Secure energy transition: Cybersecurity for energy suppliers

25. May, 2023

The energy transition refers colloquially to the conversion of energy production from fossil to renewable sources such as solar and wind power. As a result, changes to the existing energy infrastructure are also necessary: lines must be expanded for decentralised generation, new transformer stations must be built, and additional transformer stations must be implemented. [1] It is also necessary to invest in the development of efficient energy storage systems.

New technologies, the increasing number of nodes, smart meters, decentralised microgrids for the integration of small providers and private users as well as the digitalisation of power plants pose new cyber risks. [2]

The number of possible points of attack is growing, and new functions for control, monitoring, and reporting, as well as their connection to the internet, can also facilitate abuse by attackers.

Since energy providers are already on the list of possible targets of attack and plants are designed for a very long service life, cybersecurity should be prioritised as part of the implementation of the energy transition. Both manufacturers and operators are in demand here.

Secure energy transition: Security by design and secure ongoing operation

Manufacturers should take the cybersecurity aspect into account already in the development of hardware and software by complying with security standards and best practices, carrying out self-monitoring and implementing secure authentication mechanisms and communication protocols. With ongoing updates and patches, they should enable secure operation and ensure that their products remain secure beyond the date of sale. After all, the energy sector is one of the industries most affected by disclosed vulnerabilities in recent months, along with critical manufacturing operations and water and wastewater systems. [3]

Operators need to identify potential threats through a comprehensive risk assessment and develop appropriate security policies. This also includes basic measures such as changing preset accounts and passwords before use, establishing effective authorisation management, and using only encrypted protocols. Detailed (passive) monitoring and event management is indispensable for the secure operation of industrial systems. In contrast to IT, solutions specifically for OT do not require active scanning to avoid endangering the stability of the systems. [4]

Current threats and defence measures for critical infrastructures

According to industry specialist Nozomi Networks, a shift from data theft and DDoS attacks to the use of wiper malware was observed in the critical infrastructure sector in the second half of 2022. For 2023, the security researchers expect increasingly complex and sophisticated attack tactics, for example due to hybrid threats that combine different attack avenues (technological, economic, military, diplomatic), but also with the help of AI-driven tactics that could accelerate the pace of targeted attacks. [3]

The following measures should be prioritised to secure critical infrastructure:

  • Network segmentation
  • Asset discovery
  • Vulnerability management
  • Patching
  • Logging
  • Endpoint detection
  • Threat intelligence

With the deployment of new technologies and infrastructure, the energy transition brings new risks, but also the opportunity to think cyber security from the ground up. In order to promote the stability and security of current and future supply systems, companies must take appropriate measures as early as the planning stage to improve cyber security in existing and new subcomponents. This also includes building cybersecurity capacities and competencies – on the one hand through training and further education of employees, and on the other hand by creating attractive working conditions.

This might also interest you:
Cyber Threat Intelligence for OT and Critical Infrastructure
Use OSINT tools for cyber-security
NIS 2: New cyber security guidelines
Industrial cyber security and high-availability operation for energy suppliers

[1] (German)
[2] (German)

Account Management
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling
Cyber-Risiken in der Ferienzeit
Dynamische Cybersicherheit
Harmony Mobile by Check Point
EU Machinery Regulation
Sergejs Harlamovs, Malware-Analyst bei IKARUS

Plugin IdaClu accelerates malware analysis

IdaClu: IKARUS malware analyst Sergejs Harlamovs wins Hex-Rays plugin contest


IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 (0) 1 58995-0
Sales Hotline:
+43 (0) 1 58995-500


Support hotline:
+43 (0) 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm

Remote maintenance software:
AnyDesk Download