The cyber risk exposure for the green energy sector

In the green energy sector, currently, almost everywhere, there has been a huge increase in energy demand, creating the current gas supply crisis, with the associated possible attacks by cyber criminals. This is why it becomes essential additional mechanisms and solutions for protecting the country’s economy. PV plants and wind farms are mainly remotely controlled and so they are highly exposed to risk due to the high level of interconnection and heterogeneity.

IT and OT cybersecurity becomes crucial for guaranteeing the regular operation of the energy assets and avoid energy disruptions for the community.

In 2021 there was a very large number of cyberattacks that compromised the efficiency of almost all the production sectors.

In particular, the energy sector is a very attractive target for cyberattacks, given that it is characterized by a rapid technological innovation, which expands its potential vulnerability. Electric grids, generation plants from renewable sources and charging infrastructures for electric vehicles are greatly increasingly a decentralization of the system, through smart grids.

The RES energy sector uses mainly remotely controlled plants: this is why exposure to the risk of cyberattack is very high.

A higher level of digitization corresponds to a higher rate of vulnerability, given the increase in access points for a potential cyberattack.

The Covid 19 pandemic generated more remote or hybrid work, which represent a further element of complexity, due to the fact that workers operate in an environment that does not have the same level of security as the corporate one. Public hotspots or simple mobile work, as well as home networks from which employees log on when working from their home, represent potential security holes that can generate consequences also in the enterprise networks.

In light of these current and future scenarios, IT and OT Cybersecurity represents a pillar on which to base the resilience of the energy system, in order to avoid economic and reputational damage for people and companies.

It is also essential to raise public awareness on cybersecurity and invest in research and training of specialized technicians.

The Phoenix project is involving companies from different countries, with a heterogeneous know how and very skilled experts, who are collaborating within the project for developing detection tools against intentional and unintentional cyberattacks and for applying in case of necessity, proper mitigation actions for the European Power Energy Systems (EPES).