Cybersecurity gaining importance in energy sector

This week, Germany's Federal Minister of the Interior Nancy Faeser, together with the President of the German Federal Office for the Protection of the Constitution (BfV), Thomas Haldenwang, presented the 2022 report on the protection of the constitution. The findings therein are not surprising: "The danger from espionage, disinformation campaigns and cyber attacks has further intensified since the Russian war of aggression against Ukraine. State actors are increasingly using social media to spread their disinformation. The majority of activities against Germany in this regard come from the Russian Federation, the People's Republic of China and the Islamic Republic of Iran," according to the associated press release.

Faeser commented, "The criminal war of aggression against Ukraine has changed the security situation throughout Europe. We have taken strong measures to arm ourselves against espionage, disinformation campaigns and cyber attacks."

Geopolitical and geo-economic upheavals always create increased vulnerability for companies and research institutions. Europe is particularly at risk due to its geographic proximity to Russia. This is because the energy supply is vulnerable, as demonstrated not only by the attacks on the Nord Stream 1 and 2 gas pipelines. In March of last year, for example, the KA-SAT satellite network became victim of a cyberattack, which caused disruptions in communications with wind turbines at dozens of wind farms in Germany that lasted for weeks. Individual companies such as Vestas and Deutsche Windtechnik have also been targeted by hackers in recent months.

Although this ultimately did not restrict the German energy supply, there has nevertheless been a great deal of focus on protection against attacks since then. The new President of German Wind Energy Association (BWE), Bärbel Heidebroek, makes it clear: "Shortly after the Russian attack on Ukraine began, a large number of wind turbines in Europe were affected by a cyber attack. The incident raised awareness among both companies and the public that cybersecurity must be given a high priority."

That's because the wind industry has been on permanent alert ever since. In recent weeks, there have been repeated reports from various European countries of sightings of alleged Russian research vessels near offshore energy installations such as offshore wind farms. That Russia is apparently conducting espionage activities on a larger scale than previously known under the guise of civilian shipping was then suggested by a report from various public broadcasters in Scandinavia. In a documentary called 'The Shadow Files', the media referred to intelligence information from the respective countries.

In the name of research or espionage? There are increasing reports of Russian ships in the vicinity of offshore wind farms (Image: Pixabay)

In Germany, the Future Energy Lab of German Energy Agency dena is thus trying to raise awareness and has launched a platform. The 'Cyber Security in the Electricity Industry' platform, which is funded by the German Federal Ministry of Economy, aims to support companies along the value chain of the electricity industry by connecting key players in the energy and digital industries. The goal is to build a dialog format with relevant actors as well as cross-industry competence for the topic of cyber security, to reduce uncertainties and to strengthen awareness for cyber security in the electricity industry, according to their website.

BWE President Bärbel Heidebroek said, "We consider the initiative [...] an important step from an industry perspective. The attacks [on the satellites] have shown the great resilience of a decentrally organized, renewable energy supply: Even when communication with the plants was disrupted, they continued to operate and generate electricity. Renewable energies are safer than fossil energies in this respect. Nevertheless, we must recognize: As wind energy expands, it becomes more attractive as a target for disruptive actions. Companies can therefore not afford to neglect the security of their IT systems," Heidebroek emphasized and announced an intensive commitment.

Participants in the new platform want to push the development of preventive measures and recommendations for action. So that the power does not fail at some point after an attack.