As nations transition away from fossil fuels, the renewable energy sector is becoming more important. However, the sector’s continued growth must be handled with cybersecurity in thoughts, or there’s a risk that risks in everything from power stations to smart meters will expose energy suppliers and their clients to risk.
The energy sector has become a top-profile target for cybercriminals, including those looking to launch ransomware, espionage campaigns, and even attacks with the goal of sabotaging systems and cutting off power – and the fast transition to renewable energy could open up new opportunities for cybercriminals.
The Royal United Services Institute (RUSI), a defence and security think tank, has released a new paper outlining some of the major cyber dangers throughout the transition from fossil fuels to renewable energy. “Renewables provide enormous prospects for the UK to become even more energy self-sufficient while also minimizing the effects of climate change. This transformation must be made with cybersecurity in mind, in light of future cyber dangers to society as a result of the industry’s huge digitalization “Sneha Dawda, a cybersecurity research fellow at RUSI, agreed.
The SCADA (supervisory control and data acquisition) systems that manage industrial networks are one of the key targets for cyber attackers. SCADA systems have two major security vulnerabilities. The first is that most of these networks are outdated, to the point that they can’t obtain security updates, that means that if they’re connected to internet-facing sections of the network, they could be penetrated by cybercriminals.
The security of SCADA systems can also be jeopardized if there is a remote component to access, such as cloud services and VPNs. Newer systems may rely extensively on remote access, however, if secure login details or patch management aren’t properly managed, this might open up another route for cyberattacks, especially if automated processes are involved that aren’t closely monitored.
To protect against assaults, some of the most prevalent cybersecurity recommendations are to patch platforms with security updates. However, the reality is that many energy providers’ networks are built on legacy technologies, and updating or changing those systems could have an impact on services or necessitate a total rebuild. Another major problem for the renewable energy business, according to the RUSI research, is cybersecurity vulnerabilities throughout the supply chain.
The report warns that “if one vendor inside the supply chain is attacked, this can have extensive ramifications for all connected organizations,” citing the Kaseya and SolarWinds hacks as instances of how cybercriminals can create massive disruption throughout the software supply chain.
To prevent this, some of those contacted by researchers recommend that energy suppliers should be more cautious with supply chains, asking suppliers questions and, in some cases, assisting them in improving their security. Energy suppliers aren’t the only ones who could be harmed by cybersecurity flaws; items and equipment used in businesses and homes are also at risk.
Lithium-ion batteries, which require a BMS (battery management system) to check safety and dependability — and can be linked to networks – are one hazard mentioned in the research. However, the report warns that attackers might take advantage of flaws in encryption, authorization, and remote access to these connected devices. Furthermore, these aren’t the solely connected devices that may provide a cybersecurity risk that should be investigated. Home auto chargers are “a distinctive point of incursion since they offer a very specific purpose,” according to the research.
As hybrid and electric cars become more popular, home chargers are becoming much more widespread. However, attackers have already discovered software vulnerabilities in linked chargers, which they can use to get access to networks or to enlist the devices in a botnet.
“While these flaws have been patched,” the study notes, “they serve as good illustrations of how this technology falls short of industry standards.” IoT gadgets in smart buildings and homes are the paper’s final cybersecurity risk in relation to renewable energy.