Industries haves gone digital and the energy sector is no exception. Digitization represents genuine progress in processes for the generation, storage, transport and supply of energy. Although these advancements have improved effectiveness, they have also opened the doors to a new type of threat, one that energy industry heads are ill prepared for: cyberattacks.
Key figures about cyberattacks against the energy industry
Since the latest updates about Stuxnet in 2010, we now know to what extent cyberattacks can be complex and cause significant damage to infrastructure. Although an attack has so far not been able to rival the Stuxnet attack in terms of its sophistication, we must still be wary of attacks that could affect the information systems of our energy industries. Industrial systems are more frequently targeted and we have observed an increase in the amount of new vulnerabilities (380% increase between 2014 and 2015!).
A study published in January 2017 by the French Institute of International Relations (IFRI) titled “Cyberattacks and Energy Systems: Confronting the risk” sheds light on some revelatory data. Attacks on industries are clearly increasing; however, detection capabilities and the effectiveness of protective measures still leave much to be desired since currently the average is that it takes no fewer than 200 days to detect an attack once the system has been infiltrated. These attacks also have significant financial consequences given that for every 1MWh undelivered, we lose 26,000 euros in billable revenue, not to mention the impact on the population affected by the interruption of various services.
A new study focuses on the importance of providing guidance to essential service operators (ESO) on how to guarantee security. Initial measures have already been taken but a common regulatory framework will have to be set up in the European Union to prevent future problems.