WORK WITH US |  General Archive |  Suppliers |  Contacts 
  • Infrastructure maintenance
  • Information security and cyber security

Maintenance of electricity grid infrastructure is essential in order to guarantee quality of service, with the aim of ensuring that grid reliability meets the very highest standards. The tools used to support maintenance activities are subject to continuous innovation, as regards identification of the most suitable interventions (MBI-Monitoring and Business Intelligence, a tool used to support decision-making), the scheduling and execution of operations (WFM – Work Force Management) and the adoption of modern aerial inspection techniques for the electricity grid. Implementation of the plan to progressively assume responsibility for operation and maintenance (O&M) of the electricity substations owned by Rete Srl (following acquisition of RFI’s assets) proceeded in 2018. By the end of the year, responsibility for 239 of the 354 substations acquired had been transferred.

26,000 checks
at stations with various voltage levels in 2018
107,700 km
of grid inspected on-site in 2018
46,500 km
of grid checked based on instrument methodologies in 2018
21,200 km
of power lines where plant cutting was done to ensure the lines operate correctly and safely
All lines
are inspected on average more than once a year


We work continually to improve our ability to identify and optimise interventions on the grid; we use the best possible techniques to conduct checks based on innovative instruments and processes.

Renewal Programme

The Renewal Programme is based on an analytical method that, starting from consistent, objective technical criteria, identifies and evaluates extraordinary maintenance works (“renewal”), assessing the state of repair and technical status of components in relation to the conditions under which they operate and giving priority to components and plant that play a key role in operation of the grid.

The Programme includes work to be carried out on specific components, limiting interventions to parts of the infrastructure that effectively require attention in order to continue operating efficiently over as long a period of time as possible.

Extraordinary maintenance

Renewal work (the replacement of components and entire systems) was carried out in 2018 at a cost of approximately €300 million in order to prolong the useful lives of power lines and substations. In terms of power lines, 1,100 km of conductors, 1,400 km of ground wires and 400 pylons were replaced; in terms of substations, 10 static machines, 70 circuit breakers, 120 disconnectors, 289 current transformers and 130 voltage transformers were replaced. Protection and control systems for approximately 200 HV bays were also replaced.


Did you know that…
Thanks to the “live technique”, we can carry out maintenance checks without disconnecting service lines, and in this way avoid disruptions. Using this technique, we carried out 3,400 checks and maintenance interventions during 2018.

The cyber risk scenario is increasingly complex and intricate. In addition to the traditional threats that affect every ICT project, there has been a sharp rise in the number of threats relating to the current digital transformation process at highly innovative companies and the increase in interconnections between the various operators. The entry into force of new European regulations, above all the General Data Protection Regulation (GDPR) and the Network & Information Security (NIS) directive means companies are having to rethink some of their information and cyber security processes, in order to ensure full compliance. For some time, Terna has used an Information Security Governance Model, based on policies and procedures combined with a coordinated Information Risk Management (“IRM”) operating programme. This is coordinated by the Group's CISO (Chief Information Security Officer). The Model takes into account all the risk factors (organisational, technical and technological, physical, environmental and cyber, etc.) to which the Group's ICT ecosystem is exposed, including compliance with data protection legislation and efforts to combat cyber-crime, with the aim of countering their impact (disruption to computer networks or services critical to the operation of the electricity system and/or resulting in potential damage to the National Transmission Grid (NTG); loss of confidentiality; and the theft or alteration of sensitive, strategic and confidential data held by Terna relating to the electricity market and/or third parties). Finally, via the operational safeguards put in place by the Security and Service department’s cyber security unit, Terna promptly identifies and contains security incidents, thereby minimising information loss and facilitating restoration of the services involved.

Activities in 2018
Cyber security training

An extensive awareness-raising campaign on cyber security issues, aimed at senior managers, middle managers and roles with particular responsibilities, as well as newly recruited staff, has been completed. Terna also took part in a special competition (red team versus blue team type) under the patronage of ENTSO-E and SANS, in which over 100 European TSOs and DSOs took part. Terna performed well during the competition to rank among the top five.

Strengthening of the Information Security Framework

The Information Security Framework and, above all, the set of countermeasures that Terna puts in place to combat cyber risk was updated in line with the latest version of the NIST standard, adopting additional security measures relating to critical areas such as GDPR, IoT and SCADA/ICS systems. During 2018, Terna began the process of assessing and testing solutions for transferring cyber risk to third parties, entering into insurance policies to cover the risks posed by ransomware, phishing and the theft of personal data for which Terna is the data owner or manager. The process was completed once the Company had obtained cover and the policy will be extended to cover additional risks in the three-year period 2019-2021.

Consolidation of the capabilities of the Cyber Security Operations & Data Protection Centre

The process of strengthening and refining corrective actions and new initiatives designed to prevent cyber risk continued within the Security and Service department. Terna’s Computer Emergency Readiness Team (CERT) redesigned its Real Time Security Monitoring, Incident Handling, Threat Intelligence and Security Content Engineering & Threat Hunting processes on a 24h/365d basis. Info Sharing with public bodies, other essential service providers and the CERT’s Threat Intelligence partners was further developed as regards tailored intelligence. The Cyber Security Engineering centre was used to set up important working groups aimed at reducing the cyber risk associated with the Industrial Automation and Control Systems (IACS) that support Terna’s core business. These new departments complement and integrate with the Cyber Security Assessment department, which carried out periodic assessments of the vulnerabilities in Terna’s IT systems and checks on the related recovery plans.

Consolidation of GDPR compliance

An audit of GDPR compliance was completed, with the adoption and initial implementation of numerous initiatives necessary in order to ensure full compliance and the rollout of a data protection model across the Group. This included training and internal communication initiatives, including specific workshops for senior management and online courses and training pills for all staff, with the aim of creating a Group-wide privacy and data protection culture.

Identity and Access Management (IAM)

The Identity and Access Management (IAM) process regarding the management of access authorisations to critical IT resources has been strengthened. This has involved the implementation of first use case monitoring (identity governance) in order to extend visibility (and governance) for applications supporting Terna’s operational activities and financial reporting.

Monitoring and cyber defence capabilities

During the year, the extension and update of security monitoring services for systems and networks of platforms incorporated within Information Security and Event Management (ISEM) system continued. With regard to the detection of cyber threats, a technological solution based on machine learning and artificial intelligence using non-formal logic was adopted. There was also continuous analysis and threat hunting using Indicators of Compromise (IOC) reports, especially those deriving from public bodies (e.g. the Italian Computer Emergency Response Team, the National Anti-Cyber Crime Centre for the Protection of Critical Infrastructure, etc.) and the entry into operation of an advanced anti-malware solution for all workstations, involving monitoring, analysis and continuous recording of all executable and non-executable file activities, regardless of whether they are already known to be malware. Work on the protection of SCADA systems using a whitelisting solution and on the logical segregation of networks is continuing.