Cyber Attacks and Energy Infrastructures: Anticipating Risks Etudes de l'Ifri, January 2017

The energy sector experiences an unprecedented digital transformation upsetting its activities and business models. Our energy infrastructures, sometimes more than a decade old and designed to remain functional for many years to come, now constantly interact with light digital components. The convergence of the global industrial system with the power of advanced computing and analytics reveals untapped opportunities at every step of the energy value chain. However, the introduction of digital elements in old and unprotected industrial equipments also exposes the energy industry to the cyber risk. One of the most compelling example of the type of threat the industry is facing, is the 2015 cyber attack on the Ukraine power grid, which deprived about 200 000 people of electricity in the middle of the winter. The number and the level of technical expertise of cyber attacks rose significantly after the discovery of the Stuxnet worm in the network of Natanz uranium enrichment site in 2010. Energy transition policies and the growing integration of renewable sources of energy will intensify this tendency, if cyber security measures are not part of the design of our future energy infrastructures.

Regulators try to catch up and adapt, like in France where the authorities collaborate closely with the energy industry to set up a strict and efficient regulatory framework, and protect critical operators. This approach is adopted elsewhere in Europe, but common measures applicable to the whole European Union are essential to protect strongly interconnected energy infrastructures against a multiform threat that defies frontiers. 

To read the study, download the document below.