4 Min Read

Cyber Risk in the World of Renewable Energy & Climate Change

Read more

By Brett Randles and Annabel Walker

|

Published 29 April 2022

Overview

The World Economic Forum recently stated that cyber-crime and climate change were seen as the two biggest threats that the modern world currently faces. Even though the nature of those threats seem to be intrinsically different, there are some interesting intersections, which we explore in this article.

Mitigation of Climate Change

The recent IPCC report, Climate Change 2022: Mitigation of Climate Change, published on 4 April 2022, made it clear that limiting warming to 1.5C requires global greenhouse gas emissions to peak before 2025. The move to renewable sources of energy plays a key part in this transition.

Some progress has been made. The potential for tax credits and/or government assistance has led to substantial growth in the renewables sector in recent years – globally, it accounts for the majority of new power capacity expansion. In the UK, for example, renewables’ share of energy generation reached a record high of 43.1% in 2020. There has also been a rapid increase in the demand by consumers for sources of renewable energy and the desire by organisations, as well as private households, to transition to a more ‘green’ environment. This reflects a growing concern and interest in ESG factors (Environmental, Social and Governance).

However, the IPCC Report makes it clear that a lot more needs to be done. The UK government announced earlier this month that it intends to increase the UK’s offshore wind capacity to 50GW by 2030 (up from just over 10GW at present), increase nuclear power by three times compared to current levels, and there is an expectation of a five-fold increase in the deployment of solar power by 2035.

Cyber risks

In light of these developments, it remains vital that organisations in the renewables space prioritise the adaptability of their cyber security, ensuring that the measures in place are resilient to the modern day challenges. This is particularly true when considering that the critical infrastructure of certain countries depends heavily on renewable energy and similar technology.

A good example which demonstrates the potential impacts of a cyberattack in the energy sector is the 2021 ransomware attack on the network that managed the Colonial Pipeline, an American pipeline that carries gasoline and jet fuel to the south eastern parts of the USA. Here, the company suspended all pipeline operations in order to contain the incident. Some of the consequences of the attack included: flight disruptions due to fuel shortages, gas stations running out of fuel resulting in panic buying, and an increase in the average fuel price.

We have already seen the renewable sector effected by cyber risks. An example which demonstrates the risks posed to renewable energy suppliers and the technologies employed by them is in relation to a cyber-attack which took place earlier this year, which affected Viasat, a satellite communications company. The incident resulted in the malfunction of nearly 6,000 Enercon wind turbines in Germany and disrupted thousands of organisations across Europe.

A far more drastic example would entail a foreign state sponsored cybercriminal infiltrating a highly sensitive nuclear facility and shutting down the facility’s security system allowing unfettered access to highly sensitive details to a host of other bad actors, or simply sabotaging the nuclear facility resulting in another Fukushima type disaster.

Physical Climate Risks

A company’s preparedness for cyber risks needs to take account of, amongst other things, the physical risks of climate change. It is well documented that one of the biggest threats that we face as a society today is that of climate change, and the physical risks are a key part of that. Companies are becoming all too familiar with identifying and mitigating the physical risks posed by climate change, either in the form of an individual event (e.g. flood or a storm) or due to chronic events that transpire over a period of time (e.g. sustained drought).

Companies have been adapting by implementing measures that aim to address these physical risks and introduce an element of preparedness. In light of the world’s digital transition and the greater reliance on technology, these efforts to adapt to the physical climate risks play a part in mitigating cyber risks too.

Is, for example, the cyber reliance of an organisation’s network infrastructure sufficient to respond to some type of environmental issue? Physical damage to network infrastructure can provide opportunities for cyber criminals to hack a company’s system. Consequently, organisations need to consider the risks of climate change in any cyber security plan.

Conclusion

In our quest to harness the various types of renewable energy, and in addressing the issues of climate change, we cannot underestimate the importance of cyber security to ensuring we are able to continue moving forward.

Authors