ENBW ENERGIE BADEN-WÜRTTEMBERG AG The digitalization of electricity meters and grids, wind and solar power plants opens up new gateways for attackers in the critical infrastructure. The unexplained explosions on the Nord Stream pipelines in the Baltic Sea in September 2022 have highlighted the vulnerability of energy systems. Governments and industry are alarmed.
"We said last year after the start of the war in Ukraine that we believe the risk of cyber sabotage has increased," says Michael Ebner, Head of Information Security at energy company EnBW. There are also more attempts to infiltrate office communications in particular via phishing. "We also have to be prepared for the fact that there may be more attacks from government agencies. We need to be even better prepared for this." Around 200 employees across the Group are working on security-related issues. EnBW intends to increase this number "significantly over the next few years".
E.ON, Europe's largest grid operator, says it also has a Group-wide cyber security team of this size. The topic of cyber security has long been a top priority for the Group. "Putting cybersecurity at the top of the priority list only after the start of the war in Ukraine and the energy crisis would have been a serious omission," said a spokesperson.
"The new energy world is decentralized," explains Swantje Westphal from the Institute for Security and Safety in Ettlingen. This means that there are many small units, such as wind and solar systems, but also smart meters that are digitally networked. "This networking increases the risk because there are many more possible starting points for attacks, with much greater potential impact."
Experts point out that traditional generation plants such as gas or nuclear power plants operate in a closed IT system and are therefore less susceptible to external attacks. In the area of cyber security, more and more inquiries are coming in, especially in the solar energy sector, says Stephan Gerling, Senior Security Researcher at ICS CERT at Kaspersky. If you look at private solar systems, they have an average output of ten to 40 kilowatts. "That's not a lot, but they are usually connected directly to the internet, with various gaps that allow an attack." Many of the larger systems have already been disconnected from the internet.
EXPERT: THERE HAS BEEN A "HIGH BACKGROUND NOISE" SINCE 2021
Norwegian aluminum manufacturer Hydro experienced just how devastating a cyber attack can be in 2019 when it had to shut down parts of its production. The company has its own hydroelectric power plants as well as a growing number of wind and solar power plants, making it the country's fourth-largest electricity producer. Hydro stepped up its security measures after the attack - both internally and externally. In April 2022, the company hired Henriette Borgund as an "ethical hacker" to detect potential security leaks. Borgund, who has years of experience in military cyber defense, does not want to comment in an interview on how often vulnerabilities are discovered at Hydro. "But I can say that we have found gaps in our system."
In Sweden, the state-owned grid operator Svenska Kraftnaet has increased the number of employees in its cyber security department from ten to 15 to 50 to 60 in recent years. The cyber attacks are mainly phishing attempts. The attacks are more or less constant, says Head of Security Cem Gögören. The aim is to make it clear to employees that these are constant attacks. "This is the new normal."
"There has been a 'high background noise' in German cyberspace since 2021," says Mathias Böswetter, Head of IT Security and Critical Infrastructures at the German Association of Energy and Water Industries (BDEW). The quality and quantity of cyberattacks on the energy industry have not changed significantly since the start of the Russian war of aggression. "The trend in ransomware attacks is continuing and shows that cyber attacks are primarily aimed at extorting money/crypto and not at jeopardizing security of supply." However, the disruption of the KA-SAT satellite communications network by Russian government agencies in February 2022 led to the failure of thousands of wind turbines. "Although there was no disruption to grid operations, this example nevertheless shows how important cyber security is when the level of networking and digitalization is increasing as a result of the energy transition."
(Edited by Tom Käckenhoff, edited by Hans Seidenstücker. If you have any queries, please contact our editorial team at berlin.newsroom@thomsonreuters.com (for politics and the economy) or frankfurt.newsroom@thomsonreuters.com (for companies and markets).)
- by Nora Buli and Nina Chestney and Christoph Steitz
