Defensive action against cyberattacks in energy sector is lagging, DNV says

Facebook
Twitter
LinkedIn
Reddit
Email
The research called for more workforce training to safeguard critical infrastructure. Image: Endesa.

Faster action should be taken to counter the threat of cyberattacks in the energy industry as professionals raise concerns about the possibility of operational shutdowns and damaged assets, according to new research from risk management and quality assurance provider DNV.

More than four-fifths of professionals working in the power, renewables and oil and gas sectors believe a cyberattack on the industry is likely to cause operational shutdowns and damage to energy assets and critical infrastructure, found the report, titled The Cyber Priority.

This article requires Premium SubscriptionBasic (FREE) Subscription

Unlock unlimited access for 12 whole months of distinctive global analysis

Photovoltaics International is now included.

  • Regular insight and analysis of the industry’s biggest developments
  • In-depth interviews with the industry’s leading figures
  • Unlimited digital access to the PV Tech Power journal catalogue
  • Unlimited digital access to the Photovoltaics International journal catalogue
  • Access to more than 1,000 technical papers
  • Discounts on Solar Media’s portfolio of events, in-person and virtual

Or continue reading this article for free

Based on a survey of more than 940 energy professionals around the world and interviews with industry executives, the research said 74% of respondents expect an attack to harm the environment while more than half (57%) anticipate it will cause loss of life.

As operational technology (OT) – the computing and communications systems that manage, monitor and control industrial operations – become more networked and connected to IT systems, attackers can access and control systems operating critical infrastructure such as power grids and wind farms, said Trond Solberg, managing director of cybersecurity at DNV.

“Our research finds the energy industry is waking up to the OT security threat, but swifter action must be taken to combat it,” he added.

Despite emerging cybersecurity threats, the research reveals that only 20% of renewables professionals assert confidently that they know exactly what to do if they were concerned about a potential cyber risk or threat on their organisation.

Out of the energy sector segments covered in the report, the renewables industry “is at greatest risk of employees making a misstep at the crucial moment”, according to DNV, which has called for energy companies to invest in training employees to spot instances of criminal attempts to gain access to their systems.

“A company’s workforce is its first line of defence against cyberattacks,” said Jalal Bouhdada, CEO of Applied Risk, a cybersecurity firm acquired by DNV last year.

“Effective workforce training, combined with ensuring you have the right cybersecurity expertise in place, can make all the difference to safeguarding critical infrastructure.”

Six in ten C-suite level respondents to DNV’s survey acknowledge that their organisation is more vulnerable to an attack now than it has ever been. However, more than a third (35%) of energy professionals say their company would need to be impacted by a serious incident before investing in their defences.

According to the research, one explanation for some companies’ apparent hesitance to invest in cybersecurity may be that most respondents believe that their organisation has so far avoided a major cyberattack, with 22% suspecting their organisation has been subject to a serious breach in the last five years.

Another report published earlier this year by safety and certification company UL and the US Department of Energy’s National Renewable Energy Laboratory found that distributed solar PV can be exposed to cyberattacks because of the increasing progression of smart inverter technologies that communicate directly with the grid network.

Read Next

October 10, 2024
DNV's report shows that 2024 is a landmark year, but the energy transition still faces financial and political headwinds.
Premium
September 4, 2024
The idea of stationing PV systems at sea is rapidly gaining traction as an exciting new opportunity for the industry.
September 4, 2024
The Q3 2024 edition of our downstream solar PV journal, PV Tech Power, is now available to download, focussing on the US grid.
July 4, 2024
A collective effort will be required to realise the potential of the solar PV industry, according to Sonia Dunlop of the Global Solar Council.
July 2, 2024
Carbon has announced plans for its next facility, a research and development (R&D) and training facility in Istres, southern France.

Subscribe to Newsletter

Upcoming Events

Solar Media Events
October 15, 2024
Santiago, Chile
Solar Media Events
October 22, 2024
New York, USA
Solar Media Events
November 12, 2024
San Diego, USA