The Renewables Consulting Group (RCG) teamed up with cybersecurity specialists Cylance to look at cybersecurity for the renewable energy industry, focusing on threat and impact assessment, and on measures to improve cyber protection.
Cyber-attacks targeting critical infrastructure have increased over recent years. Cybersecurity threats include ransomware, fileless attacks, advanced persistent threats (APTs) and Trojans. The security of a renewable energy asset can be broken down into two main components; physical security and cybersecurity. A successful cyber-attack has the potential, not just to cause the loss of personal and commercial information, or cause damage to electronic resources, but also to damage a project’s physical assets through the forced maloperation of components, impact its finances by disrupting generation, or create national, or regional, energy security risks in the event of a large-scale grid blackouts.
Achieving a secure environment includes dedicating resources to physical security, hardware and software, internet connectivity, remote management, and training personnel. The report recommends:
- Environment assessment: Renewable energy companies should carry out comprehensive assessments of their current cybersecurity posture.
- Asset update: Updated systems provide a last line of defence when other security measures fail so it is critical IT infrastructure is updated and staff are trained to recognise the threats.
- Access management: Access to sensitive systems and data needs to be properly managed.
- Predictive tools: New tools, including artificial intelligence and machine learning, can help maintain a strong security as cyberattacks and operating environments become more complex.