‘There’s a gap’: A cybersecurity expert’s advice for renewable energy
September 07, 2021 at 05:00 AM EDT
A cybersecurity expert offers four key tips for renewable energy asset owners, who face an increased risk of attacks.
Attention on cybersecurity in the energy sector has been heightened by attacks against SolarWinds and the Colonial Pipeline. In an executive order signed on May 12, Biden called on the private sector to lead on advances in information technology (IT) and operational technology (OT), arguing government regulation isn’t enough to thwart the attempts of bad actors.
Ian Bramson, the global head of industrial cybersecurity at ABS Group, and a risk management adviser to the energy sector, said renewable energy providers, developers, and asset owners face an increased risk of attacks because of gaps in cybersecurity plans.
“There’s a lot more new technology in renewables than in many of the other sectors. Well, attackers feed off technology,” Bramson told Renewable Energy World in an interview. “When things are growing rapidly, it’s very hard to manage the cybersecurity risk.”
Most organizations have IT nailed down, Bramson said, but are severely lacking in OT protections.
“The OT side, there’s a giant lag behind the IT side,” he said. “Most companies on the OT side can’t answer my first question: do you know what assets you need to protect?”
Bramson outlined 4 key pieces to a renewable energy cybersecurity plan:
“Sometimes, people skip to the monitoring piece but all of those pieces fit together,” Bramson said. “If an attack happens and I have a great asset inventory and I know what they’re going to attack next, I’m a lot faster in my response than if I just have one piece of that equation.”
Watch the full interview with ABS Group’s Ian Bramson and Renewable Energy World’s John Engel.