Defensive action against cyberattacks in energy sector is lagging, DNV says

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email
The research called for more workforce training to safeguard critical infrastructure. Image: Endesa.

Faster action should be taken to counter the threat of cyberattacks in the energy industry as professionals raise concerns about the possibility of operational shutdowns and damaged assets, according to new research from risk management and quality assurance provider DNV.

More than four-fifths of professionals working in the power, renewables and oil and gas sectors believe a cyberattack on the industry is likely to cause operational shutdowns and damage to energy assets and critical infrastructure, found the report, titled The Cyber Priority.

Based on a survey of more than 940 energy professionals around the world and interviews with industry executives, the research said 74% of respondents expect an attack to harm the environment while more than half (57%) anticipate it will cause loss of life.

As operational technology (OT) – the computing and communications systems that manage, monitor and control industrial operations – become more networked and connected to IT systems, attackers can access and control systems operating critical infrastructure such as power grids and wind farms, said Trond Solberg, managing director of cybersecurity at DNV.

“Our research finds the energy industry is waking up to the OT security threat, but swifter action must be taken to combat it,” he added.

Despite emerging cybersecurity threats, the research reveals that only 20% of renewables professionals assert confidently that they know exactly what to do if they were concerned about a potential cyber risk or threat on their organisation.

Out of the energy sector segments covered in the report, the renewables industry “is at greatest risk of employees making a misstep at the crucial moment”, according to DNV, which has called for energy companies to invest in training employees to spot instances of criminal attempts to gain access to their systems.

“A company’s workforce is its first line of defence against cyberattacks,” said Jalal Bouhdada, CEO of Applied Risk, a cybersecurity firm acquired by DNV last year.

“Effective workforce training, combined with ensuring you have the right cybersecurity expertise in place, can make all the difference to safeguarding critical infrastructure.”

Six in ten C-suite level respondents to DNV’s survey acknowledge that their organisation is more vulnerable to an attack now than it has ever been. However, more than a third (35%) of energy professionals say their company would need to be impacted by a serious incident before investing in their defences.

According to the research, one explanation for some companies’ apparent hesitance to invest in cybersecurity may be that most respondents believe that their organisation has so far avoided a major cyberattack, with 22% suspecting their organisation has been subject to a serious breach in the last five years.

Another report published earlier this year by safety and certification company UL and the US Department of Energy’s National Renewable Energy Laboratory found that distributed solar PV can be exposed to cyberattacks because of the increasing progression of smart inverter technologies that communicate directly with the grid network.

Read Next

June 14, 2022
Global hydrogen uptake is far below what is required under the Paris Agreement and underinvestment in the technology is a missed opportunity to decarbonise hard to abate sectors of the global economy, according to risk management provider DNV.
May 11, 2022
Energy advisory and assurance provider DNV has introduced two joint industry projects (JIPs) aimed to standardise the development of floating PV (FPV).
March 31, 2022
SolarPower Europe has issued a list of eight actions that will help Europe accelerate solar deployment to reach a total capacity of 1TW by 2030 and reduce its reliance on Russian fossil fuels imports.
March 22, 2022
Renewable energy companies globally are at risk of a talent exodus to outside industries as professionals consider alternative sectors to boost their careers prospect, a new report has suggested.
PV Tech Premium
March 17, 2022
Following the formation earlier this year of community solar developer and operator Reactivate, PV Tech Premium talks with the business’s head of EPC, Utopia Hill, about its strategy of partnering with smaller contractors and the challenges it could face as it bids to reach 3GW of installed capacity.
March 9, 2022
The new edition of our downstream solar journal, PV Tech Power volume 30, is now available to download, featuring coverage of the solar industry’s efforts to bridge a looming skills gap.

Subscribe to Newsletter

Upcoming Events

Solar Media Events
October 4, 2022
New York, USA
Solar Media Events
October 11, 2022
Virtual event