Expert viewpoint - To enable the energy transition, we must embed cyber security in “energy systems thinking”

At DNV, we talk a great deal about “energy systems thinking”, where all parties in the energy industry need to see the bigger picture and connect and pursue various technologies to ensure a rapid energy transition.  

It only makes sense to build new wind farms if there is the grid capacity to connect them, solutions that can store the energy, and growing applications of electrification to extend the reach of this renewable energy. We need to get the timing right for when to scale down oil and gas as we scale up clean energy, to balance a secure, affordable supply of clean energy. 

These factors are considered at the societal and policy level, at the systems level across energy assets and infrastructure, and in the planning for each individual project. The same needs to be true for cyber security.  

Cyber security must be embedded into the “systems thinking” of the energy industry and other critical infrastructure industries, as we govern, prepare, and detect and respond to cyber risks in the energy transition. 

 

Cyber Priority - The view from the energy industry:

Cyber Priority: The view from the energy industry. Source: DNV Energy Cyber Priority 2023
Source: DNV Energy Cyber Priority 2023

 

Enabling digitalization and managing risk 

The energy transition is deeply dependent on infrastructure becoming more digitally connected. Connected to make society safer. Connected to bring down costs and increase efficiency. Connected to deeply decarbonize the world we live in.  

Some examples: 

  • In oil and gas, digital twins are increasing safety and efficiency, enabling operators to better maintain and manage assets. 
  • Wind farms are being connected to the Internet to enable digital tools to optimize performance.  
  • Smart power grids are enabling variable and distributed generation from renewables.  
  • The rise of digitally connected electric vehicles (EVs) is extending the reach of electrification. 

Connecting assets and infrastructure brings new risks with potential huge safety, reliability, environmental and financial impacts. The modern hacker can do more than just steal data. They could take control of energy production and distribution facilities such as wind farms, oil and gas platforms, solar grids, or distribution pipelines and electric grids  

Our Cyber Priority research underlines the growing strategic importance of cyber security to the energy industry in order to reduce operational business risks. Indeed, nine in 10 (89%) of energy professionals surveyed for the research believe cyber security is a pre-requisite for the digital transformation of this changing industry. The energy industry cannot reap the benefits of digital transformation without robust cyber security. 

More broadly, we see that cyber threats to the energy industry and critical infrastructure are becoming more common, complex, and creative, at the same time as infrastructure becomes more networked and more vulnerable to cyber threats.  

Half (48%) of energy professionals now worry that their part of the energy industry is more vulnerable than ever to cyber-attacks, while a majority (56%) of energy professionals say their organization will invest more in cyber security in 2024 compared with the year before. Some 78% of energy professionals say geopolitical uncertainty has made their organization more aware of the potential vulnerabilities in its operational technology (OT) – the control systems that manage, monitor, automate and control industrial operations. 

OT-reliant industries, such as energy, are now appearing among the world’s most attacked sectors. Cybercriminals are turning their attention to infiltrating sectors where security barriers are less mature and impact of breach is high. Industrial sectors are becoming a growing target because the maturity of OT security lags IT security by approximately 15 years. 

To give the cyber security perspective on the energy transition, let’s take a closer look at a few examples of how the energy industry is viewing and managing cyber risk. 

Production: Ensuring safety and security  

In industrial environments, cyber risks are also safety risks. Life, property, and the environment are at stake.   

With growing awareness of cyber threats, it should perhaps be no surprise that seven in 10 energy professionals (71%) say they take cyber security as seriously as they do physical health and safety. 

In DNV’s Industry Insights research on the short-term outlook for the energy industry, we saw that secure and reliable energy supply was the major focus of the energy industry last year. Geopolitical developments have brought energy security into sharp focus with the disruption of energy supplies and price shocks for energy importers. For the first time in DNV’s power sector forecasts, for example, we now factor in the willingness of governments to pay a premium of between 6% and 15% for locally sourced energy to ensure security.  

Security is high on the agenda in the energy transition, and safety remains paramount in the energy industry. Cyber security has a major role to play in managing these risks. 

Distribution: Enabling complexity 

Flexibility is key to a successful transition. As variable renewable energy capacity is set to surge by a factor of seven to 2050, the global need for flexibility will almost double, according to DNV’s Energy Transition Outlook


Flexibility is key to managing the transition to renewables:

Global flexibility provided by technology as a fraction of annual average demand (source. DNV Energy Transition Outlook 2023)
Source: DNV Energy Transition Outlook 2023

To support this flexibility, the energy industry will need to make significant improvements and innovations to grid infrastructure and storage. This requires connectivity to enable innovations in  demand forecasting and demand-response, for example. . 

More broadly, successful digitalization empowers data-driven decision-making and automation, both of which will be enormously important to managing a more complex energy system. 

Such innovation is essential for the energy transition. But there are barriers. The energy industry expects “resistance to change” to be the leading barrier to greater digitalization, according to our Cyber Priority research. Cyber security risk takes a solid second place, showing the need to address cyber risk to enable digital transformations.  

End use: Securing growing attack surfaces 

The energy transition is creating a larger attack surface, through new energy generation run by small computers in solar parks and wind farms, through smart meters expanding the grid into houses and cars, and through greater connectivity in end-use energy applications such as electric vehicles.  

Such innovations have great potential to reduce emissions, increase safety, and maximize efficiency, but the technology and systems being developed and applied must fully consider cyber security. The energy transition relies on smart infrastructure, but smart is only good as long it doesn't get hacked. 

Systems thinking and “security by design” 

“Security by design” places cyber security at the centre of new projects. We’ve been talking about this approach for the last 10 years and it is slow to gain ground. It’s a question of maturity. Think about car manufacturers trying to sell vehicles without seatbelts to avoid carrying the extra costs. Regulation wouldn’t allow it. Security should always be the standard and the energy industry and other critical infrastructure industries are moving in this direction with cyber security. This approach must go beyond individual projects. We need security to be central to the design of energy systems. 

8/28/2024 12:19:00 PM

Related content