Cyber-attacks are ‘core business risks’ to energy systems, says World Energy Council

An uptake in digitisation through devices such as smart metres may be improving energy management, but it is also opening new avenues for cyber-attacks that could damage communities and the economy as threats cross "from the cyber realm to the physical world".

That is overarching warning of the latest World Energy Council (WEC) road to resilience report, which has urged companies to recognise cyber-related crimes as a “core business risk”, with improved information and cross-sector collaboration vital to safeguarding energy security and the economy.

WEC’s secretary general Christoph Frei said: “Cyber threats are among top issues keeping energy leaders awake at night in Europe and North America. Over the past three years, we have seen a rapid change from zero awareness to headline presence. As a result, more than 30 countries have put in place ambitious cyber plans and strategies, considering cyber threats as a persistent risk to their economy.

“What makes cyber threats so dangerous is that they can go unnoticed until the real damage is clear, from stolen data over power outages to destruction of physical assets and great financial loss. Over the coming years we expect cyber risks to increase further and change the way we think about integrated infrastructure and supply chain management.”

The road to resilience: managing and financing cyber risks report, published by WEC in partnership with Swiss Re Corporate Solutions and Marsh & McLennan Companies, claims that during an accelerated period of digitisation of energy systems, a lack of information sharing has led to an increase in cyber-attacks across the globe.

The report notes that due to the automation of Industrial Control Systems (ICS), a “worst case scenario” could emerge where attacks result in infrastructure shutdowns, economic and financial disruptions, a potentially the loss of life and large-scale environmental damage.

To prevent these potential outcomes, the report recommends that strong technical strategies are produced across the sector to strengthen cyber risk management. Governments and policymakers should also strive to stimulate regulation and grow a talent pool of skilled workers who can respond to risks. Finally, the report calls on the insurance sector to monitor cyber risks, help companies quantify these risks and understand how risks could impact portfolios.

The report places cyber risks in the same level of severity as floods and fires in regards to infrastructure. It acts as the third in a series of reports that analyses how companies should adapt energy systems to deal with emerging risks.

Tech attack

Earlier this month the second of these reports was released, analysing how an overhaul of financing mechanisms and policy framework was necessary to develop “smarter, not just stronger” energy markets to balance the energy-water-food nexus.

A previous report from BT has suggested that enhancing smart energy could reduce the European Union’s (EU) carbon footprint by more than 1.5Gt by 2030 – while also sparking behaviour change and promoting resource efficiency.

Swedish communication technology company Ericsson has also weighed in on the potential of ICT in reducing emissions, claiming that the spread of mobile devices and uptake of smart technology could help reduce global GHG emissions by up to 15% by 2030.

Matt Mace

Action inspires action. Stay ahead of the curve with sustainability and energy newsletters from edie