UK wind energy firms lack sufficient cybersecurity, warns Cyber Energia
An assessment by Cyber Energia, a cybersecurity enterprise recently founded by leading energy transition firm CFP Energy, postulates that only 1% of UK wind energy firms have capable cyber protection. This comes against the backdrop of the UK renewables sector being subjected to as many as 1,000 attempted cyber-attacks daily. Cyber Energia emphasises the crucial need for bolstered cyber defences, as the renewable firms' exposure to such threats is estimated to number 880 million.
In response to the escalating threat, Cyber Energia has launched a comprehensive cybersecurity solution designed specifically for the renewables sector, offering a blend of innovative technology and sector-aware intelligence. Jonathan Navon, Partner at CFP Energy, highlighted the seriousness of the situation, stating, "in the wind sector alone, only 1% out of around 11,000 sites has some sort of cyber solution." He emphasised that "this security issue needs to be addressed with some urgency," given its implications for sustainable and national energy security.
The unique security portal deployed by Cyber Energia provides a 360-degree view of renewable operations. It's designed to constantly gather security data on all systems and devices, monitoring their communication and identifying any security gaps. The system's real-time visualisation allows for immediate awareness and response to cyber-attacks, offering indications of threat levels, revenue at risk, data breaches prevented and remedial recommendations. Furthermore, it can offer guidance on ensuring effective governance, management succession and product development regarding cybersecurity.
Considering the increasing share of renewables in global electricity generation, cyber protection has never been more significant. According to Cyber Energia's analysis, renewables account for 29% of global electricity production, a figure projected to rise to 42% by 2028. This implies that nearly half of the world's electrical power could potentially fall prey to cyber invasions, making robust defence mechanisms crucial.
"As domain experts in renewable energy operations, we have built our renewables security by design cyber protection approach to seamlessly integrate with both new and legacy operations," explained Rafael Narezzi, Chief Technology Officer at Cyber Energia. Despite the firm's recent establishment, it has over 400 sites in its UK sales pipeline, demonstrating the pressing need for sector-targeted security.
The consequences of cyber-attacks on the energy sector can range widely, with potential fallout including the loss of production and revenue, infrastructure damage, leakage of sensitive information, health and safety hazards and reputational harm. Moreover, renewable energy firms that have not met requisite cyber defences are increasingly at risk of significant financial penalties due to non-compliance with increasing legislation.
In the UK, operators are subject to the NIS Regulations 2018 and the National Security and Investment Act 2021, with fines from breaches hitting up to £17 million. Legislation is also tightening elsewhere in the EU, with upcoming cyber security regulation (NIS2.0) set to impose even harsher punishments for non-compliance, including increased fines, management position bans or even the revocation of the company's operating license.