Global utilities lacking basic cybersecurity practices says expert

Image credit: Stock

More cyberattacks will be seen within the energy sector over the coming years as a result of the failure by the majority of global energy companies to practice basic cybersecurity protocols, according to Rafael Narezzi, Chief Technology Officer at CF Partners.

Narezzi said the integration of distributed renewable energy with main grids and the deployment of digital technologies will increase thereby increasing the vulnerability of integrated energy assets to cyberattacks. And as such, energy companies will need to improve their cybersecurity frameworks.

Doing the basics is one of the necessities I do not see many companies doing,” said Narezzi.

He said this is because companies have inadequate funds for cybersecurity mechanisms, which results in a lack of understanding of the topic by company executives.

Despite their lack of knowledge on the topic, company executives are concerned about cybersecurity but do not know how to act, says Narezzi. According to the Chief Technology Officer, many executives are not aware of the steps they should take to ensure the growing vulnerabilities of grids to cyberattacks are addressed.

Despite recent cyber attacks within the energy landscape, little attention has been given to enhancing resilience, explains Narezzi.

He said the little efforts that are made are are not enough to secure energy systems that continue to be vulnerable due to the increasing amount of distributed resources and digitalisation. Moreover, cyber attackers are coming up with new ways of penetrating into energy systems.

“Have we done cyber hygiene better than before? I don’t think so. Energy companies are still lagging. We are moving but not at the right speed of cybers [cyber criminals]. Companies need to be at the front, not at the back waiting for things to happen,” he said.

What needs to be done

Narezzi was speaking during a webinar, Cybersecurity for a decentralising energy system, hosted by Enlit Europe.

In the webinar, Narezzi urged energy companies to increase investments in cybersecurity and be proactive. In addition to investmentshe urged companies to make cybersecurity a main driving force of the business.

Johan Rambi, Cyber Security Strategist at EE-ISAC, who was also a speaker, added: “Since 2018 nothing has happened specifically on creating specific standards in the areas of renewable energy and cybersecurity,” and as such, there needs to be more collaboration between stakeholders on standards development.

He said there is also a need for more regulation to be enacted to support cybersecurity frameworks development and adoption.

Have you read?
Are Nation-State cybersecurity threats real?
Get someone to hack your system – its the best way to test your defences
AEMO secures ARENA funding for distributed generation simulation tool

Cybersecurity market trends

The webinar speakers also discussed factors they anticipate will shape the global cybersecurity segment in the next few years including:

  • An increase in certification programmes for both distributed energy resources and cybersecurity frameworks.
  • More cyberattacks solar and battery storage supply chains.
  • Increase in integration of grid networks with distributed energy resources and in vulnerabilities of energy networks to attacks.
  • More collaboration and information sharing between utilities, academia, research institutions and technology companies to improve cybersecurity solutions.

Find out more about these trends and the cybersecurity market by listening to the on-demand webinar.

No posts to display