Power + Utilities Australia FOCUS

Energy companies are not implementing basic cybersecurity practices says expert


With the global distributed renewable energy market witnessing an increase in the integration of assets with main grids and the deployment of digital technologies, the vulnerability of integrated energy assets to cyberattacks continues to increase.

Regardless of the increase in grid vulnerabilities, the majority of global energy companies are not practising basic cybersecurity protocols, says Rafael Narezzi, Chief Technology Officer at CF Partners. As a result, more attacks on grid networks are likely to be seen over the coming years.

“Doing the basics is one of the necessities I do not see many companies doing,” said Narezzi.

He said this is because companies have inadequate funds for cybersecurity mechanisms, which results in a lack of understanding of the topic by company executives.

Despite their lack of knowledge on the topic, company executives are concerned about cybersecurity but do not know how to act, says Narezzi. According to the Chief Technology Officer, many executives are not aware of the steps they should take to ensure the growing vulnerabilities of grids to cyberattacks are addressed.

Despite recent cyber attacks within the energy landscape, little attention has been given to enhancing resilience, explains Narezzi.

He said the little efforts that are made are are not enough to secure energy systems that continue to be vulnerable due to the increasing amount of distributed resources and digitalisation. Moreover, cyber attackers are coming up with new ways of penetrating into energy systems.

“Have we done cyber hygiene better than before? I don’t think so. Energy companies are still lagging. We are moving but not at the right speed of cybers [cyber criminals]. Companies need to be at the front, not at the back waiting for things to happen,” he said.

What needs to be done

Narezzi was speaking during a webinar, Cybersecurity for a decentralising energy system, hosted by Enlit Europe.

In the webinar, Narezzi urged energy companies to increase investments in cybersecurity and be proactive. In addition to investments, he urged companies to make cybersecurity a main driving force of the business.

Johan Rambi, Cyber Security Strategist at EE-ISAC, who was also a speaker, added: “Since 2018 nothing has happened specifically on creating specific standards in the areas of renewable energy and cybersecurity,” and as such, there needs to be more collaboration between stakeholders on standards development.

He said there is also a need for more regulation to be enacted to support cybersecurity frameworks development and adoption.

Originally published by Smart Energy International

More Articles

Want to relive Power + Utilities Australia 2024? Didn’t get a chance to join us and want to see what took place across two days...

The countdown is to the Power + Utilities Australia 2024 Leadership Summit. In anticipation, we’re giving you exclusive insight into what you can expect our...

The countdown is to the Power + Utilities Australia 2024 Leadership Summit. In anticipation, we’re giving you exclusive insight into what you can expect our...