In an increasingly fraught and geopolitically complex world, cybersecurity is mission-critical for power companies. If they did not take it seriously before, the invasion of Ukraine in February 2022 has made it clear why cybersecurity is crucial for power companies.
Cybersecurity and the Russian invasion of Ukraine
Firstly, the invasion has redrawn the geopolitical map. Geopolitically, tensions have not been higher this century. In Ukraine, cyber-attacks have been used alongside and separate from missile strikes, infantry advances and artillery fire. Western countries have been allegedly targeted by Russia in response to Western military and financial aid being sent to Ukraine. Although kinetic warfare has understandably been the focus of this year, cyber-attacks have undoubtedly become more of a threat following the invasion.
Secondly, we have seen the importance of energy and power companies. As the price of energy grew (mostly driven by the increase in oil and gas prices) we have seen significant inflation globally, supply chain disruptions and even industry capitulation. However, the worst is yet to come. Ultimately, what we have seen is how crucial energy is, in terms of its availability and price, for every single sector. Energy underpins nations, let alone sectors. That is where cybersecurity steps in. A successful cyber-attack can take down power grids for days, if not weeks. It can cause significant knock-on effects on other sectors, with reduced power and increased prices.
Cybersecurity has been a long time coming
In many ways, the increased geopolitical tensions were the last gust of wind in a perfect storm of events that increased the need for cybersecurity in the sector. Covid-19 was also a massive challenge for the power sector and led to the consequent acceleration of digitalisation. As employees worked from home, companies were forced to find alternative solutions to ensure the smooth continuation of their operations. Due to the dispersed nature of assets in the power sector, this often involved the use of digital technology. GlobalData’s Augmented Reality in Power report showed that power companies were often investing in augmented reality (AR) to ensure that training and asset maintenance could continue virtually during Covid-19 lockdowns and amid social distancing measures. But it is not just AR that is at threat from attack, as power companies are investing billions into Internet of Things (IoT) devices and cyber-attacks can now occur through operational technology, which is now much more frequently connected to the internet. Companies such as Nozomi Networks and Claroty work on protecting both IoT and operational technology (OT) equipment from any threats.
The relationship between digitalisation and cybersecurity is as deterministic as a relationship between two themes could ever be: the more you digitalise your business, the more you need to improve your cybersecurity to prevent cyber-attacks.
If the rapidly digitalising power sector decides to overlook the importance of cybersecurity, it faces the threat of cross-sector and national disruption and reputational damage, which will stick with it for the long term.