Faster action should be taken to counter the threat of cyberattacks in the energy industry as professionals raise concerns about the possibility of operational shutdowns and damaged assets, according to new research from risk management and quality assurance provider DNV.
More than four-fifths of professionals working in the power, renewables and oil and gas sectors believe a cyberattack on the industry is likely to cause operational shutdowns and damage to energy assets and critical infrastructure, found the report, titled The Cyber Priority.
Based on a survey of more than 940 energy professionals around the world and interviews with industry executives, the research said 74% of respondents expect an attack to harm the environment while more than half (57%) anticipate it will cause loss of life.
As operational technology (OT) – the computing and communications systems that manage, monitor and control industrial operations – become more networked and connected to IT systems, attackers can access and control systems operating critical infrastructure such as power grids and wind farms, said Trond Solberg, managing director of cybersecurity at DNV.
“Our research finds the energy industry is waking up to the OT security threat, but swifter action must be taken to combat it,” he added.
Despite emerging cybersecurity threats, the research reveals that only 20% of renewables professionals assert confidently that they know exactly what to do if they were concerned about a potential cyber risk or threat on their organisation.
Out of the energy sector segments covered in the report, the renewables industry “is at greatest risk of employees making a misstep at the crucial moment”, according to DNV, which has called for energy companies to invest in training employees to spot instances of criminal attempts to gain access to their systems.
“A company’s workforce is its first line of defence against cyberattacks,” said Jalal Bouhdada, CEO of Applied Risk, a cybersecurity firm acquired by DNV last year.
“Effective workforce training, combined with ensuring you have the right cybersecurity expertise in place, can make all the difference to safeguarding critical infrastructure.”
Six in ten C-suite level respondents to DNV’s survey acknowledge that their organisation is more vulnerable to an attack now than it has ever been. However, more than a third (35%) of energy professionals say their company would need to be impacted by a serious incident before investing in their defences.
According to the research, one explanation for some companies’ apparent hesitance to invest in cybersecurity may be that most respondents believe that their organisation has so far avoided a major cyberattack, with 22% suspecting their organisation has been subject to a serious breach in the last five years.
Another report published earlier this year by safety and certification company UL and the US Department of Energy’s National Renewable Energy Laboratory found that distributed solar PV can be exposed to cyberattacks because of the increasing progression of smart inverter technologies that communicate directly with the grid network.