The aggressive nature of cyber threats – and the potential that an attack crosses from the cyber realm to the physical world – requires the energy sector to reconsider how it views and addresses cyber risks. ‘The road to resilience – Managing cyber risks’ is the third report in the series about Financing Resilient Energy Infrastructure. This third report investigates how cyber risks can best be managed, taking into account the changing nature of the energy industry and energy infrastructure. Actions are recommended for decision makers and stakeholders to improve the sector’s response to rising cyber threats, as part of a wider move toward greater resilience.
Greater resilience to cyber risks of energy systems is crucial for energy security. Increased digitisation lead to more efficiency and opportunities for grid and pipeline management and exploration and production activities. Yet, at the same time energy assets become more vulnerable to cyber-attacks, in particular due to the automation of Industrial Control Systems (ICS). Attacks on ICSs could lead to loss of control of key equipment, with potential machinery breakdown, fire, explosion or injuries.
The first report in the series, ‘The road to resilience – managing and financing extreme weather risk’, recommended moving towards a more systemic understanding of resilience, in order to best manage extreme weather risks. Early findings of the second report ‘The road to resilience – managing the risks of the energy-water-food nexus’ showcase the risks of the energy-water-food nexus and examine the integrated coordination that is needed for financing resilience.