Electricity

Cyberattacks in energy sector doubled from 2020 to 2022

eurelectric cybersecurity measures study

Photo: Cliff Hang from Pixabay

Published

November 22, 2024

Country

Comments

comments icon

0

Share

Published:

November 22, 2024

Country:

Comments:

comments icon

0

Share

Cyberattacks in the energy sector have doubled from 2020 to 2022, increasing the risk of blackouts, disruptions and significant societal issues, according to Eurelectric’s latest report on cybersecurity.

In a new paper on cybersecurity in the energy sector, the organization advised the European Union to ensure consistent and harmonized implementation of the regulation, foster a skilled cybersecurity workforce, facilitate the necessary investments and promote collaboration.

The International Energy Agency has estimated that the attacks more than doubled between 2020 and 2022, with a record of 1,101 events on a global scale in 2022 where utilities were targeted, the authors note.

Since 2022, energy sector cybersecurity center EnergiCERT counted 48 publicly known attacks against European energy companies including supply, 31 ransomware attacks, of which almost half with data theft, and 15 affecting networks’ operational technology.

More than 20 cyberattacks on European energy utilities in 2022 were successful

Out of all geographical targets, attacks on EU countries rose from 9.8% to 46.5% during the first six months of 2023. More than 20 successful cyberattacks took place towards European energy utilities in 2022, according to EnergiCERT.

The publicly available data is not comprehensive due to the sensitivity of the topic, Eurelectric stressed.

Europe’s cybersecurity agency ENISA recently pointed out that the EU energy sector, in par with the banking sector, is investing more in information security measures than in sectors such as healthcare, transport and drinking water utilities.

eurelectric cybersecurity measures investments per sector

However, globally and across sectors, the EU is investing less in information security than North America and Asia-Pacific, the paper underlines.

Eurelectric said improving ICT systems requires not only larger investments but also a proficient and skilled workforce. In 2022, the European Commission estimated the shortage of cybersecurity professionals in all sectors in the EU at between 260,000 and 500,000, while the EU’s cybersecurity workforce needs were estimated at 883,000 professionals.

The EU has a multitude of legislative dossiers and institutions in place on cybersecurity

The EU has extensive legislation and certification schemes relevant to ensuring a protected power sector. The main and first cross-sectoral legislation is the Directive on Security of Network and Information Systems (NIS Directive), which was adopted in 2016 and recently updated as NIS 2.

In the previous EU legislative term, several pieces of cybersecurity legislation were published or proposed. The main regulation can be summarized as the amendments to the Cybersecurity Act, the Cyber Resilience Act (CRA), partly the Cyber Solidarity Act (CSA) and the Network Code on Cybersecurity (NCCS).

There are as many as 12 enforcement mechanisms and agencies involved in ensuring cybersecurity across Europe. There are three subcategories: EU institutions, advisory bodies and networks of member states, the paper reads.

Eurelectric called on policy creators to implement several measures:

  1. Foster a skilled workforce and facilitate investments
  2. Allow time for implementation – avoid new regulation unless absolutely necessary
  3. Put cybersecurity at the top of the agenda by improving collaboration.
Comments (0)

Be the first one to comment on this article.

Enter Your Comment
Please wait... Please fill in the required fields. There seems to be an error, please refresh the page and try again. Your comment has been sent.

Related Articles

slovenia coal phaseout hse sostanj velenje

Slovenia’s coal phaseout: Coal assets to be separated from electricity utility HSE

06 December 2024 - The Government of Slovenia will provide EUR 403 million to prevent the bankruptcy of coal power plant Šoštanj and the mine in Velenje

ugljevik mine thermal power plant

Thermal power plant Ugljevik halts production due to lack of coal

05 December 2024 - The management of RiTE Ugljevik, which operates a coal mine and the thermal power plant, blames those who ran the company in previous years.

Eurelectric EU tools tackle negative high power prices simultaneously

Eurelectric: EU has tools to tackle negative, high power prices simultaneously

04 December 2024 - Eurelectric proposed measures to the European Commission to address power price spikes as well as episodes of ultralow and negative prices

western balkans entso e declaration market coupling

Western Balkans TSOs back joint declaration on regional cooperation

04 December 2024 - The declaration could speed up the coupling of their electricity markets with the power markets of European Union member states