The Italian Electrical Grid is Among the Most Advanced in the World: Gridspertise Explains Why

Cybersecurity is crucial for the future of power grids. While the digital transformation of these grids brings significant benefits to both customers and utilities, it also introduces potential risks. The sharp rise in cyberattacks is jeopardizing the stability and security of electricity grids.  
 
A recent study by German cybersecurity experts, Fabian Bräunlein and Philipp Melette, highlights the vulnerability of the Radio Ripple Control system — a technology used to control and manage the electrical grid in several European countries. This system relies on receivers to capture radio signals, enabling remote control of connected devices. The main issue with the protocol is that its communications are neither encrypted nor authenticated, allowing malicious actors to disrupt the electrical grid using widely available tools such as Software Defined Radios (SDRs). In their demonstration, the researchers used a Flipper Zero device to successfully switch off system handling up to 60 GW of electricity. Using the same approach, an attacker could theoretically exploit the vulnerability and threaten the wider European electricity grid. 

This raises important questions about the resilience of the Italian electrical infrastructure. In a recent interview with Edge9, Gennaro Fiorenza, our Head of TLC and Cyber Security, explained the key differences between the Italian grid and other European networks.

Innovative Solutions for the Digitalization of Electrical Distribution Networks

We are a company that develops services and solutions that contribute to the digitalization of electrical distribution networks. “The technologies and services that enable use cases known as smart metering,” explains Fiorenza. “In our case, when discussing solutions, we refer to the technologies distributors use to control and automate the electrical grid.” 
 
Our clients include global energy distributors, particularly those within the Enel group in Europe and Latin America. We also have clients in Europe and Italy, including many small distributors and municipal utilities. “Recently, we have activated several proofs of concept to showcase our technologies to potential clients from the Far East to North America, passing through Central Asia and the Middle East,” highlights Fiorenza. 

Is the Italian electricity grid safe?

If the German electrical grid is considered insecure, what is the situation in Italy, a country often seen as lagging in digitalization and technological innovation? Surprisingly, in this regard, Italy is at the forefront: “The Italian system is one of the most advanced in terms of digitalization,” says Gennaro Fiorenza. "Grid digitalization in Italy started in the early 2000s, perhaps even in the late 1990s. The first version of the smart meter dates back to that period.” 
 
Italy’s early adoption of smart meters earlier compared to other European countries is not the only reason its distribution grid can be considered advanced. There are other contributing factors. One is historical: after World War II, Italy undertook a major effort to nationalize its electricity grid — something that did not occur in many other Western countries, “where the energy sector is much more fragmented, a collection of micro-entities managed by various municipalities. This is the case in Germany and Northern Europe, less so in France, which took a similar approach to ours,” adds Fiorenza. 
 
The second factor is related to the national regulatory framework, that Italy has adopted, which thanks to its incentive mechanisms, has pushed distributors to continuously improve service quality not just through infrastructure investments but also in digital technologies. According to Fiorenza, “these drivers have pushed distributors operating in Italy to adopt solutions over time that are significantly more advanced than those found even in North America and other so-called developed countries.”

In contrast, in other countries, such as Germany, a different approach was followed, leading to the continued use of outdated systems like Radio Ripple Control, which suffers from significant limitations. The fact that communications of a critical infrastructure like the electrical grid are not encrypted and lack any form of authentication is quite serious, but it is also a legacy of the past. “Man-in-the-middle or spoofing attacks are possible,” explains Fiorenza. A man-in-the-middle (MitM) attack occurs when a malicious actor secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. Spoofing involves an attacker impersonating a trusted device or user to gain unauthorized access to systems or data. “These types of cyber threats do not exist in the implementations of the Italian grid,” clarifies our Head of TLC and Cybersecurity. 

The pivotal role played by cybersecurity 

Fiorenza also emphasizes how our company has a significant advantage over other operators in certain aspects: “Our cybersecurity team also handles telecommunications. We started as networking specialists, and consequently, we have experience in cybersecurity. We have faced the transition from network security to security by design.” In this context, he refers to our observability solution, which was developed based on two pillars: the first is the encryption of the communication channel. “Any communication is encrypted because we create VPNs that span the entire path — from the secondary substation, where the producer is typically connected, to the primary substation, the transformation plant that is at a higher hierarchical level in the electrical grid, to the control center.” These communications are encrypted and occur on a network that is physically and logically separated from the networks of producers and distributors. 
 
Another important aspect is that our company participated in the technical committees responsible for drafting the standards for communication implementation. This communication is not only encrypted but also relies on TLS (Transport Layer Security), which requires authentication as well. This requirement represents the second pillar of Italy’s grid digitalization. 
 
In contrast, solutions such as Radio Ripple Control fail to comply with the recent NIS2 directive, which mandates that entities operating in critical infrastructures, like the electrical grid, must adhere to certain standards. “In August 2025, the updated version of the Radio Equipment Directive will take effect, banning the use of radio devices that do not incorporate encryption solutions," adds Fiorenza. 

The cybersecurity advantage 

Fiorenza confirms that the competitive and technological advantage of companies offering more advanced solutions could also be used as a business lever. Today, in fact, when choosing an energy contract, only one parameter is considered: the cost. If we consider the needs of those who provide only certified renewable energy, we gain a clearer picture.  
 
Could a more cyber-secure electrical grid become a marketing advantage? “I believe the time is ripe from a marketing perspective to exploit this possibility. I think there is this sensitivity and that we can work on the ability to differentiate ourselves from a cybersecurity perspective, across the entire supply chain,” concludes Fiorenza.