Cyber security threatens renewable energy infrastructure
A significant role in the energy industry has been given to renewable energy technologies. Because of their prominence and growing importance to power supplies, it is vital for the industry to develop appropriate security, and specifically cyber security, strategies. A new report from the Renewables Consulting Group (RCG) and Cylance provides insight into cyber security for the renewable energy industry, focusing on threat and impact assessment, and on measures to improve cyber protection.
Cyber attacks targeting critical infrastructure have increased over recent years. Cyber security threats include ransomware, fileless attacks, advanced persistent threats (APTs) and Trojans. The security of a renewable energy asset can be broken down into two main components; physical security and cyber security.
A successful cyber attack has the potential, not just to cause the loss of personal and commercial information, or cause damage to electronic resources, but also to damage a project’s physical assets through the forced maloperation of components, impact its finances by disrupting generation, or create national, or regional, energy security risks in the event of a large-scale grid blackouts.
Maintaining a secure computing environment is a top concern for IT managers across the globe. Renewable energy companies would benefit from investing in information security. Achieving a secure environment includes dedicating resources to physical security, hardware and software, internet connectivity, remote management, and training personnel.
The report makes the following cyber security recommendations for renewable energy technologies:
- Environment assessment: Renewable energy companies should carry out comprehensive assessments of their current cyber security posture.
- Asset update: Updated systems provide a last line of defence when other security measures fail so it is critical IT infrastructure is updated and staff are trained to recognise the threats.
- Access management: Access to sensitive systems and data needs to be properly managed.
- Predictive tools: New tools, including artificial intelligence and machine learning, can help maintain a strong security as cyber attacks and operating environments become more complex.
“RCG is not aware of any other piece of research which draws together two expert companies to produce a joint report on the cyber threat to renewable project infrastructure. If this report offers a pause for thought to all the renewable asset owners, manufacturers and maintainers; and subsequently even a single project strengthens its resistance to the obvious and increasing cyber threat out there, then Cylance and RCG will have done their job,” said RCG’s Sam Park, Co-author of the report.
“The renewable energy sector has growing significance to world energy supplies and Cylance is happy to raise cyber security awareness as part of our mission to secure every endpoint under the sun,” said Cylance’s Dr. Anton Grashion, Co-author of the report.