Experts are warning energy development companies that a wave of cybercrime is targeting the electricity industry and throwing significant pressure on renewable energy development.
Cybercriminals represent a risk to the renewable energy sector, with potentially grave consequences for electricity grids from malicious hackers. A skills shortage in the renewable and cybersecurity sectors is compounding the situation, according to the report.
Cyberattacks have the potential to damage a country's power grid with their major goal being to cause widespread infrastructure failures. As the renewable energy sector rapidly digitalises, it faces an increased threat of cyberattacks.
Averaging 736 cyberattacks per week in 2021, the renewable energy sector remains susceptible to hostile attackers online, with high-profile victims in recent years including Vestas and Enercon. The energy sector is a primary target of cyberattacks, with 16 per cent of all cyberattacks aimed at the sector in 2020.
These cyberattacks can have significant consequences, such as taking down power grids for days or weeks, causing power shortages, and ultimately increasing energy prices.
Recent cyberattacks in the sector have disabled remote controls for wind farms, disrupted prepaid meters and led to recurrent data breaches. Research curated by analytics firm GlobalData shows that, in 2022, the average cost of data breaches alone reached $4.72 million in the energy sector.
These attacks are often geo politically motivated, as countries seek to exploit vulnerabilities and exert influence.
To address these challenges, power companies and stakeholders must invest in cybersecurity solutions and adopt a strategic approach to ensure the security and resilience of their operations. This includes implementing AI-based monitoring and detection platforms to protect Internet of Things ("IoT") devices from cyberattacks. Additionally, there is a need for collaboration between the clean energy and cybersecurity communities.
One issue directly related to cybersecurity links back to the worldwide Covid-19 pandemic and the rush to home working. A Kaspersky survey in April 2020, found that nearly half of the 6,000 respondents had never worked from home before.
In the rush to home working practices during the pandemic, the survey found that, in over 70 per cent of cases, employers did not include cybersecurity training, which may go some way in explaining the surge in attacks around this time period.
Sign up for free AllAfrica Newsletters
Get the latest in African news delivered straight to your inbox
However, in the last few years, one of the biggest issues faced by the renewable energy sector is a worldwide shortage of energy cybersecurity skills, adding that, the skills gap has been a long-standing issue, and the demand for cybersecurity professionals has consistently been high.
Research from GlobalData's Job Analytics shows a 32 per cent drop in new job postings related to cybersecurity in Q4 2023 compared with the previous quarter.
GlobalData's Power: Hiring Trends & Signals Q4 2023 report also reveals that 43 per cent of all cybersecurity-related new jobs in the power industry (tracked by GlobalData) as of Q4 2023, were for just five companies: Prysmian, Siemens, Schneider Electric, Elektroprivreda Crne Gore AD and A2A.
According to research collated by GlobalData, the size of the workforce is still 65 per cent below what is needed. The global cyber workforce gap reached four million people in 2023, despite an increase in the global cybersecurity workforce to 5.5 million. This demand is expected to keep increasing as organisations become both more dependent on technology and face more complex threats.
However, the cybersecurity skills gap appears to be levelling off. This is partly due to initiatives such as colleges and universities in the US investing heavily in cybersecurity education over the past five years. As a result, there should be a growing pipeline of computer science graduates entering the cybersecurity field between now and 2031.
In addition, women are expected to represent 30 per cent of the global cybersecurity workforce by 2025, with that figure reaching 35 per cent by 2031.
