News - Data

Subpage Hero

 Subpage Hero

22 Nov 2021

The weakest link

The weakest link
Many energy companies know they are vulnerable to cyberattacks – yet they don’t know what to do about it.

Despite an increase in grid vulnerabilities, the majority of global energy companies are not practising basic cybersecurity protocols.

That’s the view of Rafael Narezzi, Chief Technology Officer at CF Partners. And as a result of this lack of protection, more attacks on grid networks are likely to be seen over the coming years.

This article was originally published on The Guide - Season 4 | 2021

Check out more articles

“Doing the basics is one of the necessities I do not see many companies carrying out,” said Narezzi, who was speaking during the episode Cybersecurity for a decentralising energy system.

He said this is because companies have inadequate funds for cybersecurity mechanisms, which results in a lack of understanding of the topic by company executives.

Despite their lack of knowledge on the issue, company executives are concerned about cybersecurity but do not know how to act, noted Narezzi.

According to Narezzi, many executives are not aware of the steps they should take to ensure the growing vulnerabilities of grids to cyberattacks are addressed.

Despite recent cyberattacks within the energy landscape, little attention has been given to enhancing resilience, explained Narezzi.

He said the small efforts that are made are not enough to secure energy systems that continue to be vulnerable due to the increasing amount of distributed resources and digitalisation.

There is also a need for more regulation to be enacted to support cybersecurity frameworks development and adoption.

Rafael Narezzi

Moreover, cyberattackers are coming up with new ways of penetrating energy systems.

“Have we done cyber hygiene better than before? I don’t think so. Energy companies are still lagging. We are moving but not at the right speed of cybers [cyber criminals]. Companies need to be at the front, not at the back waiting for things to happen,” he said.

In the webinar, Narezzi urged energy companies to increase investments in cybersecurity and be proactive. In addition to investments, he urged companies to make cybersecurity a main driving force of the business.

Another speaker, cybersecurity strategist Johan Rambi of EE-ISAC, added: “Since 2018 nothing has happened specifically on creating specific standards in the areas of renewable energy and cybersecurity.” As such, he said there needs to be more collaboration between stakeholders on standards development.

The episode speakers also discussed factors they anticipate will shape the global cybersecurity segment in the next few years, including:

  • An increase in certification programmes for both distributed energy resources and cybersecurity frameworks.
  • More cyberattacks on solar and battery storage supply chains.
  • Increase in integration of grid networks with distributed energy resources and in vulnerabilities of energy networks to attacks.
  • More collaboration and information sharing between utilities, academia, research institutions and technology companies to improve cybersecurity solutions.


Watch the episode on demand: Cybersecurity for a decentralising energy system.


This article was originally published on The Guide - Season 4 | 2021

Check out more articles


View all News - Data