A new report from the UN-accredited global body, the World Energy Council, finds that the emergence of smart grids and smart devices are making the sector a highly attractive target for cyber attacks aimed at disrupting operations.

The road to resilience: managing and financing cyber risks’ report, launched in Berlin today (29 September 2016) says addressing cyber risks in the energy sector is critical not only to energy security, but is also vital for a resilient state and economy. It highlights the fact that energy companies have seen a massive increase in the number of successful cyber-attacks over the past year. In a worst case scenario, these attacks can result in infrastructure shut-down, triggering economic and financial disruptions, or even loss of life, and massive environmental damage.

Published by the Council in collaboration with insurance giants Swiss Re and Marsh & McLennan Companies, the report illustrates the rapid growth of cyber risks, highlighting past attacks and potential cyber incident scenarios plus insurance claims implications. It also looks at how cyber risks can be managed, taking into account the changing nature of the energy industry and energy infrastructure.

Christoph Frei, Secretary General, World Energy Council, said: “Cyber threats are among top issues keeping energy leaders awake at night in Europe and North America. Over the past three years, we have seen a rapid change from zero awareness to headline presence. As a result, more than 30 countries have put in place ambitious cyber plans and strategies, considering cyber threats as a persistent risk to their economy.

“What makes cyber threats so dangerous is that they can go unnoticed until the real damage is clear, from stolen data over power outages to destruction of physical assets and great financial loss. Over the coming years we expect cyber risks to increase further and change the way we think about integrated infrastructure and supply chain management.”

The report is being discussed in Berlin as part of the build up to the 23rd World Energy Congress which will be held 10-13 October in Istanbul and includes a session dedicated to the threat of cyber attack.

Key recommendations include:

Industry: Energy utilities must view cyber as core business risk, increase awareness and build strong technical and human cyber resilience strategies. Adopting a common cross-sector cybersecurity framework for example can help locating key areas of cyber risk management and identify those systems that need to be protected at all costs.
Technology companies: These must monitor the nature of cyber-attacks and embed innovative security features into the products they are developing and delivering.
Governments: Policymakers must stimulate the introduction of standards, regulation and support information sharing, and in doing so support strong responses from companies to cyber risks. A cybersecurity talent pool is vital given the demand for skilled workers exceeds the supply with a growth rate that is more than two times faster than all other IT jobs.
Insurance and finance: The insurance sector must monitor cyber risks and focus on managing newly arising and changing risks. They need to develop appropriate cyber insurance products and better understand how their existing portfolios are impacted by cyber incidents. In analysing energy sector information in detail, they must help companies to better quantify their cyber risks.

The road to resilience: managing cyber risks’ is the third in a series of reports that addresses the need for more investment and system change to increase resilience towards emerging risks, besides cyber threats, also including extreme weather and the energy-water-food nexus.