Tjänster
Våra medarbetare är passionerade och erfarna. Tillsammans jobbar vi för att leverera framgångsrika projekt inom förnybar energi världen över.
Teknologier
Med de senaste teknologierna bidrar vi till en framtid där alla har tillgång till förnybar energi.
Se alla teknologierResurser
Bläddra bland våra senaste resurser: allt från företagsuppdateringar och branschinsikter till forskningsrapporter och våra partners egna historier.
Se alla resurserKarriär
Bli en del av vårt passionerade team och förändra världen genom meningsfulla och stimulerande uppgifter.
Läs merOm RES
Vi brinner för vårt uppdrag - att förändra hur världen producerar och förbukar energi.
Läs om ossVåra kontor
RES är en global organisation med ett starkt lokalt fokus. Här kan du hitta kontakt- och platsinformation för alla våra RES-kontor.
Kontakta ossCybersecurity: keeping your assets safe
by RES | jun 13, 2024 | Tid det tar att läsa: 2 min
It is widely acknowledged that we are living in uncertain times due to global geopolitical events and an increasing number of cyber-attacks on business including power and renewable energy companies.
On 15 May 2024, Anne Keast-Butler, the Director of GCHQ (Government Communications Headquarters – UK) and Harry Coker, the White House’s National Cyber Director, spoke about the clear and present danger of cyber attacks on critical national infrastructure with a number of industry studies supporting this view.
According to Dragos’ OT Cybersecurity 2023 Year in Review, which gives a comprehensive view of the global OT threat landscape, ransomware attacks against industrial organisations have increased by 50% in the last year. The report also highlighted the increase in the number of hacktivist groups with a focus on critical national infrastructure, partly fuelled by the wars in Ukraine and Gaza. They are currently tracking 21 threat groups.
In addition, according to the Waterfall and ICS Strive 2024 Threat Report, in 2023 there were 68 attacks impairing operations at over 500 sites. This is a 19% increase in attacks over the previous year.
Legacy sites
Using the internet to remotely manage and control sites creates vulnerabilities if connections are not properly secured and network equipment is not kept up to date. Equally, often technicians qualified in maintaining wind or solar equipment have access to network equipment and may unintentionally make changes that open doorways to attack.
Sites that are between five and 10 years old, or more, were designed for the risks of the time. However, the risk landscape has dramatically changed in the last 2-3 years. The increased threat to national critical infrastructure, coupled with evolving national regulations and obligations, is starting to incentivise parties to prioritise cybersecurity alongside performance.
Cyber risk management typically involves many different stakeholders, including investment asset owners, asset managers, construction partners, OEMs, energy dispatch operators, energy trading partners, grid owners, operations and maintenance providers, and energy performance solutions. Generation sites are often run by multiple parties, leading to inconsistent and uncoordinated cyber management. Clarity of ownership of the cyber risk in the project is essential to ensure assets, output, reputation, and revenue are protected.
Ongoing digital transformation
Another key consideration is how developers and their sites are progressing on their digital transformation journey. Data and cybersecurity are critical to successful digital transformation. Developers and owners should urgently consider the objective of delivering reliable data acquisition and data quality whilst ensuring business continuity and security.
Opportunity to protect and instil good practice
There is now an opportunity to build on emerging information exchanges with industry peers sharing good cyber practices. Owners and investors are encouraged to contractually mandate consistent cybersecurity obligations between parties (from owner to operator and contractor) and clarify ownership of the OT equipment and therefore cyber risk.
When repowering of a project is considered there will be opportunities to leveraging projects to upgrade IT/OT assets and remove cyber vulnerabilities. Going forward, organising cross party cyber exercising of incident response practices should be encouraged. Governments are recognising more renewable generation capacity as part of Critical National Infrastructure which will lead to more focus on cyber risk management within regulations.
By staying vigilant and fostering a culture of continuous improvement in cybersecurity, the energy sector can navigate the complexities of the modern threat landscape and ensure a resilient and secure future.
To find out more about how we can help you keep your assets safe please contact [email protected]