A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organisations has been discovered to be active since at least 2019, targeting over fifteen entities worldwide. The campaign was discovered by security researcher William Thomas.
This is a fast emerging area of cyber threat which CyberSolace commented and posted on a few times in the past 4 years. The cyber threat to renewables will be a significant challenge to investors and clean-energy transitionists as it will be a major avenue for growth, funding and investment. The stakes will be high and both cyber-criminals and other detractors (whether nation states or carbon energy supporters) will have an interest in seeing renewables as a target of interest.
Also, from CyberSolace’s perspective, the problem is compounded several folds due to the lack of strategic ‘cybersecurity in-programme-lifecycle’ – to coin a term; ie tackling cyber risks from cradle to grave during the lifecycle of renewable energy implementation programmes. The cybersecurity approaches we typically witness in renewable energy projects are very tactical and composite in nature, not strategic and not system wide (or technology eco-system wide).
William Thomas’ report may be a bit technical for our usual readership, but it is a useful evidence-based research piece which highlights that bad actors are already mobilising to exploit weaknesses in this sector for their own motivations, eg financial gains or sabotage.
Coincidentally, a recent report was also issued on the topic a few days ago (12-Jan-2022) by defence and security think tank the Royal United Services Institute (RUSI) which outlined some of the top cyber risks during the transition towards renewable energy from fossil fuels.
Read more by clicking the button below
