The fact that electricity networks are vulnerable and suffer malfunctions caused by cyber attacks is now recognized as a real risk. The blackout that occurred in December 2015 in Ukraine, which involved three distribution companies, causing the disconnection of dozens of power plants and the disconnection of hundreds of thousands of users for several hours, marked the history of cyber crime targeting electricity companies. As highlighted by the analysis of this real attack, the offensive action against power systems is often made through information systems connected to company networks. Electricity companies and government authorities agree that cybersecurity is an indispensable dimension for energy business and national stability, which requires cooperation between institutions, operators, and suppliers of related products and services. On the subject of regulation, the European reference is the NIS Directive (EU 2016/1148) on the security of digital networks and systems managed by operators of essential services. Further motivation to strengthen cybersecurity within the sector is provided by the clean energy package and the energy transition now underway. The European Network Codes aimed at the implementation of energy flexibility services, and which involve energy producers, prosumers and aggregators, extend the scope of cyber security to digital infrastructures for the exchange of data between these subjects and system and market operators . With the aim of improving the security posture of energy operators, the paper presents the CYRENE research framework ‘CYber Resilience framework for ENErgy systems,’ an environment that includes methods, tools and technologies for security assessment in digital energy applications. The CYRENE cyber security functions are guided by the analysis of cyber-power scenarios and are based on standards and regulatory constraints. The paper describes the CYRENE tools and platforms, providing examples of use to calculate performance indicators in realistic application cases.