Auke Huistra, industrial and operational technology cyber security director at DNV Cyber, explains how the rapid evolution of energy storage technologies and their increasing integration into the global energy grid presents transformative opportunities and significant cybersecurity challenges.
Energy storage systems are pivotal in today’s energy transition. They provide essential services such as load balancing, peak shaving and emergency backup, which are integral to the electrical grid’s stability. However, integrating digital technologies has exposed these systems to cyber threats that could compromise their functionality and safety. Therefore, the cyber resilience of energy infrastructure has become imperative.
As threat actors evolve and become more creative in their attacks, staying at the forefront of defensive practices is essential for the energy sector. One positive outcome is that, according to DNV’s Energy Cyber Priority research, some 71% of power and renewables professionals globally expected their organisations to increase investment in cyber security throughout 2023.
Strategic approaches
Initially, many systems were deployed with minimal cybersecurity considerations. Today, the scenario is different. Legislative developments, particularly in Europe with the NIS (Network and Information Security) and forthcoming NIS2 directives, compel energy companies to adopt stringent cybersecurity measures. These regulations are shaping practices that ensure the resilience of critical energy infrastructure against evolving threats.
For instance, past cyber incidents illustrate the potential consequences of inadequate protection. The 2016 cyberattack on Ukraine’s power grid, which led to significant outages and was orchestrated through compromised IT systems, is a stark reminder of the vulnerabilities associated with energy systems. Similarly, scenarios like the hypothetical blackout affecting seven German states reported in Neue Zürcher Zeitung highlight the extensive impacts that could arise from such disruptions.
At DNV, we approach cybersecurity in energy storage with a comprehensive strategy. The basic but most effective line of defence starts with cyber hygiene, including harsh network segmentation and strict identity and access management.
Our methodology addresses immediate threats and builds a foundation for long-term resilience. It involves regular penetration testing and risk assessments to identify and mitigate potential vulnerabilities before somebody can exploit them.
As an asset owner it is important to oversee the supply chain, and test systems and components when they enter the organisation. Conducting a thorough risk evaluation for both existing and newly developed energy storage systems is essential. Adding cybersecurity measures right from the design stage is vital. Once implemented, detection and security monitoring is essential. This is needed to effectively reduce risks to manageable levels. In the current geopolitical situation, thorough checks are needed to ensure there are no hidden vulnerabilities or backdoors in the systems and applications that might come from hostile countries.
Safeguarding
As we look to the future, the integration of energy storage into the energy grid is set to increase as renewable energy grows remarkably.
That is why the grid and the supply chain will require even more sophisticated cybersecurity measures to protect against potential threats and ensure the reliable operation of these critical systems.
By advancing our understanding and technologies, we should aim to ensure that energy storage systems not only support but also enhance the stability and reliability of power networks worldwide.
As the energy sector evolves, so must our strategies for securing it. Therefore, cyber security companies need to be committed to pioneering solutions that ensure the safety and efficiency of energy storage technologies. Today and in the future.