Feature

The energy transition means increased attack surfaces for hackers

The energy transition is changing the shape of the electric grid, leaving more attack surfaces vulnerable to cybercriminals, writes Eve Thomas. 

Credit: isara design / Shutterstock

Governments across the globe are investing in the energy transition, but the speed of the shift means a rapid integration of renewables and distributed energy resources (DERs), more attack surfaces and, often, less robust cybersecurity. 

Critical infrastructure components are common targets for cyberattacks, and power utilities are particularly favoured. Recent examples include BlackCat/ALPHV's ransomware attack on Empresas Públicas de Medellín (EPM) in 2022 and a series of attacks that have affected three Germany-based wind-energy companies since Russia's invasion of Ukraine. 

The energy transition is increasing grid vulnerabilities

Globally, 50% more renewable capacity was added to the grid in 2023 than in 2022, equating to almost 510GW. Solar PV comprised three-quarters of these additions, and the IEA expects that the next five years “will see the fastest growth yet”

While the integration of clean energy sources is good news for the climate, cybersecurity measures are struggling to keep up. Alfie King, associate analyst at GlobalData, explains: “The traditional electric grid is undergoing a transition with the integration of renewables and DERs, which lie at the grid edge. 

“DERs such as solar PV units create an expanded attack surface for hackers to exploit, and the management and operation of these assets creates a greater need for automation. This introduces information exchanges between the DER and an energy company’s distribution control system to manage the flow of energy in the grid, and the industrial internet of things (IIoT) technologies that enable this communication can sometimes lack security. Therefore, the need for adequate cybersecurity protection of these assets becomes clear.” 

In 2022, the US Department of Energy reported that, at that time, DER cyberattacks would have “a limited, local impact” for grid operations but warned that the introduction of high solar and DER deployment would see a rising “potential for a broader impact”.  It further reported that “all providers of DER infrastructure and services should be aware of and plan for this eventuality as a threat to their business models”. 

Cybersecurity risks are growing as attack surfaces increase, but the issue of authentication and encryption poses the make-or-break question for the energy transition. This is particularly true for IoT devices, which can be susceptible to ransomware or malware infections, and attacks targeting operational technology (OT) and industrial control systems (ICS). These attacks are already putting grids at risk and, in 2015, BlackEnergy and Industroyer2 (OT/ICS-specific malware) were responsible for the attack of Ukraine’s power grid, which interrupted electricity supplies and compromised the systems of three distribution companies. 

GlobalData senior energy transition analyst Francesca Gregory, comments: “The increasing prevalence of renewable energy and smart grids within electricity networks creates heightened cybersecurity challenges for the power sector. Disparately located generation, transmission and distribution infrastructure has increased the need for digitalisation to manage assets, which in turn has caused the power sector’s attack surface to rise rapidly. 

“Network and endpoint security will be key focus points for power players’ digital strategies going forward, as companies across the sector attempt to keep pace with the energy transition by capitalising on digitalisation while simultaneously fortifying the digital security of their assets. It remains to be seen if all will be capable of maintaining this balancing act.” 

A myriad of changing threats

The delicate “balancing act” of expanding assets and securing them adequately is exacerbated by an ever-changing array of external risks. It’s a point made by King, who highlights the issues raised by a volatile geopolitical scene: “Russia’s invasion of Ukraine in particular has demonstrated the increased focus of state-sponsored cyberattacks on power sector critical infrastructure, and therefore the increased importance of cybersecurity in the sector. 

“While geopolitically motivated attacks on power infrastructure were already occurring before the Russia-Ukraine conflict, state and non-state actors are now increasingly attacking businesses and state institutions inside and outside of Ukraine. State actors may invest in specialised malware that has been written to target specific equipment or operational processes, but power companies need to be vigilant and proactive in ensuring the security of both their IT and operational technology (OT) assets.” 

The need for vigilance comes particularly from the digitalisation of the energy sector – another constantly evolving risk. The introduction of digital systems, telecommunication equipment and sensors across the grid has increased the number of potential entry points for malicious actors, while their connectedness offers an extended attack surface. 

The frequency of attacks is increasing, as is the need for improved cybersecurity, as companies adapt to the energy transition. A recent report from cybersecurity asset intelligence firm Armis identified that the utilities sector saw an increase in cyberattacks of over 200% in 2023, making it the most at-risk industry ahead of manufacturing, which saw a 165% increase. 

Companies must take measures to protect their assets then, a point King emphasises. 

“Due to the importance of cybersecurity for a company in the power sector and the fact that just one attack can bring down an entire power network and have severe cross-sector implications, companies should virtually invest across the entire cybersecurity value chain,” he says. 

“Different types of cyberattacks focus on different sections of the value chain. For example, email security is important for preventing phishing attacks, whereas threat detection and response, which may likely include endpoint detection and response, would be useful for finding and countering malware or zero-day threats. Companies can also implement a zero-trust security model, meaning that verification is required from internal users, programs or devices trying to gain access to resources on a company’s network. An added layer of security can be successful in preventing data breaches.”