Appropriate security, and specifically cybersecurity strategies must be developed for the renewable energy technologies industry, given their significant role in the energy industry and growing importance to power supplies, says a new white paper from the Renewables Consulting Group (RCG) and Cylance, Inc.
Energy sector risks
Cyber attacks targeting critical infrastructure have increased over recent years, and threats include ransomware, fileless attacks, advanced persistent threats (APTs) and Trojans. The potential impact of cyber attacks is particularly noteworthy in the energy industry, as conventional electrical energy infrastructure moves towards more distributed but integrated and “smart” electrical grid systems, noted the “Cybersecurity in Renewable Energy Infrastructure” report.
Key areas at risk of cyber threats include energy production monitoring, control of production and consumption and the increasing volume of large financial investments associated with generation assets and infrastructure, as well as the increasing global reliance on the energy it generates. The significance of the threat not only lies in its severity, but in its unpredictability and reach, as malicious actors can launch attacks on vulnerable energy assets across geographies.
Renewable energy generation assets comprise a key and fast-growing portion of the energy industry. As the world switches to a clean energy future, the dependence on renewable energy is likely to increase further, meaning the cybersecurity of such assets is of paramount importance, highlighted the report.
Securing a renewable energy asset
The security of a renewable energy asset can be broken down into two main components; physical security and cybersecurity.
A successful cyber attack has the potential, not just to cause the loss of personal and commercial information, or cause damage to electronic resources, but also to damage a project’s physical assets through the forced maloperation of components, impact its finances by disrupting generation, or create national, or regional, energy security risks in the event of a large-scale grid blackouts.
Maintaining a secure computing environment is a top concern and renewable energy companies would benefit from investing in information security. Achieving a secure environment includes dedicating resources to physical security, hardware and software, internet connectivity, remote management, and training personnel.
The report makes the following cyber security recommendations for renewable energy technologies:
- Environment assessment: Renewable energy companies should carry out comprehensive assessments of their current cybersecurity posture.
- Asset update: Updated systems provide a last line of defence when other security measures fail so it is critical IT infrastructure is updated and staff are trained to recognise the threats.
- Access management: Access to sensitive systems and data needs to be properly managed.
- Predictive tools: New tools, including artificial intelligence and machine learning, can help maintain a strong security as cyberattacks and operating environments become more complex.
RCG is a UK-based integrated market intelligence, management consulting and technical advisory firm that is focused solely on the renewable energy sector, while Cylance, Inc. is a US-based software firm which taps on artificial intelligence to prevent, rather than reactively detect, viruses and malware.
The full white paper from RCG and Cylance is available here for download.