Are your renewable energy clients prepared for a major cyberattack?
A successful cyberattack can create national or regional energy security risks in the event of large-scale grid blackouts.
In the first quarter of 2020, the U.S. wind industry installed more than 1,800 megawatts of new capacity, resulting in 11 new projects with a total capacity of 1,821 MW operations, nearly doubling the number of installations compared with the first quarter in 2019.
Along with rapid growth, today’s energy industry is also undergoing rapid digitalization to improve operational efficiencies and cut costs. However, the emergence of smart grids and other technological advances has also made the energy industry a very attractive target for cybercriminals.
Anticipate an uptick in cybersecurity risks
According to The World Energy Council, there has been a massive increase in the number of successful cyberattacks in recent years, and the organization fears that those in the industry may be unprepared to deal with new and emerging cyberthreats.
Last year, the Department of Energy reported four cybersecurity events. One of the more notable events was in March of 2019, when the electrical grid operations in Los Angeles County, California, and Salt Lake County, Utah, were interrupted by an easily preventable distributed-denial-of-service attack. Although the interruption of service for all four events was minimal, it calls into question whether the energy industry is prepared for a much larger widespread and sophisticated attack.
Anticipating an increased risk in cyberattacks, the Department of Energy released a five-year strategy to help the industry more effectively combat the risk of power disruptions caused by an attack by focusing on threat-sharing, supply chain risks, and the research and development of more resilient energy systems. A similar report was released by the National Institute of Standards and Technology (NIST) to provide guidance on securing energy environments and for adding better in-network threat detection with security controls based on the likelihood of deception.
Today, a successful cyberattack has the potential to cause damage to electronic resources as well as to damage a project’s physical assets through the forced maloperation of components, impact its finances by disrupting generation, or create national or regional energy security risks in the event of large-scale grid blackouts.
As potential attack surfaces expand and attacks become more sophisticated, it’s critical for your energy clients to be prepared with a comprehensive cybersecurity program to identify potential vulnerabilities to best mitigate risks.
Loren Henry is a broker with Worldwide Facilities, a national wholesale insurance broker, managing general agent and program underwriter. He can be reached at 619-541-4265 or lhenry@wwfi.com.
This piece first appeared on Worldwide Facilities’ blog and is republished here with consent.
More from this author: