated vulnerability discovery and resolution across the energy sector.”
