Cybersecurity: The weakest link

15

Many energy companies know they are vulnerable to cyberattacks – yet they don’t know what to do about it, writes Nicholas Nhede.

Despite an increase in grid vulnerabilities, the majority of global energy companies are not practising basic cybersecurity protocols.

That’s the view of Rafael Narezzi, Chief Technology Officer at CF Partners.

And as a result of this lack of protection, more attacks on grid networks are likely to be seen over the coming years.

“Doing the basics is one of the necessities I do not see many companies carrying out,” said Narezzi, who was speaking during the Enlit Europe webinar, Cybersecurity for a decentralising energy system.

He said this is because companies have inadequate funds for cybersecurity mechanisms, which results in a lack of understanding of the topic by company executives.

Despite their lack of knowledge on the issue, company executives are concerned about cybersecurity but do not know how to act, noted Narezzi.

According to Narezzi, many executives are not aware of the steps they should take to ensure the growing vulnerabilities of grids to cyberattacks are addressed.

Despite recent cyberattacks within the energy landscape, little attention has been given to enhancing resilience, explained Narezzi.

He said the small efforts that are made are not enough to secure energy systems that continue to be vulnerable due to the increasing amount of distributed resources and digitalisation.

Moreover, cyberattackers are coming up with new ways of penetrating energy systems.

There is also a need for more regulation to be enacted to support cybersercurity frameworks and adoption. Rafael Narezzi

“Have we done cyber hygiene better than before? I don’t think so. Energy companies are still lagging. We are moving but not at the right speed of cybers [cyber criminals]. Companies need to be at the front, not at the back waiting for things to happen,” he said.

What needs to be done
In the webinar, Narezzi urged energy companies to increase investments in cybersecurity and be proactive. In addition to investments, he urged companies to make cybersecurity a main driving force of the business.

Another speaker, cybersecurity strategist Johan Rambi of EE-ISAC, added: “Since 2018 nothing has happened specifically on creating specific standards in the areas of renewable energy and cybersecurity.” As such, he said there needs to be more collaboration between stakeholders on standards development.

Cybersecurity market trends
The webinar speakers also discussed factors they anticipate will shape the global cybersecurity segment in the next few years, including:
• An increase in certification programmes for both distributed energy resources and cybersecurity frameworks.
• More cyberattacks on solar and battery storage supply chains.
• Increase in integration of grid networks with distributed energy resources and in vulnerabilities of energy networks to attacks.
• More collaboration and information sharing between utilities, academia, research institutions and technology companies to improve cybersecurity solutions.

We can’t wait to see you in Milan

Enlit Europe will bring the energy community together during the live event in Milan (30 November – 2 December 2021). Register here