Cybersecurity Isn't Easy When You're Trying to Be Green

Renewable energy companies lag behind their more traditional peers when it comes to the cybersecurity readiness of their infrastructure, raising concerns that attackers targeting critical infrastructure could find easier prey among "green" energy firms.

In a study of 250 energy companies worldwide, oil and natural-gas firms scored the highest — with the average company scoring a 94, or "A" — while the lowest scores belonged to renewable energy companies, which scored a median of 85, or a "B." Green energy firms tend to have distributed generation infrastructure (such as rooftop solar or wind turbines) and are usually more Internet-connected than traditional energy companies — both attributes that can undermine their defensive posture, says Ryan Sherstobitoff, senior vice president for threat research at SecurityScorecard, the cybersecurity risk firm that conducted the study.

Overall, the attack surfaces between traditional energy infrastructure and renewable energy infrastructure can be quite different, he says.

"Oil and gas have legacy technologies, but these legacy technologies are most likely not Internet-facing," Sherstobitoff says. "Whereas the cybersecurity posture of renewable energy may not necessarily be [to the level of other] critical infrastructure itself ... but nonetheless has public-facing portals and other public-facing issues."

The concerns come as the US and other countries invest in green energy infrastructure and scramble to put in place more cybersecurity defenses to protect their critical infrastructure. Nation-state groups have targeted the critical infrastructure of the US and its allies, and while the distributed nature of green energy generation could mitigate widespread outages, their Internet connections represent a weak point, according to the SecurityScorecard report, which was in collaboration with consultancy KPMG.

Read the Full Article on Dark Reading