Cyberattacks on energy companies are becoming more common. State-sponsored groups such as Hexane or DragonFly target them routinely to sabotage operations and steal intellectual property (IP) while criminal groups try to extort money with the ransomware attacks like the one that hit Portugal’s Energias de Portugal (EDP) recently.
Renewables such as solar are a small part of the energy industry but has its own large and largely unaddressed cybersecurity issues. “I think the developers that build the solar plants don’t really care about security,” says Rafael Narezzi, CIO/CISO at renewable asset management firm WiseEnergy, which manages solar assets totaling around to 1.2 gigawatts with plans to reach 4 gigawatts in two years. “They just want to build, finish and get out. They used to not to look on the security cyber-hygiene of the aspects [of connecting assets to the internet].”