Top 5 Strategies For Cyber Resiliency In Large-Scale Renewables
This article highlights our top 5 recommendations to achieve cyber resilience in large-scale renewable energy infrastructure.
Share This Article:
Large-scale renewable generation has established a significant role in the Australian energy industry over the past five years. According to AEMO’s Draft 2022 Integrated Systems Plan (ISP), this further reinforces the exponential growth in renewable generation.
The ISP states there will be a significantly faster transition to renewable energy than previously predicted, and with the recent announcement on the closing of Origin Energy’s Eraring plant, this trend is further reinforced by the market.
Due to the prominence of large-scale renewables and their growing importance for power security, it will be key that the industry understands appropriate security, specifically cybersecurity, strategies.
Challenges
We’ve all heard of events where cyber-attacks have targeted critical infrastructure. The recent uncertainty due to previous successful attacks against the Ukraine power grid demonstrates that these threats are real and that the risk to power systems, and therefore power supply, shouldn’t be underestimated. Especially when the world is on high alert due to emerging cyber warfare concerns in the ongoing Russia-Ukraine war.
Understanding operational imperatives
As with any potential gap in the energy supply market, large-scale renewables have rushed to fill this void with more than $830bn of renewable projects across various technologies.
The supporting cyber security standards and regulations that the Energy sector is using focus on risk mitigation through detailed assessment. It is important to note that these activities should not be considered as technical, or purely related to technological concerns.
The focus on ensuring that there is a methodical approach to maintaining the operational imperative of large-scale renewables, the same way that traditional participants in the National Energy Market are required to do, will further reinforce meeting the operational imperatives of the generator, and to the customer, by effectively “keeping the lights on”.
A successful cyber-attack against any large-scale renewable generator has the potential to not just cause the unauthorised exfiltration of personally identifiable or commercial data, or cause damage to systems, but also to damage the generation assets through the forced malicious operation of its components.
Considering our increasing reliance on renewable generation, should these resources be impacted or taken offline, is there a potential to create a national or regional energy security impact?
Achieving cyber resilience
We have prepared some short strategies that can assist in breaking down the complexities of defending power systems.
We recommend that large-scale renewables focus on:
- Systems Risk Assessment: Perform a comprehensive assessment of the current cyber security risk and posture, across both business systems and operational systems, with a focus on compliance to known standards and sources of authority (e.g. AESCSF, IEC 62443, ISO 27001/2, NIST 800).
- Understand Your Assets: Ensure that the catalogue of systems, components, and technical designs is captured so that if other countermeasures fail, you can understand the posture of individual components.
- Physical Access Management: Review physical access controls, systems, and processes for sensitive systems and data.
- Utilise Tooling: Assess and implement tools to mitigate the discovered risks as part of systems assessment. There are relatively low-cost tools, including those that leverage large real-time data sets captured from other energy market participants, that can provide the visibility and response that is required to address cyber threats.
- Validate by Testing: Perform regular security testing and validation of security controls and processes, noting the focus on how these vulnerabilities may impact the operational imperative, and risk manage these in line with organisational risk activities.
What next?
Finding an organisation who fundamentally understands the cyber inputs to the operational imperative is challenging. Anchoram is in the enviable position of having a team who has spent the time to analyse and define the concepts and taxonomies, publishing notable academic works on power systems resilience.
This deep understanding can be readily leveraged by large scale renewable generators who may not have the dedicated resources to ensure compliance, and address the potential cyber threats to the power system.
As specialists in Critical Infrastructure, Risk Management, Protective Security, Security Testing, and Technologies; Anchoram is well-placed to provide large scale renewable generators with deep experience to understand both the regulatory environment, risks, security strategies and cyber resilience goals that enable the safe and continued operation of electrical generation networks and their components.
We thrive on helping our customers realise a secure and safe operation. For more information, please reach out to any of our team, for a no-obligation chat about your challenges.
This article highlights our top 5 recommendations to achieve cyber resilience in large-scale renewable energy infrastructure.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.