Energy companies are not implementing basic cybersecurity practices says expert

343

With the global distributed renewable energy market witnessing an increase in the integration of assets with main grids and the deployment of digital technologies, the vulnerability of integrated energy assets to cyberattacks continues to increase.

Regardless of the increase in grid vulnerabilities, the majority of global energy companies are not practising basic cybersecurity protocols, says Rafael Narezzi, Chief Technology Officer at CF Partners. As a result, more attacks on grid networks are likely to be seen over the coming years.

Doing the basics is one of the necessities I do not see many companies doing,” said Narezzi.

He said this is because companies have inadequate funds for cybersecurity mechanisms, which results in a lack of understanding of the topic by company executives.

Despite their lack of knowledge on the topic, company executives are concerned about cybersecurity but do not know how to act, says Narezzi. According to the Chief Technology Officer, many executives are not aware of the steps they should take to ensure the growing vulnerabilities of grids to cyberattacks are addressed.

Despite recent cyber attacks within the energy landscape, little attention has been given to enhancing resilience, explains Narezzi.

He said the little efforts that are made are are not enough to secure energy systems that continue to be vulnerable due to the increasing amount of distributed resources and digitalisation. Moreover, cyber attackers are coming up with new ways of penetrating into energy systems.

“Have we done cyber hygiene better than before? I don’t think so. Energy companies are still lagging. We are moving but not at the right speed of cybers [cyber criminals]. Companies need to be at the front, not at the back waiting for things to happen,” he said.

What needs to be done

Narezzi was speaking during a webinar, Cybersecurity for a decentralising energy system, hosted by Enlit Europe.

In the webinar, Narezzi urged energy companies to increase investments in cybersecurity and be proactive. In addition to investments, he urged companies to make cybersecurity a main driving force of the business.

Johan Rambi, Cyber Security Strategist at EE-ISAC, who was also a speaker, added: “Since 2018 nothing has happened specifically on creating specific standards in the areas of renewable energy and cybersecurity,” and as such, there needs to be more collaboration between stakeholders on standards development.

He said there is also a need for more regulation to be enacted to support cybersecurity frameworks development and adoption.

Have you read?
Are Nation-State cybersecurity threats real?
Get someone to hack your system – its the best way to test your defences

Cybersecurity market trends

The webinar speakers also discussed factors they anticipate will shape the global cybersecurity segment in the next few years including:

  • An increase in certification programmes for both distributed energy resources and cybersecurity frameworks.
  • More cyberattacks solar and battery storage supply chains.
  • Increase in integration of grid networks with distributed energy resources and in vulnerabilities of energy networks to attacks.
  • More collaboration and information sharing between utilities, academia, research institutions and technology companies to improve cybersecurity solutions.

Find out more about these trends and the cybersecurity market by listening to the on-demand webinar.

Join the conversation on the future of data

Visit Enlit Europe 365 for webinars, podcasts, interviews, marketplace, projects. And more…