Internet and network technologies have changed many aspects of the energy world. For this reason, greater resilience to cyber risks will become increasingly important to ensure energy security in the future. This is what emerges from the report "The road to resilience – Managing cyber risks" published by the World Energy Council (WEC) and discussed at the recent Energy Day in Berlin, as part of a series of events leading up to the 23rd World Energy Congress currently underway in Istanbul.
The increasing relevance of cyber risks
The report highlights how cyber risks today are a major concern for operators in the energy industry, especially in countries characterized by the presence of very advanced energy infrastructure, such as Europe and North America. It is in fact the growing interconnection and digitization of the energy industry, as well as the key role that energy plays in the economic development of a country, that makes energy infrastructure a priority target for possible cyber-attacks. Risks, such as cyber risks, are therefore perceived as one of the most urgent challenges to be faced, as they involve the ability to transfer, with great immediacy, the threat from the cyber world to the real world. In the worst case scenario – reads the report – similar attacks could even cause the closure of the affected infrastructure, causing huge economic and financial damage and massive environmental damage, causing the death of operators.
The growing digitization of the energy industry, as well as the key role that energy plays in the global economic development, makes energy infrastructure a priority target for possible cyber-attacks.
Implications for the energy industry
Companies operating in the energy infrastructure need to realize, as soon as possible, that cyber risk cannot be confined to the mere competence of the IT department but requires a real cyber culture to be disseminated at all levels, from the CEO to collaborators and employees from various departments. According to the authors of the report, therefore, it is essential to increase the measures of prevention, detection and response to possible cyber-attacks. Such measures must be both technical and human in nature. A key role in the prevention and management of these risks is played by the collaboration with the government institutions of various countries, as well as by the development of an international cooperation in cyber matters, in order to identify the best (and most effective) practices and to introduce international security standards.
How to counter the risk
Alongside a detailed analysis of the most recent, and important, cyber-attacks perpetrated against energy infrastructure (USA, Ukraine, Saudi Arabia, Holland, Germany, Israel, Australia and South Korea), the report indicates some basic recommendations aimed at various operators in the industry. If energy companies have to get used to the idea that the IT threat is as potentially dangerous as an environmental incident, by "embracing" a real cyber culture, governments must drive the introduction of rules and regulations, support the dissemination of information and enhance training in the IT sector. An important task is then expected of technology companies, called to monitor the nature of cyber-attacks and to incorporate the new information into products that are under development. Finally, trade associations must increase the awareness of business and build strong resilience strategies, supporting the adoption of a common cross-sector IT security framework.